[BUG] Slack plugin fails to authenticate - "does not support dynamic client registration"
Open 💬 19 comments Opened Jan 13, 2026 by devangmotwani
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
## Description
Slack plugin fails to authenticate with OAuth error. Authentication flow starts but immediately fails.
## Environment
- Claude Code version: 2.1.6
- OS: macOS (Darwin 24.4.0)
- Plugin: slack@claude-plugins-official (version f70b65538da0)
MCP server "plugin:slack:slack": No client info found
MCP server "plugin:slack:slack": SDK auth error: Error: Incompatible auth server: does not support dynamic client registration
MCP server "plugin:slack:slack": SSE Connection failed: Non-200 status code (404)
## Additional Context
- Server URL:
https://mcp.slack.com/sse - Multiple retry attempts all fail with same error
- Other plugins (atlassian, code-review, pr-review-toolkit) work fine
What Should Happen?
It should authenticate and connect to slack using OAuth.
Error Messages/Logs
From `~/.claude/debug/latest`:
Steps to Reproduce
## Steps to Reproduce
- Install Slack plugin via
/plugin - Run
/pluginto authenticate - Auth fails immediately
Claude Model
None
Is this a regression?
I don't know
Last Working Version
_No response_
Claude Code Version
2.1.6
Platform
Anthropic API
Operating System
macOS
Terminal/Shell
Terminal.app (macOS)
Additional Information
_No response_
19 Comments
facing the same issue
Same here
Additional Data Point: Team Plan User
Same issue here.
Environment
Setup
/plugin> DiscoverSteps to Reproduce
/mcp- Slack connector shows:https://mcp.slack.com/sseIncompatible auth server: does not support dynamic client registration/mcpOutputi think this is the same issue as https://github.com/anthropics/claude-code/issues/3433
same issue here, any updates?
+1
Same issue here.
Environment:
Error:
Status shows
failedwithnot authenticatedin the/pluginUI. Other plugins (GitHub, Supabase, Greptile) work fine.Looks like there is more to slack mcp with issuer mismatch, is that tripping the client -
┌────────────────────┤ LLM EXPLANATION ├─────────────────────┐
Primary Finding Explanation: AUTH_SERVER_ISSUER_MISMATCH (high confidence, 1.00)
Summary:
The MCP OAuth server metadata returned from the discovery endpoint at
https://mcp.slack.com/.well-known/oauth-authorization-serverreports an issuer"https://slack.com"which mismatches the expected issuer"https://mcp.slack.com"used to perform the discovery.---
Spec-grounded Analysis
Relevant Specifications:
Why this mismatch is a valid and justified failure:
> "authorization server metadata MUST include an
issuerproperty that is the issuer identifier of the authorization server as defined in [OpenID.issuer]. Theissuervalue in the metadata document MUST match the issuer value used for discovery."Here, the discovery URI was anchored in the issuer
https://mcp.slack.comnamespace, but the JSON metadata claims"issuer": "https://slack.com". According to RFC 8414, this lack of exact string match constitutes a discovery failure.MCP leverages issuer consistency to bind metadata, token issuance, and protected resource validation. A mismatch risks security and operational failure.
MCP explicitly mandates strict matching between authorization server metadata issuer and discovery URLs to avoid ambiguity or cross-issuer issues. The MCP tooling depends on this for critical flows such as token issuance and client registration.
---
Correct Server Behavior
https://mcp.slack.com/.well-known/oauth-authorization-servermust contain anissuerfield exactly equal to the discovery issuer URI:``
``{
...
"issuer": "https://mcp.slack.com",
...
}
"https://slack.com").This binding guarantees that the authorization server, protected resource, and client share a consistent trust domain as mandated by MCP and OAuth 2.0 standards.
---
Secondary Notes
initialize) and PRM resource mismatch compound interoperability issues but are not as impactful as the fundamental issuer identity failure.initializerequests with valid JSON-RPC responses. Returning a 404 non-JSON constitutes a protocol compliance failure.---
Conclusion
The AUTH_SERVER_ISSUER_MISMATCH failure is valid, justified, and critical under RFC 8414 and MCP 2025-11-25 requirements. The metadata issuer must be corrected to exactly match the MCP OAuth discovery URI
https://mcp.slack.com. Without this fix, compliance, interoperability, and security guarantees are compromised.
---
If you need further assistance on resolving remaining findings or guidance on MCP tooling corrections, please ask.
+1 — This is blocking real workflow automation for us.
Why the bot token workaround (
@modelcontextprotocol/server-slack) doesn't work:@modelcontextprotocol/server-slackpackage only supports bot-scoped tokens, not user tokens — so you can't act as yourself.What we need: The same Slack access that works in claude.ai web (via the plugin connector) should work in Claude Code. The plugin bridge works fine for Gmail and Google Calendar — Slack is the outlier because of the issuer mismatch (
https://slack.comvshttps://mcp.slack.com) documented in the excellent authprobe analysis above.Environment: Claude Code CLI, macOS, Team plan.
@Eventlessdrop If you found
authprobeuseful, toss us a ⭐Updating the mcp.json to have certain Oauth variables was a viable work around for me.
@roblopez-qz it's work <3
Slack MCP works despite the DCR error in VS Code's MCP panel (v2.1.81)
For anyone seeing "does not support dynamic client registration" in the VS Code MCP servers panel — the Slack tools actually work fine. The error is a misleading UI status.
The actual tool execution goes through Anthropic's MCP proxy (authenticated via your
claudeAiOauthsession), which handles Slack OAuth server-side. The VS Code MCP panel is attempting a direct OAuth check that fails at DCR, but this doesn't affect functionality.If you're blocked, try actually using a Slack tool — it should work even though the panel says "Needs Auth."
Environment: Claude Code v2.1.81, macOS Sequoia
Let me just leave this here for anyone ending up here like me. This is what was the cause (and fix) for me and a few others who had the same problem.
Symptom
Or: Slack MCP was working, but disappeared silently after a restart with no error.
Root Cause
Stale plugin cache. The
claude-plugins-officialmarketplace updated the Slack plugin topoint at
https://github.com/slackapi/slack-mcp-plugin.git, which uses the newhttps://mcp.slack.com/mcpendpoint with a pre-configured client ID. Older installs stilluse the old
https://mcp.slack.com/sseendpoint with no client ID, causing Claude Code toattempt dynamic client registration — which Slack's server rejects.
The "disappeared after restart" variant has the same cause: the plugin cache got into an
orphaned state and wasn't reinstalled cleanly.
Fix
Run these commands:
Then verify that
~/.claude/settings.jsoncontains this (add it if missing):Then restart Claude Code. It will clone the Slack plugin fresh from GitHub with the correct
endpoint and pre-configured client ID.
I get this error when I try to authenticate:
no_bot_scopes_requestedwhether i use the official plugin or the workaround from @roblopez-qzAnyone have any ideas what is going wrong? I'm using CC 2.1.142
<img width="663" height="535" alt="Image" src="https://github.com/user-attachments/assets/155d49c7-1874-46ac-8f18-aad574369cfb" />
this is the DCR gap, every MCP client against an enterprise SaaS will hit it. RFC 7591 dynamic client registration is supported by almost no production OAuth provider. slack, google workspace, hubspot, microsoft graph, salesforce, all require a pre-registered app with a fixed client_id/secret from their developer portal or app directory. the SDK assumes DCR works, which is fine against self-hosted IdPs and a handful of newer SaaS, but it breaks against the providers you actually want at work. fix means the plugin ships a registered slack app with stored credentials, not asking the auth server to mint them at runtime.
Running into the same issue, none of the fixes in this thread worked
I managed to make it work with claude cli. Add this to you mcp servers list(
~/.claude.json):clientId/callbackPort- are the same for all users. Since it is related to the Claude app itself and not just your creds.Then fully exit claude cli, open again, ask it to use slack-mcp - this time it won't fail and post a link into the terminal. Click the link, authorize, here you go.
Note: I have the Enterprise subscription type, maybe it affects the ability to access Claude app in Slack.
For me it worked to remove Slack MCP section from ~/.claude/.credentials.json