Deel MCP OAuth fails: redirect_uris must use HTTPS protocol
Resolved 💬 4 comments Opened Feb 3, 2026 by boringsam Closed Mar 5, 2026
Description
The Deel MCP integration fails with an OAuth error when attempting to authenticate or refresh tokens.
Error Message
HTTP 400: Invalid OAuth error response: ZodError: [
{
"expected": "string",
"code": "invalid_type",
"path": ["error"],
"message": "Invalid input: expected string, received undefined"
}
]. Raw body: {"errors":[{"message":"Field 'redirect_uris' must use HTTPS protocol."}]}
Details
- MCP Server URL:
https://api.letsdeel.com/mcp - Status: Shows as "connected" and "authenticated" but all tool calls fail
- Last Working: January 27, 2026 (tools like
getContractPaymentDates,getDetailedPaymentsReportworked) - Started Failing: After token refresh/re-authentication was required
Root Cause
Deel's OAuth server is rejecting the redirect URI because it uses HTTP instead of HTTPS. Per OAuth 2.0 RFC 8252, localhost redirect URIs are allowed to use plain HTTP for native apps, but Deel's server doesn't honor this exception.
During Dynamic Client Registration (DCR) or token refresh, Claude Code sends a redirect URI like http://localhost:PORT/callback, which Deel's OAuth server rejects.
Attempted Fixes
- Cleared authentication and re-authenticated (same error)
- Reconnected the MCP server (same error)
Expected Behavior
The Deel MCP integration should successfully authenticate and allow tool calls.
Environment
- Claude Code version: 2.1.29
- Platform: macOS (Darwin 24.6.0)
This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗