Deel MCP OAuth fails: redirect_uris must use HTTPS protocol

Resolved 💬 4 comments Opened Feb 3, 2026 by boringsam Closed Mar 5, 2026

Description

The Deel MCP integration fails with an OAuth error when attempting to authenticate or refresh tokens.

Error Message

HTTP 400: Invalid OAuth error response: ZodError: [
  {
    "expected": "string",
    "code": "invalid_type",
    "path": ["error"],
    "message": "Invalid input: expected string, received undefined"
  }
]. Raw body: {"errors":[{"message":"Field 'redirect_uris' must use HTTPS protocol."}]}

Details

  • MCP Server URL: https://api.letsdeel.com/mcp
  • Status: Shows as "connected" and "authenticated" but all tool calls fail
  • Last Working: January 27, 2026 (tools like getContractPaymentDates, getDetailedPaymentsReport worked)
  • Started Failing: After token refresh/re-authentication was required

Root Cause

Deel's OAuth server is rejecting the redirect URI because it uses HTTP instead of HTTPS. Per OAuth 2.0 RFC 8252, localhost redirect URIs are allowed to use plain HTTP for native apps, but Deel's server doesn't honor this exception.

During Dynamic Client Registration (DCR) or token refresh, Claude Code sends a redirect URI like http://localhost:PORT/callback, which Deel's OAuth server rejects.

Attempted Fixes

  • Cleared authentication and re-authenticated (same error)
  • Reconnected the MCP server (same error)

Expected Behavior

The Deel MCP integration should successfully authenticate and allow tool calls.

Environment

  • Claude Code version: 2.1.29
  • Platform: macOS (Darwin 24.6.0)

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗