[FEATURE] Using JWT token from MCP OAuth with Hooks
Preflight Checklist
- [x] I have searched existing requests and this feature hasn't been requested yet
- [x] This is a single feature request (not multiple features)
Problem Statement
I’m building hooks that call API endpoints requiring authentication. While the existing OAuth flow for MCP servers is well-designed, it currently doesn’t work for hooks.
This means hooks need their own separate OAuth flow, even when they’re accessing the same APIs as the MCP server. Having multiple OAuth flows for the same integration adds complexity for developers and users. It would be much cleaner if hooks and MCP servers could use a single shared OAuth flow.
As to why hooks need to access the same APIs as the MCP server, hooks is deterministic and calling MCP tools isn't, and there are some MCP tools/ endpoints (e.g. security scans) that I want to call deterministically.
Proposed Solution
Ideally, both MCP server requests and hooks could share a single, unified OAuth flow. But if we can somehow extract the auth token from the MCP flow so that it can be used in hooks (maybe passed in as one of the hook inputs), that would be ok too.
Alternative Solutions
Another way to approach this is to let hooks call MCP tools: https://github.com/anthropics/claude-code/issues/4274, and we only need to authenticate once when connecting to the MCP server.
Priority
Critical - Blocking my work
Feature Category
MCP server integration
Use Case Example
- I have an MCP server and a set of hooks in a plugin. The MCP server is a remote server with OAuth. The hooks call API endpoints that also take in the JWT token you get via the MCP OAuth.
- With this feature, I can have the hooks call API endpoints without going through a separate auth flow.
Additional Context
_No response_
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗