[BUG] OAuth for plugins and MCP servers goes past scope
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
When a plugin or an MCP server is configured with project or local scope, any OAuth credentials set there are forcibly used outside of that scope, causing credential leakage.
This becomes apparent when using the same a plugin or MCP server in various projects for different entities - such as different logins for different repositories, ticket systems etc, according to who each project is for.
The user must _explicitly_ and manually re-authenticate, otherwise one entity's credentials may accidentally be used with another entity's data. From a data security standpoint, this is an absolute no-go.
It would be reasonable to expect authentication scope to be equal to configuration scope. Currently, credentials from one scope are forcibly (and perhaps unexpectedly) passed to another scope. This may therefore be not just a bug but also a security hole.
This is the opposite use case of #18890, which wants shared credentials. For security, credential sharing must be explicit, never implicit. It is not enough to assume that a user will only ever use one set of credentials for one remote endpoint.
What Should Happen?
OAuth credentials must be restricted to the configuration scope (for project and local), as is already the case with bearer tokens.
Credentials from the user scope are available everywhere, _except_ where the same plugin or MCP server is configured using project and local scope. The project/local credentials would be used in that case, overriding the user configuration.
Note: this issue does _not_ include creating a solution for explicitly sharing OAuth credentials between individual projects.
Error Messages/Logs
Steps to Reproduce
- Create empty project directories
client1andclient2 - In
client1, add an MCP server that requires OAuth, usingclaude mcp add --scope project ... - In
client2, add an MCP server that requires OAuth, usingclaude mcp add --scope project ... - In
client1runclaudeand authenticate the MCP server with a user from that first client - In
client2runclaudeand try using the MCP server - it _should_ require authentication, but uses the credentials fromclient1
Claude Model
Sonnet (default)
Is this a regression?
No, this never worked
Last Working Version
_No response_
Claude Code Version
2.1.42
Platform
Anthropic API
Operating System
Other Linux
Terminal/Shell
Other
Additional Information
_No response_
This issue has 6 comments on GitHub. Read the full discussion on GitHub ↗