[BUG] HTTP MCP servers requiring OAuth silently fail with no user notification

Resolved 💬 6 comments Opened Feb 19, 2026 by seth-with-zest Closed Apr 8, 2026

Environment

  • Claude CLI version: 2.1.47
  • Operating System: macOS 15 (Darwin 25.2.0)
  • Terminal: iTerm2

Bug Description

When an HTTP MCP server requiring OAuth is configured but the user hasn't completed authentication, Claude Code silently fails — no tools appear from that server and no notification or error is shown. The user must independently discover they need to navigate to /mcp > Authenticate to complete the OAuth flow.

The server is live and responsive. An initialize handshake succeeds (unauthenticated), and the server advertises tool capabilities, but tools/list returns Unauthorized. Claude Code swallows this and presents no indication that anything is wrong.

Steps to Reproduce

  1. Add an HTTP MCP server that requires OAuth (e.g., Granola):

``json
{
"mcpServers": {
"granola": {
"type": "http",
"url": "https://mcp.granola.ai/mcp"
}
}
}
``

  1. Start a new Claude Code session
  2. Observe: no tools from the server appear, no error or notification is shown
  3. Manually navigate to /mcp > Authenticate to discover the server needs auth
  4. After authenticating, tools appear and work correctly

Expected Behavior

When an HTTP MCP server's tools/list returns Unauthorized after a successful initialize, Claude Code should notify the user that authentication is required — either by:

  • Displaying a startup notification (e.g., "MCP server 'granola' requires authentication. Use /mcp to connect.")
  • Auto-triggering the OAuth flow (with user consent)
  • Showing the server in a degraded/unauthenticated state in the /mcp status view

Actual Behavior

Complete silence. No tools, no errors, no indication the server exists or needs attention. The user has to know to check /mcp independently.

Additional Context

  • The server's OAuth metadata endpoint (.well-known/oauth-authorization-server) is properly configured and discoverable
  • The initialize call succeeds without auth, confirming the server is reachable
  • Once authenticated via /mcp, everything works perfectly
  • This may be related to #14220, where auto-triggering OAuth on startup was considered unwanted — but the current behavior swings too far in the other direction. A non-intrusive notification would thread the needle between "surprise browser popup" and "complete silence."

Related Issues

  • #14220 — Auto browser launch on startup (opposite complaint: too aggressive)
  • #23512 / #6057 — Feature request for claude mcp auth <name> CLI command
  • #12051 — Batch authenticate all MCP servers

View original on GitHub ↗

This issue has 6 comments on GitHub. Read the full discussion on GitHub ↗