[BUG] MCP `http` transport bypasses Authorization header, attempts OAuth2 registration

Resolved 💬 3 comments Opened Jul 1, 2025 by saiya Closed Jul 2, 2025

Environment

  • Platform (select one):
  • [ ] Anthropic API
  • [x] AWS Bedrock
  • [ ] Google Vertex AI
  • [ ] Other: <!-- specify -->
  • Claude CLI version: 1.0.31 (Claude Code)
  • Operating System: MacOS 15.5
  • Terminal: Terminal App

Bug Description

Similar to https://github.com/anthropics/claude-code/issues/1763, Claude Code attempts OAuth2 Dynamic Client Registration despite the MCP being configured with an Authorization header.

<!-- A clear and concise description of the bug -->

Steps to Reproduce

  1. Run a server on localhost:8098
  2. claude mcp add --transport http my-mcp-local 'http://localhost:8098/ai/mcp' -H "Authorization: Bearer dummy"
  3. Open claude and type /mcp to verify the configuration

Expected Behavior

  • Claude Code should perform MCP initialization WITHOUT any OAuth2-related processes

Actual Behavior

  • Claude /mcp returns the error: Error: Dynamic client registration failed: HTTP 404
  • The server access logs show requests to GET /.well-known/oauth-authorization-server and POST /register

Additional Context

claude mcp get my-mcp-local displays the following output, which confirms the Authorization header is configured:

my-mcp-local:
  Scope: Local (private to you in this project)
  Type: http
  URL: http://localhost:8098/ai/mcp/observability
  Headers:
    Authorization: Bearer dummy

To remove this server, run: claude mcp remove "my-mcp-local" -s local

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗