[BUG] MCP `http` transport bypasses Authorization header, attempts OAuth2 registration
Resolved 💬 3 comments Opened Jul 1, 2025 by saiya Closed Jul 2, 2025
Environment
- Platform (select one):
- [ ] Anthropic API
- [x] AWS Bedrock
- [ ] Google Vertex AI
- [ ] Other: <!-- specify -->
- Claude CLI version: 1.0.31 (Claude Code)
- Operating System: MacOS 15.5
- Terminal: Terminal App
Bug Description
Similar to https://github.com/anthropics/claude-code/issues/1763, Claude Code attempts OAuth2 Dynamic Client Registration despite the MCP being configured with an Authorization header.
<!-- A clear and concise description of the bug -->
Steps to Reproduce
- Run a server on localhost:8098
claude mcp add --transport http my-mcp-local 'http://localhost:8098/ai/mcp' -H "Authorization: Bearer dummy"- Open
claudeand type/mcpto verify the configuration
Expected Behavior
- Claude Code should perform MCP initialization WITHOUT any OAuth2-related processes
Actual Behavior
- Claude
/mcpreturns the error:Error: Dynamic client registration failed: HTTP 404 - The server access logs show requests to
GET /.well-known/oauth-authorization-serverandPOST /register
Additional Context
claude mcp get my-mcp-local displays the following output, which confirms the Authorization header is configured:
my-mcp-local:
Scope: Local (private to you in this project)
Type: http
URL: http://localhost:8098/ai/mcp/observability
Headers:
Authorization: Bearer dummy
To remove this server, run: claude mcp remove "my-mcp-local" -s localThis issue has 3 comments on GitHub. Read the full discussion on GitHub ↗