MCP /mcp menu does not show servers needing re-authentication after token revocation

Resolved 💬 2 comments Opened Mar 3, 2026 by BryanJHealy Closed Mar 31, 2026

Description

When an HTTP MCP server's OAuth session is revoked server-side (e.g., user revokes session from a settings page), Claude Code correctly detects the auth failure when a tool is called:

Error: MCP server "mantira" requires re-authorization (token expired)

However, the /mcp menu does not surface this server as needing authentication. The server either shows as "connected" or doesn't appear in the list of servers requiring auth action.

Expected behavior

After a tool call fails with an auth error (401 / token revoked / token expired), the /mcp menu should show the affected server as needing re-authentication, allowing the user to trigger the OAuth flow again without restarting Claude Code.

Steps to reproduce

  1. Configure an HTTP MCP server with OAuth 2.1 in .mcp.json:

``json
{
"mcpServers": {
"my-server": {
"type": "http",
"url": "https://example.com/api/mcp"
}
}
}
``

  1. Authenticate successfully via the OAuth flow
  2. Revoke the session server-side (e.g., set revoked_at on the session record)
  3. Attempt to use an MCP tool — observe the "requires re-authorization" error
  4. Open /mcp menu — the server does not appear as needing authentication

Environment

  • Claude Code CLI
  • MCP server using OAuth 2.1 with PKCE (spec-compliant)
  • Server correctly returns 401 on revoked tokens and rejects refresh attempts

Workaround

Restarting Claude Code in the project directory forces a fresh connection attempt, which triggers the OAuth re-authorization flow.

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗