Claude Code cannot connect to GitHub's remote MCP server using OAuth authentication
Open 💬 58 comments Opened Jul 13, 2025 by pablospe
Environment
- Platform (select one):
- [x] Anthropic API
- [ ] AWS Bedrock
- [ ] Google Vertex AI
- [ ] Other: <!-- specify -->
- Claude CLI version: 1.0.51 (Claude Code)
- Operating System: Ubuntu 22.04
- Terminal: any
Bug Description
Claude Code cannot connect to GitHub's remote MCP server using OAuth authentication at https://api.githubcopilot.com/mcp/, while the same configuration works in VS Code.
Steps to Reproduce
Configure Claude Code with GitHub MCP server:claude mcp add github-server https://api.githubcopilot.com/mcp/
Additional Context
Related Issues:
https://github.com/github/github-mcp-server/issues/549#issuecomment-3013969822
https://github.com/github/github-mcp-server/issues/603
59 Comments
If GitHub would support Dynamic Client Registration for their API this would work out of the box.
This is even one of the examples in the Claude Code documentation. It probably should be removed from the documentation until it works.
Here's the exact error I see, for others who haven't encountered this issue yet:
any updates on fixing this? @rboyce-ant @ollie-anthropic
I encountered the same problem.
Still seeing this...
Current workaround for me was using a Personal Access Token and adding the MCP as follows:
Another work around is to use
gh, the github cli allows to do everything, so ask claude code to use it (first login with gh), and it should be a similar experience than the github MCP.Claude code should support the latest version of the MCP authentication protocol, which deprecated dynamic client registration.
https://modelcontextprotocol.io/specification/2025-11-25/basic/authorization
Unfortunately, still does not work as of now
The github-mcp cannot authenticate as of today. Until yesterday everything was fine. My config:
Claude version 2.1.6
Error: Incompatible auth server: does not support dynamic client registration
I face the same on AWS Bedrock
Same with version 2.1.7 released yesterday
this worked for me!
Same here but for slack https://github.com/anthropics/claude-code/issues/18009
@bernabe9 What permissions do you give to the PAT, so this is secure enough? Thanks!
Same here. on Windows WSL.
│ Error: Incompatible auth server: does not support dynamic client registrationhttps://github.com/github/github-mcp-server/blob/main/docs/installation-guides/install-claude.md
If you are using Claude Code on Windows, and using Claude Code Plugin system to manager GitHub MCP, you can add PAT as an environment variable in the Windows Environment Variables.
env var name: GITHUB_PERSONAL_ACCESS_TOKEN
value: your PAT
@thinkriver is correct. The environment variable name must be set to GITHUB_PERSONAL_ACCESS_TOKEN (not GITHUB_TOKEN, GITHUB_PAT etc.) not only on Windows, but on other operating systems as well.
If you go to Claude Code → /plugins → Installed → github, you can see what the actual problem is.
For me, it works on Cursor IDE but not at Claude code so I just copy and pasted what's there in Cursor.
Setting like it works for me.
"""
"mcpServers": {
"github": {
"command": "npx",
"args": [
"-y",
"@modelcontextprotocol/server-github"
],
"env": {
"GITHUB_PERSONAL_ACCESS_TOKEN": "{PAT_TOKEN}"
}
}
}
"""
Guessing this is because github is owned by microsoft and claude isn't?
The latest spec of MCP deprecated dynamic client registration.
2025-11-25 MCP Spec
Claude Code should support the latest official spec of MCP authorization, and allow the client to provide a client id, so auth provider can register Claude Code as an authorized application.
I was able to install this MCP with oAuth no problem last week. Today stopped working. It seems that there's more to this than just oAuth not supported
Workaround: GitHub Plugin Auth (macOS)
Problem
Install the GitHub plugin via
/plugin, run/mcp, get:The plugin's
.mcp.jsonreadsGITHUB_PERSONAL_ACCESS_TOKENfrom your environment. But the UI shows an "Authenticate" button that tries OAuth, which GitHub's endpoint doesn't support. Setting the env var is the actual fix.Fix
1. Create a fine-grained PAT at [github.com/settings/tokens](https://github.com/settings/tokens?type=beta) with the scopes you need.
2. Store it in macOS Keychain:
3. Add this to your shell profile (
~/.zshrc,~/.bashrc, etc.):4. Restart your terminal, open Claude Code, run
/mcp. It should connect. Ignore the "Authenticate" button.Why Keychain
Most suggestions say to drop the token in
~/.zshrc,.env,settings.json, or.mcp.json. That's plaintext on disk. If you sync dotfiles or share your machine, that's not ideal. Keychain keeps the secret encrypted and the shell profile only contains the retrieval command, not the token.Other platforms
This uses the macOS
securityCLI so it won't work on Linux or Windows. The underlying fix is the same though: getGITHUB_PERSONAL_ACCESS_TOKENinto your environment. Linux users could usesecret-tool(GNOME Keyring), Windows users could pull from Credential Manager via PowerShell.Workaround: GitHub Auth (Windows)
GITHUB_PERSONAL_ACCESS_TOKEN. It is critical to use this exact name both in the Env Variables and.claude.jsonfile. If you use anything else, it doesn't work. I originally created "GITHUB_PAT" and that didn't work. Once I renamed the env variable toGITHUB_PERSONAL_ACCESS_TOKENand matched the.claude.jsonfile, I was able to connect successfully.OR
.claude.jsonfile config and it will work as well. Just make sure that the environment variable is named correctly.msdocs · ✔ connected
Built-in MCPs (always available)
plugin:github:github · ✔ connected
Why is this still in the documentation?
https://code.claude.com/docs/en/mcp#example-connect-to-github-for-code-reviews
I built https://github-mcp.levinkeller.de/ and it scratches my itch. Maybe yours too?
We're hitting this as well. We built a remote MCP server with Cognito OAuth (PKCE, authorization code grant) behind API Gateway. The OAuth discovery endpoint at
/.well-known/oauth-authorization-serverreturns correct metadata and Claude Desktop/Web can complete the flow — but Claude Code never initiates the browser auth.claude mcp addregisters the server,/mcpshows "needs authentication", selecting "Authenticate" fails with a ZodError parsing the 403 response. The OAuth flow simply never starts.This blocks our team from using the MCP server in Claude Code. Would appreciate visibility on when this will be addressed.
github cli is all you need. Forget about Anthropics fixing this. Just say to use
ghto claude code and he will figure it out (create a PR, get all comments, reply to all comments concisely and resolve thread, ignore all comments and merge :P, update PR, etc...). Maybe you can create your own skill or use one from someone else, so it is faster (claude code doesn't need to figure out everything every time, but still, it is quite good at it). Same for Playwright, they are moving from MCP to CLI.Workaround: OAuth proxy that gives Claude Code what it expects
We hit the same issue with our Cognito-backed MCP server. Instead of falling back to static tokens, we built a thin OAuth proxy in front of Cognito that makes Claude Code's OAuth flow work end-to-end.
The proxy does three things:
POST /register) — returns the pre-configured Cognitoclient_idwithout actually registering a client. Claude Code calls this to discover credentials.GET /authorize) — Claude Code sends a random localhost port asredirect_uri. The proxy wraps it + the client'sstateinto a base64url blob, substitutes a single pre-registered callback URL, and unwraps on the way back through/oauth/callback.POST /token) — rewritesredirect_urito match what Cognito saw during authorization before forwarding the token exchange.This lets the standard authorization code + PKCE flow complete without Claude Code needing native non-DCR support. Works with Claude Code, Claude.ai, and any MCP client that follows the spec.
Only feasible if you control the MCP server — won't help with GitHub/Slack MCP servers.
🤖
GitHub's remote MCP server at
api.githubcopilot.comrequires Copilot-specific OAuth that Claude Code's MCP client doesn't support natively. Here are workarounds:Workaround 1 — Use the local GitHub MCP server instead:
GitHub provides an open-source MCP server you can run locally, which uses a personal access token instead of OAuth:
Then set your GitHub token:
This gives you GitHub integration (repos, issues, PRs, files) without the OAuth complexity.
Workaround 2 — Use the Docker-based GitHub MCP server:
Workaround 3 — Use gh CLI as a bridge:
If you only need specific GitHub operations, you can use
gh(GitHub CLI) directly without MCP:Claude Code can call
ghvia Bash, which uses your existinggh auth logincredentials.Why the remote server doesn't work: The
api.githubcopilot.comendpoint requires GitHub Copilot OAuth tokens, which are tied to VS Code's Copilot extension authentication flow. Claude Code's MCP client uses standard OAuth 2.0, but GitHub's remote MCP endpoint expects Copilot-specific auth headers. The local server sidesteps this entirely by using a personal access token.insane that this issue is still open after 9 months lol I can't think of a more used combo of two tools for any engineer in today's world
Now that the source code leaked does someone wanna just fix it for them and send a patch file lol
Might be faster than waiting for them at this point
This really works. It is just a proxy for the official GitHub mcp that enables Claude code authentication. I am a trustworthy solo business owner in Germany and comply with privacy laws in Europe. If you cannot trust me, let Claude build your own proxy and use that.
The times to demand software features are over. Just have Claude build your own.
yes, it will most likely be fixed now :D
I do not see how this could work. It is mostly githubs fault because they do not support the right auth flow. With claude code, one can already just use gh cli.
I use the github pre configured marketplace plugin and setting up the environment variable as described by @zrivkis fixed it.
Like @zrivkis said if github plugin is used there's no need to touch .claude.json file at all, only configure env vars.
After you set up the env variables close claude code and restart the terminal before checking /plugins again to see if auth succeeded.
Works like a charm, Thanks!
Two tiny indie companies can't connect to each other, one of them is MCP developer itself, lol. both plugin and mcp doesn't work for me, neither by github nor antropic instructions. Yeah, GH is the way, but the situation is..
Disabling and Enabling github mcp did the trick for me, not sure how but seems to be working
If you're still hitting OAuth handshake failures with GitHub's remote MCP server, NyxID (https://github.com/ChronoAIProject/NyxID) can work as a workaround — it proxies the connection and handles OAuth externally so Claude Code doesn't need to negotiate the auth flow itself.
You register the GitHub API in NyxID with your OAuth credentials, and Claude Code connects to NyxID's proxy endpoint instead. NyxID handles the token exchange, refresh, and injection transparently.
Works with Claude Code, Cursor, and Codex. Self-hosted and open source.
GitHub: https://github.com/ChronoAIProject/NyxID
Why is the github mcp server even default plugin on claude code if it doesn't even work.. seems kinda odd
This is absurd. The issue is present for a long time ant it is not fixed. Even official google mcp servers are unusable because of this! F.e. https://logging.googleapis.com/mcp Will someone tell me that google uses something obsolete! With Cursor there is zero problem connecting to the mcp server!
Our company with a hundred of developers are currently deciding between Cursor and Claude Code and such absurds in Claude Code and lack of desire to fix them are leaning us towards Cursor!
<img width="774" height="224" alt="Image" src="https://github.com/user-attachments/assets/5065f31d-560e-4e15-9b7b-f732c219744a" />
The issue is that the Claude MCP's docs are wrong. The GitHub remote MCP doesn't support Dynamic Client Registration at the moment so the example command as is won't work.
You can use Personal Access Token approach that @bernabe9 described, or you can register a new GitHub OAuth app. When you create it:
http://localhost:4321/callbackfor Claude Code CLIEither approach should work just fine. Claude's current docs just need to remove this example because it's not as simple as they make it look.
Yes, this is the solution (https://github.com/anthropics/claude-code/issues/3433#issuecomment-4274606040), or simply ask claude code to use directly the Github cli (
gh), which can potentially be better if you create your own skill.That is not a solution that is a workaround. The plugin that Claude uses is still broken. Please reopen this issue.
I don't understand why everybody is proposing solutions for GitHub! This is not a problems related to GitHub only but a general one! And I can not crate a general issue, because it will be marked as duplicate!
For what it's worth:
@seanlynch-fivetran I've had this issue with gitlab and google remote mcp server connections. So I am absolutely sure that this is not a problem on the side of the provider.
yeah auth hasn't worked for me either. consider removing this from the default plugin store given it will not actually work out-of-the-box.
This workaround worked for me: https://github.com/anthropics/claude-code/issues/3433#issuecomment-3692901106
edit
~/.claude/settings.jsonand add:"env": {
"GITHUB_PERSONAL_ACCESS_TOKEN": "${GITHUB_PAT}"
},
it works for me.
Confirming on macOS via the claude.ai-hosted GitHub Integration connector (Customize → Connectors), not via manual
claude mcp add. Adding this since most of the prior comments seem to be the manual-add path — wanted to flag the connector path hits it too.Reproduction (originally working setup → broken):
mcp__github__*tools worked fine for that org.https://claude.ai/customize/connectors→ GitHub Integration → Disconnect, then Connect, completing the GitHub OAuth authorization. (Note: GitHub Apps don't surface an org selector during OAuth — org access is conveyed via installations, which were already in place.)Result:
The github MCP server is unavailable for the entire session. Any
mcp__github__*tool call returns the same error string. State persists across Claude Code restarts.Versions:
Observation: the disconnect/reconnect cycle from the claude.ai Customize page appears to transition the connector into the DCR-attempting OAuth path that GitHub's MCP server doesn't support. Prior to that cycle, the connector worked (presumably because the original PAT-based auth bypassed the DCR negotiation entirely).
Workaround we're using:
ghCLI for any GitHub work from Claude Code. Unaffected by the MCP auth path.Yes, please stop relying on the MCP. Instead, use the GitHub CLI + skill, and you'll have everything you need. It's even better because you won't need all the GitHub tools cluttering your context windows constantly. Anthropic is doing you a favor by leaving this issue unresolved :P
This was the right answer for now. Generate PAT in Github and replace the ${GITHUB_PAT}, then reload-plugins on Claude and it will be authenticated.
@pablospe The issue is the OAuth flow requires AS discovery (RFC 8414) but GitHub Copilot's MCP endpoint doesn't support it. Workaround: proxy the OAuth handshake through a lightweight intermediary that handles the discovery step separately from the token exchange.
For people landing here from the exact error:
Incompatible auth server: does not support dynamic client registrationThe issue is not usually the GitHub token scopes first. It is the auth flow shape: Claude Code's OAuth path expects OAuth Dynamic Client Registration, while this GitHub remote MCP endpoint does not appear to support DCR for that flow.
The working path I collected is:
GITHUB_PERSONAL_ACCESS_TOKENto the GitHub MCP server / configFull note here:
https://laozhangzzz.github.io/agent-pitbook/pits/mcp-github-remote-oauth-dcr-unsupported-use-pat.html
PAT workaround noted—common when OAuth flakes.
To avoid long-lived keys in agent configs, Git Repo Auth mints scoped tokens on demand (no permanent PAT needed in your MCP setup). Early experiment at https://gitauth.klappy.dev / klappy/git-repo-auth-mcp. Feedback on whether this addresses the friction?
(Current PAT minimal-scopes tip still valid in meantime.)
Add the
GITHUB_PERSONAL_ACCESS_TOKENenv variable with yourPersonal access tokens (classic)(I haven't tried withFine-grained personal access tokensso I cannot say if it works) and reconnect the MCP via/mcp, it should work