[BUG] HTTP/SSE MCP transport fails for non-OAuth servers (e.g., Jenkins) — OAuth discovery is mandatory and breaks Basic auth
Bug Description
Claude Code's HTTP and SSE MCP transports now attempt OAuth 2.0 Dynamic Client Registration before connecting, even when custom Authorization headers are provided. Servers that don't support OAuth (like Jenkins MCP Server plugin) return non-JSON error responses, which crashes the client.
Error
Error: HTTP 403: Invalid OAuth error response: SyntaxError: JSON Parse error: Unrecognized token '<'. Raw body: <html>
<head><meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/>
<title>Error 403 No valid crumb was included in the request</title></head>
<body><h2>HTTP ERROR 403 No valid crumb was included in the request</h2>
Claude Code hits the server's /register endpoint for OAuth client registration. Jenkins doesn't support OAuth — it uses Basic auth with API tokens — so it rejects with a 403 CSRF error.
Steps to Reproduce
- Configure a Jenkins MCP server with Basic auth:
"jenkins": {
"type": "http",
"url": "https://<jenkins-host>/mcp-server/mcp",
"headers": {
"Authorization": "Basic <base64-encoded user:token>"
}
}
- Run
/mcp→ Reconnect - Connection fails with the 403 OAuth error above
Also fails with type: "sse" and URL /mcp-server/sse.
Expected Behavior
When Authorization headers are already provided in the config, Claude Code should skip OAuth discovery and connect directly using the provided credentials — as it did in previous versions.
Environment
- Claude Code version: 2.1.78
- OS: macOS (Darwin 25.3.0)
- Jenkins MCP Server plugin: v0.158.v8e18e64dd93c (uses Basic auth only, no OAuth support)
Workaround Attempted
mcp-remoteas a stdio proxy — connects successfully when run manually (npx mcp-remote <url> --header "Authorization: ...") but still fails when spawned by Claude Code- SSE transport with
/mcp-server/sseendpoint — same OAuth error - Clearing
~/.mcp-auth/cache — no effect
Notes
- This previously worked with the same config — it's a regression
- Other HTTP MCP servers that support OAuth (e.g., New Relic) still work fine
- The same Jenkins server works from other MCP clients that don't attempt OAuth discovery
- The Jenkins MCP plugin explicitly documents that it does not support OAuth — only Basic auth with API tokens
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗