[BUG] HTTP/SSE MCP transport fails for non-OAuth servers (e.g., Jenkins) — OAuth discovery is mandatory and breaks Basic auth

Resolved 💬 3 comments Opened Mar 18, 2026 by luisgoncalvespt Closed Mar 22, 2026

Bug Description

Claude Code's HTTP and SSE MCP transports now attempt OAuth 2.0 Dynamic Client Registration before connecting, even when custom Authorization headers are provided. Servers that don't support OAuth (like Jenkins MCP Server plugin) return non-JSON error responses, which crashes the client.

Error

Error: HTTP 403: Invalid OAuth error response: SyntaxError: JSON Parse error: Unrecognized token '<'. Raw body: <html>
<head><meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/>
<title>Error 403 No valid crumb was included in the request</title></head>
<body><h2>HTTP ERROR 403 No valid crumb was included in the request</h2>

Claude Code hits the server's /register endpoint for OAuth client registration. Jenkins doesn't support OAuth — it uses Basic auth with API tokens — so it rejects with a 403 CSRF error.

Steps to Reproduce

  1. Configure a Jenkins MCP server with Basic auth:
"jenkins": {
  "type": "http",
  "url": "https://<jenkins-host>/mcp-server/mcp",
  "headers": {
    "Authorization": "Basic <base64-encoded user:token>"
  }
}
  1. Run /mcp → Reconnect
  2. Connection fails with the 403 OAuth error above

Also fails with type: "sse" and URL /mcp-server/sse.

Expected Behavior

When Authorization headers are already provided in the config, Claude Code should skip OAuth discovery and connect directly using the provided credentials — as it did in previous versions.

Environment

  • Claude Code version: 2.1.78
  • OS: macOS (Darwin 25.3.0)
  • Jenkins MCP Server plugin: v0.158.v8e18e64dd93c (uses Basic auth only, no OAuth support)

Workaround Attempted

  • mcp-remote as a stdio proxy — connects successfully when run manually (npx mcp-remote <url> --header "Authorization: ...") but still fails when spawned by Claude Code
  • SSE transport with /mcp-server/sse endpoint — same OAuth error
  • Clearing ~/.mcp-auth/ cache — no effect

Notes

  • This previously worked with the same config — it's a regression
  • Other HTTP MCP servers that support OAuth (e.g., New Relic) still work fine
  • The same Jenkins server works from other MCP clients that don't attempt OAuth discovery
  • The Jenkins MCP plugin explicitly documents that it does not support OAuth — only Basic auth with API tokens

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗