[BUG] Claude.ai and mcp-remote ignore `registration_endpoint` from OAuth discovery document, calling hardcoded `/register` instead of `/oauth/register`
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
When connecting to a remote MCP server that declares a non-root OAuth
registration path in its discovery document (e.g. /oauth/register),
both mcp-remote and Claude.ai browser interface fail to connect.
The client correctly fetches the OAuth discovery document from /.well-known/oauth-authorization-server and finds the registration_endpoint field, but then ignores it. Instead of calling
the declared URL, it constructs a hardcoded /register path on the
issuer base URL, which returns HTTP 404.
This violates RFC 8414 (OAuth 2.0 Authorization Server Metadata), which
requires clients to use the registration_endpoint value from the
discovery document when present.
The same MCP server connects and authenticates successfully with
ChatGPT, confirming full spec compliance on the server side and that
the issue is on the client side.
What Should Happen?
The client should read the registration_endpoint field from the OAuth
discovery document and use that exact URL to register the client
dynamically, as required by RFC 7591 (OAuth 2.0 Dynamic Client
Registration) and RFC 8414.
In this specific case, the correct registration URL is:https://www.app.fattura24.com/s2/oauth/register
This endpoint is fully functional. A direct call returns a valid client_id:
curl -X POST https://www.app.fattura24.com/s2/oauth/register \
-H "Content-Type: application/json" \
-d '{
"redirect_uris": ["http://localhost:13246/callback"],
"client_name": "mcp-remote-test",
"grant_types": ["authorization_code"],
"response_types": ["code"],
"token_endpoint_auth_method": "none",
"scope": "mcp"
}'
Expected response:
{
"client_id": "f24_67f1ee5524754764813f7db76cbee7fb",
"client_id_issued_at": 1774026058,
"client_name": "mcp-remote-test",
"redirect_uris": ["http://localhost:13246/callback"],
"grant_types": ["authorization_code", "refresh_token"],
"response_types": ["code"],
"token_endpoint_auth_method": "none"
}
Error Messages/Logs
**mcp-remote terminal output:**
[31494] Discovering OAuth server configuration...
[31494] Discovered authorization server: https://www.app.fattura24.com/s2
[31494] Connecting to remote server: https://www.app.fattura24.com/s2/mcp
[31494] Using transport strategy: http-first
[31494] Received error (status unknown): HTTP 404: Invalid OAuth error
response: SyntaxError: Unexpected token '<', "<html><hea"... is not
valid JSON. Raw body: <html>...<h1>HTTP Status 404 - /register</h1>...
[31494] Recursively reconnecting for reason: falling-back-to-alternate-transport
[31494] Connecting to remote server: https://www.app.fattura24.com/s2/mcp
[31494] Using transport strategy: sse-only
[31494] Connection error: ServerError: HTTP 404: Invalid OAuth error
response [...]
[31494] Fatal error: ServerError: HTTP 404 [...]
**Claude.ai browser error:**
Couldn't reach the MCP server. You can check the server URL and verify
the server is running. If this persists, share this reference with
support: "ofid_9c28a14675ce5f23"
**Claude Desktop App error:**
Couldn't reach the MCP server. You can check the server URL and verify
the server is running. If this persists, share this reference with
support: "ofid_8e598390d66eb8ce"
Steps to Reproduce
- Set up a remote MCP server with OAuth, where the registration
endpoint is at a non-root path (e.g. /oauth/register instead of
/register), and declare it correctly in the discovery document at
/.well-known/oauth-authorization-server
- Verify the discovery document is accessible and returns the correct
registration_endpoint:
https://www.app.fattura24.com/s2/.well-known/oauth-authorization-server
{
"issuer": "https://www.app.fattura24.com/s2",
"authorization_endpoint": "https://www.app.fattura24.com/s2/oauth/authorize",
"token_endpoint": "https://www.app.fattura24.com/s2/oauth/token",
"registration_endpoint": "https://www.app.fattura24.com/s2/oauth/register",
"response_types_supported": ["code"],
"grant_types_supported": ["authorization_code", "refresh_token"],
"code_challenge_methods_supported": ["S256"],
"token_endpoint_auth_methods_supported": ["none"],
"scopes_supported": ["mcp"]
}
- Try to connect via
mcp-remote:
npx mcp-remote https://www.app.fattura24.com/s2/mcp
- Observe that
mcp-remotecalls/registerinstead of
/oauth/register, receiving HTTP 404
- Try to connect the same server via Claude.ai browser interface or
Claude Desktop App — both fail with the errors shown above
Environment:
- mcp-remote: 0.1.38
- Node.js: v22.14.0
- macOS (Apple Silicon)
- Also reproduced via Claude.ai browser interface
Claude Model
None
Is this a regression?
Yes, this worked in a previous version
Last Working Version
_No response_
Claude Code Version
Claude 1.1.7714 (3bd6f6)
Platform
Anthropic API
Operating System
macOS
Terminal/Shell
Terminal.app (macOS)
Additional Information
_No response_
This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗