[FEATURE] Share MCP OAuth tokens globally for user-scoped servers instead of per-project
Problem
When MCP servers are configured at the user scope (top-level mcpServers in ~/.claude.json), OAuth authentication tokens are still stored and scoped per-project. This means every time you open Claude Code in a new repository, you have to re-authenticate each HTTP-based MCP server (Linear, Notion, Atlassian, etc.) even though the server configuration is global.
With many repos this becomes a significant friction point — the OAuth flow has to be completed once per server per project directory.
Expected behavior
For MCP servers configured at the user scope, OAuth tokens should also be stored at the user level and shared across all projects. A single OAuth authentication per server should be sufficient regardless of which project directory Claude Code is opened in.
Current behavior
- MCP servers are defined globally in
~/.claude.jsonundermcpServers(user scope viaclaude mcp add --scope user) - Tool permissions are configured globally in
~/.claude/settings.json - But OAuth tokens are scoped per-project — each project entry in
~/.claude.jsonunder"projects"maintains its own auth state - Opening Claude Code in a new repo requires re-authenticating every OAuth-based MCP server
Proposed solution
- For user-scoped MCP servers, store OAuth tokens at the user level (not under the per-project config)
- Project-scoped MCP servers can continue to use per-project tokens
- This matches the mental model: if I configured the server globally, I expect auth to be global too
Related issues
- #24317 — OAuth refresh token race condition with concurrent sessions
- #28981 — Feature request for
claude mcp authCLI command - #30272 — MCP menu doesn't show servers needing re-auth
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗