HTTP MCP servers with static Bearer token shown as needing authentication
Description
The /mcp dialog shows HTTP MCP servers as "needing authentication" even when they have a working static Bearer token configured via headers in ~/.claude.json.
Configuration
{
"mcpServers": {
"n8n": {
"type": "http",
"url": "http://192.168.1.87:5678/mcp-server/http",
"headers": {
"Authorization": "Bearer eyJ..."
}
}
}
}
The server connects successfully, tools load, and all MCP requests are authenticated. Verified via curl — the Bearer token is valid and the server responds with a proper MCP initialize response (200 OK).
Problem
The /mcp dialog's auth status indicator only tracks OAuth state. When the server advertises OAuth metadata at /.well-known/oauth-authorization-server, Claude Code:
- Discovers the OAuth endpoints
- Checks whether an OAuth handshake has been completed (it hasn't — static token is used instead)
- Shows the server as "needs authentication"
Clicking through the OAuth prompt shows n8n's consent screen with "Invalid or expired authorization session" — the OAuth flow was never intended to be used since auth is handled by the static Bearer token.
Expected behavior
If a server has headers with an Authorization value configured and the server responds successfully to MCP requests, the /mcp dialog should show it as authenticated (or at minimum, not prompt for OAuth authentication).
Suggested fix
Any of:
- Recognize
headers-based auth as "authenticated" in the UI - Add a config flag like
"skipOAuthDiscovery": trueto suppress OAuth probing for servers that use static tokens - Don't show "needs authentication" when the server's MCP connection is actually working
Related
Previously reported as #17152 (closed as stale).
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗