Switching auth modes invalidates OAuth tokens for HTTP MCP servers
Resolved 💬 3 comments Opened Mar 30, 2026 by vpark Closed May 2, 2026
Description
When switching between API key authentication and Claude Code subscription (or vice versa), OAuth tokens for all HTTP-based MCP servers are invalidated. This requires manually re-authorizing every OAuth MCP server after each switch.
Affected MCP servers
Any HTTP MCP that uses OAuth, including:
gcal.mcp.claude.com/mcp(Google Calendar)gmail.mcp.claude.com/mcp(Gmail)mcp.notion.com/mcp(Notion)
Stdio-based MCPs (e.g., context7, playwright, granola) are unaffected since they don't go through Claude's OAuth session.
Steps to reproduce
- Configure HTTP MCP servers with OAuth (e.g., Google Calendar, Gmail)
- Complete OAuth authorization for each server
- Switch from Claude Code subscription to API key (or vice versa) via
/login - Attempt to use any of the previously authorized HTTP MCP servers
- OAuth tokens are invalidated — each server requires re-authorization
Expected behavior
OAuth tokens for HTTP MCP servers should persist across auth mode switches. The MCP OAuth sessions and the Claude Code billing/auth session are separate concerns and shouldn't be coupled.
Environment
- Claude Code CLI (native install, macOS)
- OAuth tokens stored in macOS Keychain under
Claude Code-credentials
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗