Switching auth modes invalidates OAuth tokens for HTTP MCP servers

Resolved 💬 3 comments Opened Mar 30, 2026 by vpark Closed May 2, 2026

Description

When switching between API key authentication and Claude Code subscription (or vice versa), OAuth tokens for all HTTP-based MCP servers are invalidated. This requires manually re-authorizing every OAuth MCP server after each switch.

Affected MCP servers

Any HTTP MCP that uses OAuth, including:

  • gcal.mcp.claude.com/mcp (Google Calendar)
  • gmail.mcp.claude.com/mcp (Gmail)
  • mcp.notion.com/mcp (Notion)

Stdio-based MCPs (e.g., context7, playwright, granola) are unaffected since they don't go through Claude's OAuth session.

Steps to reproduce

  1. Configure HTTP MCP servers with OAuth (e.g., Google Calendar, Gmail)
  2. Complete OAuth authorization for each server
  3. Switch from Claude Code subscription to API key (or vice versa) via /login
  4. Attempt to use any of the previously authorized HTTP MCP servers
  5. OAuth tokens are invalidated — each server requires re-authorization

Expected behavior

OAuth tokens for HTTP MCP servers should persist across auth mode switches. The MCP OAuth sessions and the Claude Code billing/auth session are separate concerns and shouldn't be coupled.

Environment

  • Claude Code CLI (native install, macOS)
  • OAuth tokens stored in macOS Keychain under Claude Code-credentials

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗