Remote MCP connector OAuth silently authorizes wrong account when browser and Claude Code Desktop use different accounts

Resolved 💬 2 comments Opened Mar 30, 2026 by 7schmiede Closed Mar 31, 2026

Summary

When connecting a remote MCP connector via OAuth from Claude Code Desktop (CCD), the OAuth flow opens in the default browser. If the browser is logged into a different Claude account than CCD, the connector is silently authorized for the wrong account. CCD never receives the connector, with no error or feedback to the user.

Steps to reproduce

  1. Log into Claude Code Desktop with Account B (e.g., an organization account)
  2. Have the default browser logged into Account A (e.g., a personal account)
  3. In CCD, attempt to connect a remote MCP connector (e.g., a self-hosted MCP server with OAuth)
  4. The OAuth flow opens in the browser, completes successfully (step=success in URL)
  5. CCD still shows the connector as not connected

Expected behavior

  • The OAuth authorize page should display which account is being used for authorization
  • If the browser account differs from the CCD account, show a clear "Switch account" prompt before proceeding
  • At minimum: show an error in CCD explaining the mismatch instead of silently failing

Actual behavior

  • OAuth flow completes with step=success — no error anywhere
  • Connector is authorized for the browser's account (Account A), not the CCD account (Account B)
  • CCD logs show fetchAutoInstalledPlugins: 0 and remote: 0 — the connector never appears
  • UI continues showing "Connect" button with no indication of what went wrong
  • User has no way to diagnose the issue without reading main.log

Diagnostic evidence from main.log

# Account B (org) session — 0 remote plugins
[CCD] Passing 1 plugin(s) to SDK (skills: 1, remote: 0, local: 0)
[PluginsFetcher] fetchAutoInstalledPlugins: 0 plugins

# After switching to the correct browser account — 1 remote plugin
[CCD] Passing 2 plugin(s) to SDK (skills: 1, remote: 1, local: 0)

Environment

  • Windows 11, Claude Desktop (Windows Store)
  • Edge Chromium as default browser
  • Self-hosted MCP server with OAuth 2.1 (dynamic client registration, PKCE)
  • Two Claude accounts: personal + organization member

Proposed fix

  1. Show account info on authorize page — Display the logged-in account email/name during the OAuth consent step
  2. Detect account mismatch — Compare the requesting CCD account with the browser session; if different, prompt to switch
  3. Surface errors in CCD — If the connector was authorized for a different account, show an actionable error in CCD instead of silent failure

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗