CIMD redirect_uris missing wildcard port breaks OAuth with MCP servers
Problem
Claude Code's CIMD (Client ID Metadata Document) at https://claude.ai/oauth/claude-code-client-metadata lists redirect URIs without port wildcards:
{
"client_id": "https://claude.ai/oauth/claude-code-client-metadata",
"redirect_uris": [
"http://localhost/callback",
"http://127.0.0.1/callback"
]
}
However, Claude Code uses dynamic ports for its OAuth callback server (e.g., http://localhost:8080/callback or http://localhost:60351/callback). When an MCP server validates the redirect URI against the CIMD document, http://localhost:8080/callback does not match http://localhost/callback because no-port defaults to port 80 per RFC.
This causes the OAuth flow to fail with:
{"error":"invalid_request","error_description":"Redirect URI 'http://localhost:8080/callback' does not match CIMD redirect_uris."}
Expected Behavior
The CIMD document should use wildcard ports to match Claude Code's actual callback behavior:
"redirect_uris": [
"http://localhost:*/callback",
"http://127.0.0.1:*/callback"
]
This wildcard syntax is supported by the CIMD spec and by FastMCP's redirect_validation.py (_match_port accepts * as a wildcard).
Workaround
Server operators can disable CIMD support so Claude Code falls back to Dynamic Client Registration (DCR), which works because the client registers its own redirect URIs.
Environment
- Claude Code CLI (latest, installed via npm
@anthropic-ai/claude-code) - Remote MCP server using FastMCP 3.1.0 with GoogleProvider
- macOS
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗