OAuth redirect_uri mismatch: client metadata declares localhost/callback but CLI uses localhost:8080/callback

Resolved 💬 2 comments Opened Apr 1, 2026 by ryottaman Closed Apr 2, 2026

Bug Description

When connecting to a third-party MCP server (answer-io) that validates the OAuth client metadata document, the OAuth flow fails because the redirect_uri used by Claude Code CLI does not match the redirect_uris declared in its own client metadata.

Client Metadata (CIMD)

https://claude.ai/oauth/claude-code-client-metadata declares:

{
  "redirect_uris": ["http://localhost/callback", "http://127.0.0.1/callback"]
}

Actual Behavior

Claude Code CLI sends redirect_uri=http://localhost:8080/callback (with port 8080) in the OAuth authorization request, regardless of the --callback-port option.

Error from MCP Server

{"error":"invalid_request","error_description":"Redirect URI 'http://localhost:8080/callback' does not match CIMD redirect_uris."}

Steps to Reproduce

  1. Add an HTTP MCP server that validates redirect_uris against the CIMD:

``
claude mcp add --transport http --scope user answer-io https://mcp.answer-io.jp/mcp
``

  1. Attempt OAuth authentication
  2. The authorization URL contains redirect_uri=http://localhost:8080/callback
  3. The MCP server rejects it because the CIMD only lists port-less URIs

Expected Behavior

The redirect_uri in the OAuth flow should match one of the URIs declared in https://claude.ai/oauth/claude-code-client-metadata, e.g. http://localhost/callback.

Additional Notes

  • --callback-port 80 option was also tried but had no effect — the CLI still used port 8080
  • Claude Code version: 2.1.89
  • OS: Windows 11 Pro

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗