[BUG] OAuth browser does not open for HTTP MCP servers on Windows

Resolved 💬 3 comments Opened Apr 6, 2026 by Urus1201 Closed Apr 10, 2026

Bug Description

When authenticating with an HTTP-type MCP server that requires OAuth on Windows (Git Bash / PowerShell), selecting "Authenticate" from the /mcp dialog does nothing — the browser never opens. The OAuth flow silently fails without any error message shown to the user.

Steps to Reproduce

  1. Configure an HTTP MCP server with OAuth in .claude.json:

``json
"my-mcp": {
"type": "http",
"url": "https://example.com/mcp"
}
``

  1. The server returns {"error":"unauthorized","message":"Authentication required"} and exposes a standard .well-known/oauth-authorization-server discovery endpoint
  2. Run /mcp → status shows "needs authentication", "Error: fetch failed"
  3. Select "1. Authenticate"
  4. Expected: Browser opens to the OAuth authorization endpoint
  5. Actual: Nothing happens. No browser window, no error message, no URL printed to terminal

Environment

  • OS: Windows 11 Enterprise (10.0.26200)
  • Shell: Git Bash (MINGW64) and PowerShell 7
  • Claude Code version: 2.1.68+ (CLI, global install)
  • Node.js: v22 (via fnm)

Additional Context

  • The same MCP server URL works correctly with VS Code Copilot's MCP client (.vscode/mcp.json with "type": "http") — the browser opens and OAuth completes successfully
  • This suggests the issue is specific to Claude Code's browser-open mechanism on Windows, not the server configuration
  • There was also an initial SSL issue (self signed certificate in certificate chain) which was resolved separately by setting NODE_EXTRA_CA_CERTS. The browser-open failure persists even after SSL is resolved and the OAuth discovery/registration endpoints are reachable

Workaround

Manually running the OAuth flow via a Python script that:

  1. Calls the dynamic client registration endpoint
  2. Generates PKCE parameters
  3. Opens the browser using Python's webbrowser.open() (which works correctly on Windows)
  4. Listens on a local port for the OAuth callback
  5. Exchanges the auth code for tokens
  6. Writes the token directly into ~/.claude/.credentials.json

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗