[BUG] OAuth browser does not open for HTTP MCP servers on Windows
Resolved 💬 3 comments Opened Apr 6, 2026 by Urus1201 Closed Apr 10, 2026
Bug Description
When authenticating with an HTTP-type MCP server that requires OAuth on Windows (Git Bash / PowerShell), selecting "Authenticate" from the /mcp dialog does nothing — the browser never opens. The OAuth flow silently fails without any error message shown to the user.
Steps to Reproduce
- Configure an HTTP MCP server with OAuth in
.claude.json:
``json``
"my-mcp": {
"type": "http",
"url": "https://example.com/mcp"
}
- The server returns
{"error":"unauthorized","message":"Authentication required"}and exposes a standard.well-known/oauth-authorization-serverdiscovery endpoint - Run
/mcp→ status shows "needs authentication", "Error: fetch failed" - Select "1. Authenticate"
- Expected: Browser opens to the OAuth authorization endpoint
- Actual: Nothing happens. No browser window, no error message, no URL printed to terminal
Environment
- OS: Windows 11 Enterprise (10.0.26200)
- Shell: Git Bash (MINGW64) and PowerShell 7
- Claude Code version: 2.1.68+ (CLI, global install)
- Node.js: v22 (via fnm)
Additional Context
- The same MCP server URL works correctly with VS Code Copilot's MCP client (
.vscode/mcp.jsonwith"type": "http") — the browser opens and OAuth completes successfully - This suggests the issue is specific to Claude Code's browser-open mechanism on Windows, not the server configuration
- There was also an initial SSL issue (
self signed certificate in certificate chain) which was resolved separately by settingNODE_EXTRA_CA_CERTS. The browser-open failure persists even after SSL is resolved and the OAuth discovery/registration endpoints are reachable
Workaround
Manually running the OAuth flow via a Python script that:
- Calls the dynamic client registration endpoint
- Generates PKCE parameters
- Opens the browser using Python's
webbrowser.open()(which works correctly on Windows) - Listens on a local port for the OAuth callback
- Exchanges the auth code for tokens
- Writes the token directly into
~/.claude/.credentials.json
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗