[BUG] MCP OAuth tokens not refreshed for claude.ai proxy connections (mcp-proxy.anthropic.com)

Resolved 💬 4 comments Opened Apr 10, 2026 by seanlynch-fivetran Closed Jun 17, 2026

What's Wrong?

MCP servers connected via the claude.ai proxy (mcp-proxy.anthropic.com) never refresh OAuth tokens. When a token expires, the client reconnects the SSE transport to the proxy and reports success, but never initiates an OAuth refresh or reauth flow. The expired token is then sent on the next tool call, which fails at the upstream API.

Server logs show zero /token or /authorize requests after the expiry. Client debug logs confirm only a transport reconnection:

MCP server "claude.ai BigQuery": SSE transport closed/disconnected, attempting automatic reconnection
MCP server "claude.ai BigQuery": Using claude.ai proxy at https://mcp-proxy.anthropic.com/v1/mcp/...
MCP server "claude.ai BigQuery": SSE reconnection successful after 756ms (attempt 1)

No OAuth activity follows. The next tool call hits the upstream API with the stale token and fails.

Distinction from #5706

Token refresh was fixed for direct HTTP MCP connections in ~v2.1.59. This bug is specific to the claude.ai proxy path (claudeai-proxy transport), where the client delegates to mcp-proxy.anthropic.com instead of connecting to the server directly.

Related: #5706, #10250

Environment

  • Claude Code v2.1.100, macOS
  • MCP server: custom BigQuery server on Cloud Run (stateless_http=True, streamable-http)
  • Connected via claude.ai connectors page (marketplace)

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗