[BUG] HTTP OAuth MCP servers silently fail in Claude Code inside Claude Desktop — no error, no guidance

Resolved 💬 4 comments Opened Apr 11, 2026 by HoldenCaulfieldRye Closed Jun 25, 2026

Environment

  • Claude Code version: 2.1.87
  • Running inside: Claude Desktop (com.anthropic.claudefordesktop)
  • Operating System: macOS 15 (Darwin 25.2.0)

Bug Description

When adding an HTTP MCP server that requires OAuth but doesn't support Dynamic Client Registration (DCR), Claude Code silently fails with no user-facing error. The server appears in config but never loads tools. This is especially confusing inside Claude Desktop where there are no debug logs visible.

The user experience is a multi-hour loop:

  1. Run claude mcp add --transport http hubspot https://mcp.hubspot.com/anthropic
  2. Config is written to ~/.claude.json
  3. Restart session — no hubspot tools appear, no error shown
  4. User assumes config is wrong, tries again, creates duplicate entries at different scopes
  5. Repeat

Steps to Reproduce

  1. Open Claude Code inside Claude Desktop, cwd ~/git
  2. In a separate terminal: claude mcp add hubspot --transport http https://mcp.hubspot.com/anthropic
  3. Restart Claude Code session
  4. No mcp__hubspot__* tools load. No error message. The mcp__hubspot__authenticate tool may appear but calling it returns: "SDK auth failed: Incompatible auth server: does not support dynamic client registration"

Root Causes Found (after hours of debugging)

1. Silent OAuth failure: The server returns 401 with OAuth metadata, Claude Code attempts DCR, it fails (no registration_endpoint), and the failure is swallowed. No message is shown to the user.

2. Scope shadowing: claude mcp add defaults to local scope, writing to ~/.claude.json under projects["/Users/username"]. If the user later manually adds a working config at user scope (top-level mcpServers), the broken local-scoped entry takes precedence due to the scope hierarchy (local > project > user). This is invisible and undocumented behavior.

3. Project-level .mcp.json override: If any session writes a .mcp.json to the working directory with the broken HTTP entry, it overrides the working user-level config in subsequent sessions.

Expected Behavior

  1. Show an error when OAuth/DCR fails: "This server requires OAuth but doesn't support Dynamic Client Registration. Use a local MCP server with an API key instead, or configure OAuth client credentials manually."
  2. Warn about scope shadowing when a server name exists at multiple scopes
  3. Don't silently swallow connection failures — surface them in /mcp status or session startup

Workaround

Use the local npm package (@hubspot/mcp-server) with a Private App access token instead of the remote HTTP OAuth endpoint. Configure at user scope in ~/.claude.json:

"hubspot": {
  "command": "/opt/homebrew/bin/npx",
  "args": ["-y", "@hubspot/mcp-server"],
  "env": {
    "PRIVATE_APP_ACCESS_TOKEN": "pat-xxx"
  }
}

Related Issues

  • #3273 — Claude Code doesn't work with MCP servers without DCR (CLI-focused, different angle)
  • #26675 — Support pre-configured OAuth client credentials without DCR
  • #36832 — macOS TCC permission popup looping (separate but co-occurs)

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗