Vercel MCP plugin OAuth token not persisted between sessions
Summary
The Vercel MCP plugin (plugin:vercel:vercel) requires OAuth re-authentication on every new Claude Code session, even though the auth flow correctly requests offline_access scope (which should provide a persistent refresh token).
Expected behavior
After authenticating once, the OAuth refresh token should be stored and silently used to re-establish the session on subsequent Claude Code launches — no user interaction required.
Actual behavior
Every new Claude Code session requires going through the full OAuth browser flow again. The token is valid for the duration of the session but is not persisted to disk.
Investigation
Checked ~/.claude/ for token storage:
mcp-needs-auth-cache.jsontracks auth state for claude.ai MCP servers (Circleback, HubSpot, etc.) but the Vercel plugin is not in this list- No token file for
plugin:vercel:vercelexists anywhere under~/.claude/ - The auth URL includes
scope=openid+offline_accessand uses PKCE — correct OAuth2 setup that should yield a refresh token - The token appears to be held in-memory only and lost on exit
Impact
Teams using the Vercel MCP plugin in regular workflows (e.g., release automation scripts that call list_deployments to confirm production deployments) must manually re-authenticate at the start of every session. Disruptive for scripted/automated use.
Environment
- Claude Code CLI (darwin)
- Vercel plugin via
claude-plugins-official - Reproducible across sessions consistently
This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗