Vercel MCP plugin OAuth token not persisted between sessions

Resolved 💬 4 comments Opened Apr 13, 2026 by mattstratton Closed May 23, 2026

Summary

The Vercel MCP plugin (plugin:vercel:vercel) requires OAuth re-authentication on every new Claude Code session, even though the auth flow correctly requests offline_access scope (which should provide a persistent refresh token).

Expected behavior

After authenticating once, the OAuth refresh token should be stored and silently used to re-establish the session on subsequent Claude Code launches — no user interaction required.

Actual behavior

Every new Claude Code session requires going through the full OAuth browser flow again. The token is valid for the duration of the session but is not persisted to disk.

Investigation

Checked ~/.claude/ for token storage:

  • mcp-needs-auth-cache.json tracks auth state for claude.ai MCP servers (Circleback, HubSpot, etc.) but the Vercel plugin is not in this list
  • No token file for plugin:vercel:vercel exists anywhere under ~/.claude/
  • The auth URL includes scope=openid+offline_access and uses PKCE — correct OAuth2 setup that should yield a refresh token
  • The token appears to be held in-memory only and lost on exit

Impact

Teams using the Vercel MCP plugin in regular workflows (e.g., release automation scripts that call list_deployments to confirm production deployments) must manually re-authenticate at the start of every session. Disruptive for scripted/automated use.

Environment

  • Claude Code CLI (darwin)
  • Vercel plugin via claude-plugins-official
  • Reproducible across sessions consistently

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗