Remote HTTP MCP server with Bearer token auth fails: OAuth flow attempted instead

Resolved 💬 3 comments Opened Apr 13, 2026 by mkniebes Closed Apr 24, 2026

Description

When using a remote HTTP MCP server configured with static Bearer token authentication via headers, Claude Code attempts an OAuth flow instead of using the configured headers. This results in a 404 error because the server doesn't implement OAuth endpoints.

Configuration

In ~/.claude.json:

{
  "mcpServers": {
    "youtrack": {
      "type": "http",
      "url": "https://example.com/",
      "headers": {
        "Authorization": "Bearer <token>"
      }
    }
  }
}

Expected behavior

Claude Code should use the configured Authorization header directly when communicating with the MCP server, without attempting an OAuth flow.

Actual behavior

Claude Code attempts an OAuth flow against the server URL, which fails with:

SDK auth failed: HTTP 404: Invalid OAuth error response: SyntaxError: JSON Parse error: Unrecognized token '<'.

The server responds with a 404 HTML page because it has no OAuth endpoints — it only supports Bearer token auth via headers.

Notes

  • This worked correctly in previous sessions/versions.
  • The MCP server itself is fully functional — manually sending JSON-RPC requests with the Bearer token header works fine.
  • The server uses the Streamable HTTP transport (MCP protocol version 2025-11-25).

Workaround

Manually calling the MCP server via curl with the configured Bearer token and session management works as expected.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗