Remote HTTP MCP server with Bearer token auth fails: OAuth flow attempted instead
Description
When using a remote HTTP MCP server configured with static Bearer token authentication via headers, Claude Code attempts an OAuth flow instead of using the configured headers. This results in a 404 error because the server doesn't implement OAuth endpoints.
Configuration
In ~/.claude.json:
{
"mcpServers": {
"youtrack": {
"type": "http",
"url": "https://example.com/",
"headers": {
"Authorization": "Bearer <token>"
}
}
}
}
Expected behavior
Claude Code should use the configured Authorization header directly when communicating with the MCP server, without attempting an OAuth flow.
Actual behavior
Claude Code attempts an OAuth flow against the server URL, which fails with:
SDK auth failed: HTTP 404: Invalid OAuth error response: SyntaxError: JSON Parse error: Unrecognized token '<'.
The server responds with a 404 HTML page because it has no OAuth endpoints — it only supports Bearer token auth via headers.
Notes
- This worked correctly in previous sessions/versions.
- The MCP server itself is fully functional — manually sending JSON-RPC requests with the Bearer token header works fine.
- The server uses the Streamable HTTP transport (MCP protocol version 2025-11-25).
Workaround
Manually calling the MCP server via curl with the configured Bearer token and session management works as expected.
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗