[Bug] plugin:slack OAuth flow never triggers — SSE endpoint 302-redirects instead of returning 401

Resolved 💬 3 comments Opened Apr 18, 2026 by hyunwoosongHCG Closed Apr 22, 2026

Summary

The official Slack plugin (slack@claude-plugins-official) fails to connect with Failed to reconnect to plugin:slack:slack and the OAuth browser flow is never triggered. Root cause appears to be that Slack's MCP SSE endpoint returns a 302 redirect instead of a 401 with WWW-Authenticate, so the Claude Code MCP client never reaches OAuth discovery.

Environment

  • Claude Code: 2.1.114
  • Platform: macOS (Darwin 24.3.0)
  • Plugin: slack@claude-plugins-official (commit 96276205880a)
  • Plugin .mcp.json:

``json
{ "slack": { "type": "sse", "url": "https://mcp.slack.com/sse" } }
``

Steps to Reproduce

  1. claude plugin install slack@claude-plugins-official
  2. Restart Claude Code
  3. /mcp → select slack → attempt Authenticate

Expected

Browser opens for Slack OAuth consent.

Actual

  • /mcp shows Failed to reconnect to plugin:slack:slack
  • Browser never opens
  • claude mcp list reports plugin:slack:slack: https://mcp.slack.com/sse (SSE) - ✗ Failed to connect

Diagnosis

Requesting the SSE endpoint directly:

$ curl -sI https://mcp.slack.com/sse
HTTP/2 302
location: https://mcp-9827.slack.com/sse

The redirect target (mcp-9827.slack.com, team "My Cooking Party") returns a Slack sign-in HTML page, not an MCP response. OAuth discovery endpoints are reachable and valid:

  • https://mcp.slack.com/.well-known/oauth-authorization-server
  • https://mcp.slack.com/.well-known/oauth-protected-resource

So the OAuth metadata is published correctly, but the MCP client doesn't reach the unauthenticated-request challenge because the SSE endpoint redirects instead of returning 401 + WWW-Authenticate. The result: OAuth flow never starts, browser never opens.

Suggested Fix

Either:

  • The plugin's .mcp.json should point at an endpoint that returns the proper 401 challenge, or
  • The Claude Code MCP client should fall back to /.well-known/oauth-* discovery when an SSE endpoint responds with a non-401, non-200 status.

Workaround

None locally. Plugin disabled via claude plugin disable.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗