Notion MCP authorize flow redirects to Google OAuth instead of Notion (Cloud Routines)

Resolved 💬 3 comments Opened Apr 22, 2026 by riku910 Closed Apr 25, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

Summary

Calling mcp__Notion__authenticate in a Cloud Routines session returns an authorize URL at https://api.anthropic.com/authorize?..., but opening it in a browser redirects to a Google OAuth consent screen (accounts.google.com/signin/oauth/id), not Notion. The callback comes back with Google Drive scopes (drive.readonly, drive.file, userinfo.email, openid). mcp__Notion__complete_authentication accepts the callback and returns "Authentication complete", but the Notion MCP server disconnects immediately after and no Notion tools (notion-fetch, notion-search, notion-create-pages, etc.) surface.

Environment

  • Product: Claude Code, Cloud Routines session
  • Claude Code version: 2.1.117
  • Session UUID: cse_01Ht5ETfPV4Y8GGC6vqVCApc
  • Date: 2026-04-22
  • MCP server URL:

https://api.anthropic.com/v2/ccr-sessions/cse_01Ht5ETfPV4Y8GGC6vqVCApc/mcp?mcp_url=https%3A%2F%2Fmcp.notion.com%2Fmcp&mcp_server_id=16f44676-081a-56c6-b236-c17abf1c4603&toolbox_mcp_server_id=0b1e1bfd-e1d4-4020-ac67-c315f9e5ba86

Evidence

  • Intermediate redirect URL observed: https://accounts.google.com/signin/oauth/id?...&client_id=25663159623-1soas5jk7k62d6tni7oulrjeib95j4dc.apps.googleusercontent.com — an Anthropic-owned Google Cloud client ID, not Notion.
  • Callback scope param contained only Google scopes (drive.readonly, drive.file, userinfo.email, openid) — no Notion scope.
  • Retried 2× with fresh authorize URLs (distinct client_id and state) — identical behavior.
  • Incognito window (no extensions) — identical behavior, so not a browser/client issue.
  • Other MCP servers in the same session (Slack, GitHub) authenticate and expose tools normally.

Impact

Blocks any non-interactive Notion usage in Cloud Routines. A scheduled content-generation routine that reads from Notion databases (learning signals, templates, dedup) and writes pages back cannot proceed past its learning-signals step and terminates via notify-error.ts.

Workaround

None for MCP. Considering migration to direct Notion API (NOTION_TOKEN secret) to eliminate MCP OAuth dependency entirely.

What Should Happen?

Calling mcp__Notion__authenticate should return an authorize URL that, when opened, redirects the user to Notion's OAuth consent screen (e.g. www.notion.so integration install page), not Google's. After the user approves, the callback should return a Notion-scoped authorization code. mcp__Notion__complete_authentication should then exchange it for a Notion access token, and the Notion MCP server should stay connected with tools like notion-fetch, notion-search, and notion-create-pages available via ToolSearch.

Error Messages/Logs

# After completing OAuth (which actually consents Google, not Notion):
mcp__Notion__complete_authentication response:
  "Authentication complete for Notion. The server's tools should now be available."

# Immediately after, ToolSearch for Notion tools returns:
system-reminder:
  "The following deferred tools are no longer available (their MCP server disconnected).
   Do not search for them — ToolSearch will return no match:
   mcp__Notion__authenticate
   mcp__Notion__complete_authentication"

# Callback URL received (note Google-only scopes):
http://localhost:62974/callback?code=354c878a807f1ef0e83f55f6b56065597af6d380386522cc16a68d3f95c031e6
  &state=tbW8Cv43weP9tH5ZrsU5W4s6l9xO1t8C5ei7z-nb7J0
  &scope=email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive.readonly
         +https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive.file
         +https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+openid

# Intermediate redirect URL (Google, not Notion):
https://accounts.google.com/signin/oauth/id?authuser=0
  &client_id=25663159623-1soas5jk7k62d6tni7oulrjeib95j4dc.apps.googleusercontent.com
  &flowName=GeneralOAuthFlow
  ...

Steps to Reproduce

  1. Start a Cloud Routines session that has Notion MCP installed but unauthenticated

(~/.claude/mcp-needs-auth-cache.json contains {"Notion": {...}} at session start).

  1. Call the deferred tool mcp__Notion__authenticate (no args).

Response:
"Ask the user to open this URL in their browser to authorize the Notion MCP server:
https://api.anthropic.com/authorize?response_type=code&client_id=<uuid>
&code_challenge=<...>&code_challenge_method=S256
&redirect_uri=http%3A%2F%2Flocalhost%3A<port>%2Fcallback
&state=<...>"

  1. Open that URL in a regular browser AND in an Incognito window (no extensions).

Both times the URL redirects to:
https://accounts.google.com/signin/oauth/id?...
&client_id=25663159623-1soas5jk7k62d6tni7oulrjeib95j4dc.apps.googleusercontent.com
&flowName=GeneralOAuthFlow
— a Google OAuth consent screen, NOT the Notion integration install page.

  1. Sign in with a Google account and approve. Browser redirects to:

http://localhost:<port>/callback?code=<code>&state=<state>
&scope=email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive.readonly
+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive.file
+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+openid
(page fails to load — expected, copy the URL from the address bar).

  1. Call mcp__Notion__complete_authentication with that full callback URL.

Response: "Authentication complete for Notion. The server's tools should now be available."

  1. Call ToolSearch with query "+notion" (or select:mcp__Notion__fetch,

mcp__Notion__search, mcp__Notion__notion-create-pages).
Result: "No matching deferred tools found", and a system-reminder confirms
the Notion MCP server disconnected.

Repeatable: tried 2 times back-to-back with different authorize URLs. Same result.
Other MCP servers (Slack, GitHub) in the same session authenticate and expose tools
normally, so the issue is specific to the Notion MCP authorize flow.

Claude Model

Opus

Is this a regression?

Yes, this worked in a previous version

Last Working Version

_No response_

Claude Code Version

2.1.117 (Claude Code)

Platform

Anthropic API

Operating System

macOS

Terminal/Shell

Terminal.app (macOS)

Additional Information

Triggering environment: Cloud Routines on Anthropic-hosted infra.

MCP server URL used by this session:
https://api.anthropic.com/v2/ccr-sessions/cse_01Ht5ETfPV4Y8GGC6vqVCApc/mcp
?mcp_url=https%3A%2F%2Fmcp.notion.com%2Fmcp
&mcp_server_id=16f44676-081a-56c6-b236-c17abf1c4603
&toolbox_mcp_server_id=0b1e1bfd-e1d4-4020-ac67-c315f9e5ba86

Hypothesis: the /v2/ccr-sessions/<uuid>/mcp?mcp_url=... endpoint is federating the
OAuth request to Google's authorize endpoint (possibly a misconfigured default
identity provider) instead of proxying to Notion's OAuth (mcp.notion.com/authorize).
The Google client_id (25663159623-...apps.googleusercontent.com) looks like an
Anthropic-owned Google Cloud project rather than anything Notion-related.

Impact: any Cloud Routines task requiring Notion read/write fails. Our
generation routine now terminates at Step 3 (learning signals fetch) via
notify-error.ts.

Repro is consistent — 2/2 attempts with fresh authorize URLs end up at
Google's consent screen.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗