[Bug] MCP HTTP SDK crashes on non-JSON OAuth discovery responses

Resolved 💬 1 comment Opened Apr 22, 2026 by joshpgunning Closed Apr 22, 2026

Bug Description
MCP HTTP SDK hard-fails on non-JSON bodies from OAuth-flow requests (regression in 2.1.117) Summary The MCP HTTP client in Claude Code 2.1.117 crashes the entire connection whenever an OAuth-flow request returns a response body that isn't JSON. It attempts JSON.parse() on the body unconditionally and propagates the SyntaxError as a fatal SDK auth failed error. This breaks connections to: - Servers that deliberately do not implement OAuth (404 Not Found on /.well-known/oauth-protected-resource) — should proceed unauthenticated per RFC 9728 - OAuth-capable servers fronted by CDNs (CloudFront) that return HTML error pages for blocked request methods The error surface is the same in both cases: Invalid OAuth error response: SyntaxError: JSON Parse error: ... Raw body: <...>. Severity High — renders any HTTP MCP server unreachable if it returns non-JSON on any OAuth-related request. In my setup this blocked 3 MCP servers that previously worked. Environment - Claude Code: 2.1.117 (native install) - Platform: macOS 15.4 (darwin 25.4.0) - Installed via: native …
Note: Content was truncated.

View original on GitHub ↗

This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗