[BUG] Can't Authenticate With Notion MCP

Resolved 💬 12 comments Opened Apr 24, 2026 by t-rad679 Closed May 6, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

I start by running claude and doing /mcp. I think click on notion and click Authenticate. I get to the first Notion page for granting permissions, check the box for redirecting to localhost, and click continue. The browser goes to a new page that just says the redirect_uri is Invalid. In CC in the terminal, it has a message about, if there's a redirect error, to copy the URL and paste it there, so I copy the entire URL out of the URL bar on the page that says Invalid redirect_uri. When I paste that in CC, it goes back to the main Notion MCP page with the option to Authenticate or Disable, except above the options it says OAuth state mismatch - possible CSRF attack. Note that I also tried copying the redirect_uri query parameter, which is itself a whole URL pointing to localhost and opening it in a separate browser window. When I do that, it simply hangs and never does anything.

I've already confirmed that I'm using the correct Notion and Claude accounts...it's the same account for Claude in the browser and the terminal, updated Chrome, restarted CC, and cleared site data for notion.com and notion.so. I also tried it in an incognito window where I was not logged into Claude at all.

What Should Happen?

CC should authenticate with Notion MCP and be able to use it.

Error Messages/Logs

Steps to Reproduce

  1. Run claude
  2. Give prompt /mcp
  3. Select Authenticate
  4. In the browser tab that opens, select the checkbox to allow redirect and click continue
  5. See that it shows the Invalid redirect_uri page
  6. Copy the URL from the URL bar and paste it in CC in the terminal
  7. See that it goes back to the main Notion MCP Server page with the message OAuth state mismatch - possible CSRF attack

Claude Model

Opus

Is this a regression?

Yes, this worked in a previous version

Last Working Version

_No response_

Claude Code Version

2.1.119

Platform

Anthropic API

Operating System

macOS

Terminal/Shell

iTerm2

Additional Information

_No response_

View original on GitHub ↗

This issue has 12 comments on GitHub. Read the full discussion on GitHub ↗