OAuth deprecation page misroutes deprecated GitHub MCP users to Drive
Summary
Hitting https://api.anthropic.com/authorize with the OAuth client_id=d99ed2e9-6bb8-439b-99e9-de29e2ba690e and redirect_uri=http://localhost:59515/callback returns a 200 OK with an HTML body titled "Server Turned Down" directing users to install Google Drive (https://claude.ai/directory/connectors/google-drive-drivemcp) as the replacement.
This client_id was previously associated with a working GitHub MCP server (used successfully for several PRs prior to the disconnect). Public third-party listings (PulseMCP) state the intended successor is the GitHub-team-maintained MCP server, not Drive. Drive is functionally unrelated to the deprecated GitHub MCP — no overlap in declared capabilities.
Cross-reported to security@anthropic.com.
Reproduction
curl -s "https://api.anthropic.com/authorize?response_type=code&client_id=d99ed2e9-6bb8-439b-99e9-de29e2ba690e&redirect_uri=http%3A%2F%2Flocalhost%3A59515%2Fcallback&state=x&code_challenge=y&code_challenge_method=S256"
Returns:
<!DOCTYPE html>
<html>
<head><title>Server Turned Down</title></head>
<body style="font-family: -apple-system, system-ui, sans-serif; max-width: 560px; margin: 4em auto; padding: 0 1em; color: #1f2937;">
<h1>Server Turned Down</h1>
<p>This MCP server has been turned down.</p>
<p>Please use <code>https://drivemcp.googleapis.com/mcp/v1</code> instead —
connect via <a href="https://claude.ai/directory/connectors/google-drive-drivemcp">Google Drive in the Claude directory</a>.</p>
</body>
</html>
Verification — registry-row-specific, not a generic fallback
| Test | client_id | redirect_uri | Response |
|------|-----------|--------------|----------|
| Original | d99ed2e9-… | localhost:59515/callback (registered) | 200 — Server Turned Down → Drive |
| Same client, wrong port | d99ed2e9-… | localhost:12345/callback | 400 Unregistered redirect_uri |
| All-zero UUID | 00000000-… | localhost:12345 | 400 invalid_client |
| All-F UUID | ffffffff-… | localhost:12345 | 400 invalid_client |
| Random UUID | a1b2c3d4-… | localhost:12345 | 400 invalid_client |
| No params | — | — | 400 invalid_request (Zod) |
| /token (GET) | — | — | 405 method_not_allowed |
| /v1/oauth/authorize | — | — | 404 not_found_error |
Conclusion: Only the registered tuple (d99ed2e9-…, localhost:59515/callback) returns the deprecation HTML. All other input shapes return standard OAuth error responses. This is a single misconfigured registry row, not a generic deprecation handler firing on unknown clients.
Origin verification
Response served via Cloudflare with valid Anthropic edge headers:
Server: cloudflareCF-RAY: 9f7a17de8ceb6415-LHRset-cookie: _cfuvid=...; Domain=api.anthropic.comx-envoy-upstream-service-time: 3x-powered-by: Expressstrict-transport-security: max-age=31536000; includeSubDomainsContent-Security-Policy: default-src 'none'; frame-ancestors 'none'
Confirms content originates upstream, not client-side or network-level. DNS resolved consistently via the system resolver and Google 8.8.8.8 to 160.79.104.10 (Cloudflare). Hosts file, system proxy, and browser extensions all verified clean on the reporting machine.
Recommendation
- Re-point the
replacement_connectorfield on this OAuth registration row to the correct GitHub successor MCP, or remove the deprecation page entirely if no successor is yet listed in the connector directory. - Consider adding a capability-overlap guardrail between deprecated server and proposed successor (e.g., the successor must share at least one declared tool category with the deprecated server). Today's Drive replacement shares zero tools with what the deprecated GitHub server exposed.
- Audit other deprecated OAuth client rows for similar misconfigurations.
Severity
Low–medium. No credential or token compromise path. User-visible effect is misdirection during MCP re-auth: a user expecting to re-establish a GitHub connection lands on a Drive connector page.
The pattern "deprecated MCP redirects users to a different MCP" is a phishing-shaped surface. Currently benign because the redirect target is a real Anthropic-hosted Google-developed connector, but it warrants stricter validation if an attacker could ever influence the replacement_connector field.
Environment
- OS: Windows 11 Home 10.0.26200
- Date observed: 2026-05-06
- Cross-reported to:
security@anthropic.com
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗