/mcp list view shows "connected" for HTTP MCP servers that lack valid OAuth — auth state not surfaced
Summary
The /mcp server list shows a "✓ connected" status that reflects only handshake reachability, not authentication state. An HTTP MCP server with invalid or missing OAuth credentials still renders as "connected" in the list, even though the model cannot use any of its tools. The detail view's Auth: ✗ not authenticated line is the only place the real state surfaces.
Environment
- Claude Code: 2.1.119
- macOS: 26.4 (Build 25E246)
- Affected: all HTTP MCP servers whose
initializemethod doesn't require auth. Observed with Granola (https://mcp.granola.ai/mcp).
Observed behavior
- HTTP MCP server is configured in
~/.claude.jsonundermcpServers. - OAuth access token in the
Claude Code-credentialskeychain item expires and the refresh flow silently fails (or themcpOAuthentry is absent entirely). - User asks the model to use a tool from that server.
- Model correctly reports that the MCP is unavailable (its tools never loaded into the session manifest).
- User runs
/mcpand the list view shows the server as "✓ connected". - Opening the server's detail view shows
Auth: ✗ not authenticated. - Restarting Claude Code does not change the list-view status.
Expected
The list-view status should reflect whether the server is usable end-to-end, not just whether the URL is reachable. At minimum, the list should visually distinguish "connected + authenticated" from "connected but auth broken".
Actual
List status appears to be derived from handshake reachability alone and does not incorporate auth state. A user scanning /mcp has no way to tell which servers are actually usable without drilling into each server's detail view.
Evidence that list-view status is decoupled from auth
- Deleted the Granola
mcpOAuthentry from theClaude Code-credentialskeychain item so no OAuth state remained. - Started a fresh Claude Code session.
/mcplist view still showed Granola as "✓ connected".- Granola detail view correctly showed
Auth: ✗ not authenticated. - Model's tool manifest contained zero
mcp__granola__*tools for the session.
Suggested fix
Surface auth state in the list view. Possible forms:
- Combined glyph:
✓ ready/⚠ auth required/✗ unreachable - Secondary label:
granola · ✓ connected · ⚠ auth required - Don't render "connected" when any step required for tool availability has failed.
Additionally, consider auto-triggering the OAuth re-prompt when a configured server's access token has expired and refresh has failed, rather than leaving it in a silently-unusable state until the user discovers it manually.
This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗