GitHub MCP returns 403 "not authorized to use this Copilot feature" on Claude Code web; OAuth fallback renders misleading "Server Turned Down → Google Drive" page

Resolved 💬 3 comments Opened May 17, 2026 by timburk108 Closed Jun 16, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

GitHub MCP returns 403 "not authorized to use this Copilot feature" on Claude Code web; OAuth fallback renders misleading "Server Turned Down → Google Drive" page

What Should Happen?

Summary

On Claude Code on the web, the GitHub MCP server's HTTP endpoint reproducibly returns HTTP 403 "unauthorized: not authorized to use this Copilot feature". Claude Code interprets the 403 as "authentication required" and starts an OAuth flow, but the OAuth authorize page renders a generic "Server Turned Down" error page (pointing, misleadingly, at Google Drive) and the flow ends in Authentication timeout. Net effect: the GitHub MCP cannot be authenticated or used at all from web sessions.

Environment

  • Claude Code 2.1.143 (Claude Code on the web, remote/cloud execution environment, remote_mobile)
  • GitHub MCP server, HTTP transport, hosted under https://api.anthropic.com/v2/ccr-sessions/<SESSION>/github/mcp
  • Node v24.3.0, Linux
  • gh CLI is not installed in the environment (command -v gh → not found) → no CLI fallback for GitHub operations

Steps to reproduce

  1. In a Claude Code web session, let any GitHub MCP tool initialize (or call the GitHub MCP authenticate flow).
  2. Observe the MCP connection attempt to the /github/mcp endpoint.
  3. Open the resulting OAuth authorization URL (https://api.anthropic.com/authorize?...) in a browser.

Expected

GitHub MCP connects (or the OAuth consent screen appears and the flow completes, redirecting to localhost:<port>/callback?code=...).

Actual

  1. The MCP HTTP POST fails immediately with:

Streamable HTTP error: Error POSTing to endpoint: unauthorized: not authorized to use this Copilot feature (code: 403)

  1. Claude Code treats this as "authentication required" and starts an OAuth flow. OAuth metadata returns scope: NONE ("No scopes available from URL or metadata").
  2. The api.anthropic.com/authorize page renders a static page:

> Server Turned Down
> This MCP server has been turned down. Please use https://drivemcp.googleapis.com/mcp/v1 instead — connect via Google Drive in the Claude directory.

  1. The flow ends with Authentication timeout.

The Google Drive reference is unrelated to GitHub and appears to be a generic/templated fallback page rendered when the underlying MCP is unavailable/unauthorized for the account. It is not an actionable instruction.

Root cause (likely)

The headline error is a 403 entitlement failure, not an OAuth-flow bug: the account/session is "not authorized to use this Copilot feature" (GitHub's MCP is Copilot-backed). The OAuth flow and the "Server Turned Down" page are downstream symptoms of the 403, not the cause. This points at an account/org feature-entitlement problem, not a transient outage.

Error log (redacted)

Error Messages/Logs

[2026-05-17T11:04:58.432Z] HTTP Connection failed after 495ms:
Streamable HTTP error: Error POSTing to endpoint:
unauthorized: not authorized to use this Copilot feature
(code: 403, errno: none)
[2026-05-17T11:04:58.432Z] Authentication required for HTTP server
[2026-05-17T11:07:18.818Z] Fetched OAuth metadata with scope: NONE
[2026-05-17T11:07:19.015Z] No scopes available from URL or metadata
[2026-05-17T11:12:18.822Z] Error during auth completion: Authentication timeout
[2026-05-17T11:12:18.822Z] OAuth flow failed after tool-triggered start: Authentication timeout

[2026-05-17T11:28:38.392Z] HTTP Connection failed after 270ms:
Streamable HTTP error: Error POSTing to endpoint:
unauthorized: not authorized to use this Copilot feature
(code: 403, errno: none)

Steps to Reproduce

Reproducibility

100% reproducible across multiple independent attempts and two distinct freshly server-generated OAuth URLs (different callback ports, state, and PKCE challenge). Not flaky.

Impact

  • GitHub MCP authentication can never complete from web sessions.
  • All GitHub MCP tools are unusable (e.g. cannot open PRs).
  • No fallback: gh CLI is absent in the web environment.
  • Work itself is safe (git commit/push over HTTPS works normally); only the GitHub-MCP-dependent steps of automated workflows are blocked.

Workarounds tried

  • Regenerated the OAuth URL via the sanctioned authenticate flow multiple times — same 403 / same "Server Turned Down" page.
  • Checked for gh CLI fallback — not installed.

Suggested investigation

  • Check the GitHub-MCP / Copilot feature entitlement for the affected account/org (session and account identifiers available privately on request — not posted here for security).
  • Separately: the OAuth authorize page rendering an unrelated "use Google Drive" body for a GitHub MCP failure is itself a misleading-error-message bug worth fixing.

Claude Model

Opus

Is this a regression?

Yes, this worked in a previous version

Last Working Version

_No response_

Claude Code Version

Claude Code 2.1.143.

Platform

Anthropic API

Operating System

Other

Terminal/Shell

Other

Additional Information

_No response_

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗