[BUG]

Resolved 💬 3 comments Opened Jun 2, 2026 by gotenxds Closed Jul 6, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

Claude Code CIMD metadata missing application_type: native

Claude Code's Client ID Metadata Document (CIMD) does not declare
application_type: native. Claude Code is a native application (CLI tool) and its metadata should
reflect this per OpenID Connect Dynamic Client Registration 1.0.

The absence of this field causes
our authorization server to reject Claude Code's authorization requests when
it uses a randomly assigned ephemeral port on a loopback redirect URI.

Claude Code's metadata document declares the following redirect URIs:

http://localhost/callback
http://127.0.0.1/callback

But sends the following (example) redirect url

redirect_uri=http://127.0.0.1:52163/callback

An overly strict authorization server performs exact string matching between the requested
redirect_uri and the registered ones. http://127.0.0.1:52163/callback does not match
http://127.0.0.1/callback, so the request is rejected with invalid_redirect_uri.

The authorization server should apply port-agnostic matching for loopback redirect URIs per
RFC 8252 §7.3. This matching is gated on the client declaring application_type: native.

With that field present, http://127.0.0.1:52163/callback correctly matches the registered
http://127.0.0.1/callback regardless of port.

While missing the application_type: native property is not strictly dissallowed by the RFC, overly strict enterprise servers that implements OpenID Connect Dynamic Client Registration and gates
RFC 8252 §7.3 loopback port-agnostic matching on application_type: native will reject Claude Code's authorization requests.
This affects all MCP integrations that rely on Claude Code's OAuth flow against such servers.

What Should Happen?

The client metadata should contain application_type: native per the RFC

Error Messages/Logs

Steps to Reproduce

  1. Have an auth server that blocks loopback port-agnostic matching for non native apps.
  2. Try and connect to it using CIMD

Claude Model

Not sure / Multiple models

Is this a regression?

No, this never worked

Last Working Version

_No response_

Claude Code Version

2.1.159

Platform

Anthropic API

Operating System

macOS

Terminal/Shell

Other

Additional Information

_No response_

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗