[BUG] Issue with OAuth based connectivity

Resolved 💬 3 comments Opened Aug 28, 2025 by conikeec Closed Aug 31, 2025

Environment

  • Platform (select one):
  • [x] Anthropic API
  • [ ] AWS Bedrock
  • [ ] Google Vertex AI
  • [X ] Other: Claude Code
  • Claude CLI version: 1.0.95 (Claude Code)
  • Operating System: macOS Tahoe v26.0 Beta
  • Terminal: iTerm2

Bug Description

Since the last 15 hrs I am not able to get OAuth to function.

claude mcp add --transport http grepos-mcp https://xxx.ngrok.app/mcp/grepos --header ""Authorization:Bearer ..."

Claude Code Issue: Bearer Token Authentication Ignored

Summary

Claude Code ignores the --header "Authorization: Bearer ..." parameter and forces OAuth discovery instead of using the provided Bearer token for MCP server authentication.

Expected Behavior

When a Bearer token is provided via --header "Authorization: Bearer <token>", Claude Code should:

  1. Use the Bearer token for authentication
  2. Skip OAuth discovery and flows
  3. Connect directly to the MCP server with the token

Actual Behavior

Claude Code:

  1. Ignores the provided Bearer token completely
  2. Auto-discovers OAuth configuration from /.well-known/oauth-protected-resource
  3. Forces OAuth flow even when Bearer token is available
  4. Attempts Dynamic Client Registration (DCR) with its own client credentials
  5. Fails when DCR is not properly configured on the authorization server

Steps to Reproduce

  1. Generate a valid Bearer token for an MCP server that supports both OAuth and Bearer token auth
  2. Add MCP server using: claude mcp add <server-name> <server-url> --header "Authorization: Bearer <valid-token>"
  3. Attempt to connect to the server
  4. Observe that Claude Code ignores the Bearer token and attempts OAuth flow

Environment

  • Claude Code CLI version: [current version]
  • MCP server: Custom implementation with OAuth 2.1 + Bearer token support
  • OS: macOS

Impact

This prevents Claude Code from connecting to MCP servers that:

  • Provide Bearer tokens as an authentication method
  • Have OAuth configured but prefer Bearer token auth for certain clients
  • Have DCR not fully configured or available

Workaround

None available - Claude Code cannot connect to such servers currently.

Expected Fix

Claude Code should respect the --header parameter and use Bearer tokens when provided, only falling back to OAuth discovery when no authentication headers are specified.

Has anything changed since yesterday?

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗