[BUG] MCP OAuth tokens not persisted to disk — re-authentication required every session
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
Describe the bug
After completing an OAuth flow for any HTTP MCP server, the access token is
never written to ~/.claude/.credentials.json. The file's accessToken field
remains an empty string and the file's modification timestamp does not change
after a successful auth exchange.
This affects every OAuth-based MCP server, not just one specific server.
What Should Happen?
Expected behavior
Token should be saved to .credentials.json and reused across sessions.
Actual behavior
Token is held in memory only. Every new session prompts for re-authentication.
Environment
- Claude Code version: 2.1.172
- OS: macOS 25.5.0
- Affected MCP servers: all OAuth-based HTTP MCPs (tested with Letterly,
Feedspace, Recall, Dropbox, Graph8, Reap, Twinmind)
Error Messages/Logs
Makes me relogin/ reauthenticate
Steps to Reproduce
To reproduce
- Add any OAuth-based HTTP MCP server to
~/.claude/mcp.json - Start a Claude Code session and authenticate via
authenticate+
complete_authentication
- Confirm the MCP works in the current session
- Check
~/.claude/.credentials.json—accessTokenis still"" - Start a new session — re-authentication is required again
Claude Model
None
Is this a regression?
Yes, this worked in a previous version
Last Working Version
_No response_
Claude Code Version
2.1.172 (Claude Code).
Platform
Anthropic API
Operating System
macOS
Terminal/Shell
Terminal.app (macOS)
Additional Information
_No response_
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗