[BUG] MCP OAuth tokens not persisted to disk — re-authentication required every session

Resolved 💬 2 comments Opened Jun 13, 2026 by egoldy Closed Jun 13, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

Describe the bug
After completing an OAuth flow for any HTTP MCP server, the access token is
never written to ~/.claude/.credentials.json. The file's accessToken field
remains an empty string and the file's modification timestamp does not change
after a successful auth exchange.
This affects every OAuth-based MCP server, not just one specific server.

What Should Happen?

Expected behavior
Token should be saved to .credentials.json and reused across sessions.
Actual behavior
Token is held in memory only. Every new session prompts for re-authentication.
Environment

  • Claude Code version: 2.1.172
  • OS: macOS 25.5.0
  • Affected MCP servers: all OAuth-based HTTP MCPs (tested with Letterly,

Feedspace, Recall, Dropbox, Graph8, Reap, Twinmind)

Error Messages/Logs

Makes me relogin/ reauthenticate

Steps to Reproduce

To reproduce

  1. Add any OAuth-based HTTP MCP server to ~/.claude/mcp.json
  2. Start a Claude Code session and authenticate via authenticate +

complete_authentication

  1. Confirm the MCP works in the current session
  2. Check ~/.claude/.credentials.jsonaccessToken is still ""
  3. Start a new session — re-authentication is required again

Claude Model

None

Is this a regression?

Yes, this worked in a previous version

Last Working Version

_No response_

Claude Code Version

2.1.172 (Claude Code).

Platform

Anthropic API

Operating System

macOS

Terminal/Shell

Terminal.app (macOS)

Additional Information

_No response_

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗