Describe the bug
When an HTTP MCP server is configured in .mcp.json with "type": "http" and "headers": { "Authorization": "Bearer " }, the CLI attempts OAuth discovery
(/.well-known/oauth-authorization-server
) and fails with:
MCPOAuthError: Failed to discover authorization server metadata
The CLI does not fall back to using the provided Bearer token from headers, causing a hard auth failure even though valid credentials are present in the config.
Affected version
No response
Steps to reproduce the behavior
- Configure the mcp config for server which using custom token authorization
- Run /mcp
- Select the configured server
- Pay attention to the error
Actual behavior: Hard fail on OAuth discovery, server stays disabled.
Expected behavior
Expected behavior: If OAuth discovery fails and headers contains Authorization: Bearer, the CLI should skip OAuth and proceed to MCP initialize using the provided token.
Additional context
Workaround: Manually enabling the server via /mcp enable bypasses OAuth discovery and connects successfully using the Bearer token.
MCP spec reference: OAuth is optional — clients should fall back to configured credentials when authorization server metadata is not found.
Describe the bug
When an HTTP MCP server is configured in .mcp.json with "type": "http" and "headers": { "Authorization": "Bearer " }, the CLI attempts OAuth discovery
(/.well-known/oauth-authorization-server
) and fails with:
MCPOAuthError: Failed to discover authorization server metadata
The CLI does not fall back to using the provided Bearer token from headers, causing a hard auth failure even though valid credentials are present in the config.
Affected version
No response
Steps to reproduce the behavior
Actual behavior: Hard fail on OAuth discovery, server stays disabled.
Expected behavior
Expected behavior: If OAuth discovery fails and headers contains Authorization: Bearer, the CLI should skip OAuth and proceed to MCP initialize using the provided token.
Additional context
Workaround: Manually enabling the server via /mcp enable bypasses OAuth discovery and connects successfully using the Bearer token.
MCP spec reference: OAuth is optional — clients should fall back to configured credentials when authorization server metadata is not found.