WARNING: THIS SITE IS A MIRROR OF GITHUB.COM / IT CANNOT LOGIN OR REGISTER ACCOUNTS / THE CONTENTS ARE PROVIDED AS-IS / THIS SITE ASSUMES NO RESPONSIBILITY FOR ANY DISPLAYED CONTENT OR LINKS / IF YOU FOUND SOMETHING MAY NOT GOOD FOR EVERYONE, CONTACT ADMIN AT ilovescratch@foxmail.com
Skip to content

MCP Oauth - auth() always returns "redirect" with valid token for GitHub MCP #10899

New issue
New issue
Open
#10913
Open
MCP Oauth - auth() always returns "redirect" with valid token for GitHub MCP#10899
#10913
Assignees
aayush-kapoor
Labels
ai/mcpsupport
@yaqi-lyu

Description

@yaqi-lyu
yaqi-lyu
opened on Dec 5, 2025

Description

When I call the auth() function with a valid token for GitHub MCP, it always returns "redirect" not authorized.

After investigating, I found that the problem occurs in refreshAuthorization.

ai/packages/mcp/src/tool/oauth.ts

Lines 740 to 778 in 2f25798

const headers = new Headers({
'Content-Type': 'application/x-www-form-urlencoded',
});
const params = new URLSearchParams({
grant_type: grantType,
refresh_token: refreshToken,
});
if (addClientAuthentication) {
addClientAuthentication(headers, params, authorizationServerUrl, metadata);
} else {
const supportedMethods =
metadata?.token_endpoint_auth_methods_supported ?? [];
const authMethod = selectClientAuthMethod(
clientInformation,
supportedMethods,
);
applyClientAuthentication(authMethod, clientInformation, headers, params);
}
if (resource) {
params.set('resource', resource.href);
}
const response = await (fetchFn ?? fetch)(tokenUrl, {
method: 'POST',
headers,
body: params,
});
if (!response.ok) {
throw await parseErrorResponse(response);
}
return OAuthTokensSchema.parse({
refresh_token: refreshToken,
...(await response.json()),
});
}

When calling refreshAuthorization with GitHub Copilot’s OAuth refresh endpoint:

The request succeeds (HTTP 200), but the library throws:

SyntaxError: Unexpected token 'a', "access_tok"... is not valid JSON

Logging the raw response shows:
access_token=ghu_...&expires_in=28800&refresh_token=ghr_...&token_type=bearer

The final request headers:
{ "content-type": "application/x-www-form-urlencoded" }
The full request URL:
https://github.com/login/oauth/access_token

AI SDK Version

"@ai-sdk/mcp": "^0.0.8"

Code of Conduct

  • I agree to follow this project's Code of Conduct

Metadata

Metadata

Assignees

Labels

ai/mcpsupport

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions