Description
When connecting to a remote MCP server that uses an external authorization server (like Auth0), OpenCode fails with:
HTTP 401 trying to load well-known OAuth metadata
The issue is that OpenCode tries to fetch OAuth metadata directly from the MCP server instead of using the authorization_servers URL from the protected resource metadata response.
This same setup works fine with Claude Code, which correctly follows the two-step discovery flow.
Related issues:
Plugins
None
OpenCode version
1.0.220
Steps to reproduce
- Configure an MCP server with:
{
"mcp": {
"example-server": {
"type": "remote",
"url": "https://mcp-gateway.example.com/example-server"
}
}
}
- Verify the protected resource metadata works:
$ curl https://mcp-gateway.example.com/.well-known/oauth-protected-resource/example-server
{
"authorization_servers": ["https://example.auth0.com/"],
"resource": "https://mcp-gateway.example.com/example-server",
...
}
- Verify the authorization server metadata is accessible:
$ curl https://example.auth0.com/.well-known/oauth-authorization-server
{
"issuer": "https://example.auth0.com/",
"authorization_endpoint": "https://example.auth0.com/authorize",
"token_endpoint": "https://example.auth0.com/oauth/token",
...
}
- Run
opencode mcp auth example-server and observe it fails because it tries:
GET https://mcp-gateway.example.com/example-server/.well-known/oauth-authorization-server
instead of:
GET https://example.auth0.com/.well-known/oauth-authorization-server
Screenshot and/or share link
No response
Operating System
macOS 26.2
Terminal
Ghostty
Description
When connecting to a remote MCP server that uses an external authorization server (like Auth0), OpenCode fails with:
The issue is that OpenCode tries to fetch OAuth metadata directly from the MCP server instead of using the
authorization_serversURL from the protected resource metadata response.This same setup works fine with Claude Code, which correctly follows the two-step discovery flow.
Related issues:
Plugins
None
OpenCode version
1.0.220
Steps to reproduce
{ "mcp": { "example-server": { "type": "remote", "url": "https://mcp-gateway.example.com/example-server" } } }$ curl https://mcp-gateway.example.com/.well-known/oauth-protected-resource/example-server { "authorization_servers": ["https://example.auth0.com/"], "resource": "https://mcp-gateway.example.com/example-server", ... }$ curl https://example.auth0.com/.well-known/oauth-authorization-server { "issuer": "https://example.auth0.com/", "authorization_endpoint": "https://example.auth0.com/authorize", "token_endpoint": "https://example.auth0.com/oauth/token", ... }opencode mcp auth example-serverand observe it fails because it tries:instead of:
Screenshot and/or share link
No response
Operating System
macOS 26.2
Terminal
Ghostty