Skip to content

Do not initiate redundant MCP OAuth Flows per server #2036

New issue
New issue
Open
Feature
Open
Do not initiate redundant MCP OAuth Flows per server#2036
Feature
Labels
triage
@gattimassimo

Description

@gattimassimo
gattimassimo
opened on Mar 14, 2026

Describe the feature or problem you'd like to solve

When using multiple mcp servers which use the same client id, the user should be only prompted for auth once

Proposed solution

Proposed solution:
Token deduplication: Before initiating a new OAuth flow, check if an existing valid token in the cache satisfies the requested (audience, scopes) — if so, reuse it. This would reduce N browser prompts to 1.

Verifier cleanup: On startup, remove any .verifier files whose corresponding token is absent or expired, rather than treating them as in-progress flows.

User feedback: If an OAuth flow does time out, surface a clear error message indicating which server failed and provide the remediation command.

How will it benefit?
Github copilot CLI users will experience less auth prompts when multiple mcp servers with the same clientId are configured.

Please refer to: microsoft/work-iq#66

Example prompts or workflows

  1. Add 10 mcp servers to the mcp.json which use the same clientId.
  2. Start GH Copilot CLI
  3. The user will see 10 browser tabs popping up and will have to complete the auth flow for 10 tabs

Additional context

More details are captured in this issue:
microsoft/work-iq#66

Metadata

Metadata

Assignees

No one assigned

    Labels

    triage

    Type

    Feature

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions