Claude Code Fixes MCP OAuth Token Race: No More Daily Re-Authentication with Multiple Servers
Claude CodeClaude Code 2.1.136 resolves a persistent pain point for developers running multiple remote MCP servers: OAuth refresh tokens were being lost when several servers attempted to refresh concurrently, forcing users into daily browser re-authentication loops. The fix ensures that concurrent token refreshes no longer overwrite each other, making MCP-integrated workflows substantially more stable. A separate related fix also resolves a rare login loop where a concurrent credential write could overwrite a freshly-rotated user OAuth token.
Sources & Mentions
4 external resources covering this update
MCP OAuth Reliability: Ending the Daily Re-Authentication Loop
For developers who rely on remote MCP servers β Figma, Notion, GitHub, or custom enterprise integrations β one of the most disruptive recurring issues has been OAuth token expiration requiring manual re-authentication. Claude Code 2.1.136 ships two fixes that directly address this.
The Root Cause: Concurrent Refresh Token Races
When Claude Code runs multiple remote MCP servers simultaneously, each server manages its own OAuth token lifecycle. If two or more servers happen to refresh their tokens at the same time, a race condition could cause one server's refresh to overwrite another's credentials. Once a refresh token is consumed (single-use by OAuth design), the overwritten token becomes invalid, and the affected server falls into a "needs re-authentication" state on every session start.
This was a particularly severe problem for teams using Claude Code with several MCP integrations simultaneously β the more servers connected, the higher the probability of a collision, and the more frequently users were forced through browser OAuth flows.
What the Fix Changes
The 2.1.136 release adds proper cross-process coordination to MCP OAuth token refreshes. Concurrent refreshes from multiple servers are now serialized correctly, preventing one refresh from clobbering another's token state. The practical result: users with several remote MCP servers should no longer need daily re-authentication.
The Companion Fix: User Login Loop
The same release also fixes a distinct but related issue: a rare login loop affecting Claude Code's own authentication (not MCP servers) where a concurrent credential write β also a timing-based race β could overwrite a freshly-rotated OAuth token during normal use, forcing a full re-login. Both issues share the same underlying failure mode (concurrent writes to shared credential storage) and are resolved in this release.
Context: A Long-Standing Community Pain Point
MCP OAuth token persistence has been one of the most-reported issues in the Claude Code GitHub repository, with multiple tracked issues documenting re-authentication required multiple times per day, token expiry on session restart, and failures when running multiple terminal windows concurrently. This fix addresses the concurrent-refresh variant β one of the most common triggers.