Has anyone run into this with the Home Assistant MCP server?
I previously connected successfully using Claude locally with a long-lived token. Now I’m trying to use Claude’s Connectors framework (so that its available from anywhere, not just my pc) which requires OAuth.
I also tested with MCP Introspector and see the same behavior, so this doesn’t appear to be Claude-specific.
In addition to this I also tried the SSE endpoint at https://ha.myserver.com/mcp_server/sse which again gives the exact same results.
Any ideas what could cause HA to drop /auth from the authorization URL?
So, I found some things out, which solved this direct issue, but not fully.
If your “Home Assistant URL” does not match the url that you are connecting to, the .wellknown lacks an issuer. This is what caused this error.
Thus, the problem this this exact issue is:
Set your Home Assistant URL (Settings → System → Network - Home Assistant URL) to be the one that you are trying to connect to using MCP.
Previously mine was set to my internal Tailscale powered url, which is the one I usually use to connect.
This did not solve the issue for me fully though. Now I can authenticate, but instead get the following error from Claude:
Error connecting to the MCP server.
Please confirm that you have permission to access the service, that you're using the correct credentials, and that your server handles auth correctly.
(McpAuthorizationError: Your account was authorized but the integration rejected the credentials, so the connection was reverted. Try connecting again.
That’s def a problem… I don’t want my external addr to be hit by auth. It should allow anything in the known endpoints or be specifically configurable. And I’m doing the exact same thing… Split DNS and internal domain is not externally addressable. Now I know why I kept getting 404’d
Open a bug I’ll jump on. Meanwhile Ill have to use one of the HACS integrations.
HA’s Long lived tokens works great. I have been using that for a while and it works.
For connecting with Claude that only works when using Claude Desktop though, and using a local mcp proxy do to the connection.
For Claude.AI (as well as ChatGPT “Apps”, and likely other AI solutions) only OAuth is supported. Its not possible to hardcode a bearer token.
I did some more digging, and realized that HA OAuth is missing a lot of standards that are needed for MCP. I used Cloudflare to inject some of these manually into the flow at the edge, which allowed me to get it working with ChatGPT using OAuth.
Fundamentally, I think in order for this to work properly the whole OAuth flow would have to be updated to follow proper standards. I am however not qualified to say which standards those are or what caveats go into doing this.
Allen has already looked into the ticket. (I cannot confirm nor deny they may be looking at exactly that) And you’re absolutely correct. It would be very helpful if you put your findings there. I’ll grab the traces I took if they add to your notes.
Im have no idea how your specific Integration works, i’ve started to see “ghost” everywhere , Do to the pre-generated-pre-populated at start-up loaded Overview, everything there is loaded, before login/auth ( If im not wrong )
, Do to the pre-generated-pre-populated at start-up loaded Overview, everything there is loaded, before login/auth ( If im not wrong )