Strixa AI
TopicsSearchPricing
Sign inStart tracking

Signal Detail

Loading signal detail

Reading this signal card's judgment, risks, and evidence.

Strixa AI
TopicsSearchPricing
Sign inStart tracking
Back to Signal Feed
CodeTracked since May 20, 2026

LibreChat starts MCP OAuth flow before connect when tokens are missing

This fix changes MCP connection behavior for servers explicitly marked `requiresOAuth: true`: LibreChat now launches OAuth before attempting to connect, preventing a false "connected" state and subsequent tool-call failures for providers that accept anonymous handshakes but reject unauthenticated execution. It closes a real correctness gap where users reached a confusing dead-end after clicking Connect.

MCPConnectionFactory.createConnectionrequiresOAuthoauthRequiredoauthHandled

Signal Intelligence

Confidence Level97%
Worth Continued TrackingFinal score 81% with 1 evidence item.
Primary Impact Areas
MCPConnectionFactory.createConnectionrequiresOAuthoauthRequired

What Happened

  • This fix changes MCP connection behavior for servers explicitly marked `requiresOAuth: true`: LibreChat now launches OAuth before attempting to connect, preventing a false "connected" state and subsequent tool-call failures for providers that accept anonymous handshakes but reject unauthenticated execution. It closes a real correctness gap where users reached a confusing dead-end after clicking Connect.
  • This fix changes MCP connection behavior for servers explicitly marked `requiresOAuth: true`: LibreChat now launches OAuth before attempting to connect, preventing a false "connected" state and subsequent tool-call failures for providers that accept anonymous handshakes but reject unauthenticated execution. It closes a real correctness gap where users reached a confusing dead-end after clicking Connect.
  • 1 evidence item attached for review.

What is Different

Before

Scattered source updates, isolated context, and manual follow-up across multiple feeds.

Now

Introduces a proactive OAuth gate: in createConnection, when `serverConfig.requiresOAuth === true` and no stored tokens exist, LibreChat emits `oauthRequired` before `attemptToConnect()`, awaits `oauthHandled` to proceed or `oauthFailed` to return auth guidance, and restricts this path to explicit OAuth-required servers. This directly replaces reactive 401-triggered auth, removes misleading successful handshakes, and preserves existing OAuth handler flow.

Why Track This

Why It Matters

Teams using MCP tools such as Google BigQuery in LibreChat now get the OAuth login step during connect, so they no longer see a green connection followed by immediate "OAuth authentication required" when the first tool runs; authenticated calls become either available immediately after consent or fail early with a clear auth URL. This should reduce support friction and broken workflows, while operator monitoring should focus on callback failures, token-store behavior, and any repeated redirect loops for misconfigured OAuth apps or server URLs.

Impact

Teams using MCP tools such as Google BigQuery in LibreChat now get the OAuth login step during connect, so they no longer see a green connection followed by immediate "OAuth authentication required" when the first tool runs; authenticated calls become either available immediately after consent or fail early with a clear auth URL. This should reduce support friction and broken workflows, while operator monitoring should focus on callback failures, token-store behavior, and any repeated redirect loops for misconfigured OAuth apps or server URLs.

What To Watch Next

  • Watch whether MCPConnectionFactory.createConnection becomes a repeated pattern.
  • Track follow-up changes around Tool Calling.
  • Compare future signals against this evidence trail.
  • Re-check risk flags: watch_for_oauth_callback_failures, watch_for_missing_or_invalid_server_url.
Open Topic TimelineOpen Technical EventOpen Original Sourcewatch_for_oauth_callback_failures / watch_for_missing_or_invalid_server_url / watch_for_token_storage_and_refresh_edge_cases / watch_for_oauth_prompt_loops_in_reconnect_paths

Supporting Evidence

GITHUB PULL REQUESTHigh Trust

danny-avila/LibreChat PR #12759: Implement proactive OAuth flow for connections without tokens

LibreChat now proactively triggers OAuth for OAuth-required MCP servers before connection, so BigQuery-like integrations no longer fail only at first tool invocation.