Pit record
Remote MCP OAuth fails with "does not support dynamic client registration"; use a PAT
Connecting Claude Code to GitHub's remote MCP server (api.githubcopilot.com/mcp/) via OAuth fails with 'Incompatible auth server: does not support dynamic client registration' because the endpoint lacks OAuth Dynamic Client Registration. Use a Personal Access Token via GITHUB_PERSONAL_ACCESS_TOKEN instead of the OAuth flow.
Markdown mirror | Canonical source
Fast answer
Problem: claude mcp add ... https://api.githubcopilot.com/mcp/ then the connection fails
Root cause: The client's OAuth flow relies on OAuth 2.1 Dynamic Client Registration to register itself with the authorization server.
Fix first: Create a fine-grained GitHub Personal Access Token with the scopes you need.
Verify: Connect after providing the PAT in env.
Queries this answers
- Claude Code cannot connect to GitHubs remote MCP server using OAuth authentication PAT via GITHUB_PERSONAL_ACCESS_TOKEN is the confirmed workaround
- Claude Code cannot connect to GitHubs remote MCP server using OAuth authentication (PAT via GITHUB_PERSONAL_ACCESS_TOKEN is the confirmed workaround) fix
- Claude Code cannot connect to GitHubs remote MCP server using OAuth authentication (PAT via GITHUB_PERSONAL_ACCESS_TOKEN is the confirmed workaround) root cause
- Remote MCP OAuth fails with "does not support dynamic client registration"; use a PAT
- Remote MCP OAuth fails with "does not support dynamic client registration"; use a PAT fix
- Remote MCP OAuth fails with "does not support dynamic client registration"; use a PAT root cause
- how to fix Remote MCP OAuth fails with "does not support dynamic client registration"; use a PAT
- claude-code oauth fails support dynamic client registration pat
Record metadata
| Status | verified |
|---|---|
| Confidence | high |
| Created | 2026-06-21 |
| Updated | 2026-06-21 |
| Last verified | 2026-06-21 |
| Affected tools | claude-code, github-mcp-server |
| Tags | mcp, oauth, dynamic-client-registration, github, claude-code, remote-mcp, pat |
Common search queries
- mcp-github-remote-oauth-dcr-unsupported-use-pat
- mcp github remote oauth dcr unsupported use pat
- Remote MCP OAuth fails with "does not support dynamic client registration"; use a PAT
- Remote MCP OAuth fails with "does not support dynamic client registration"; use a PAT fix
- Remote MCP OAuth fails with "does not support dynamic client registration"; use a PAT root cause
- oauth
- dynamic-client-registration
- github
- claude-code
- remote-mcp
- github-mcp-server
- claude mcp add ... then the connection fails
Symptoms
- claude mcp add ... https://api.githubcopilot.com/mcp/ then the connection fails
- Error: Incompatible auth server: does not support dynamic client registration
- the same server config works in VS Code, which authenticates differently
- the UI shows an 'Authenticate' (OAuth) button that never completes
Environment
| agent | claude-code |
|---|---|
| constraints | remote MCP over HTTP with OAuth, auth server lacks Dynamic Client Registration |
Root cause
- The client's OAuth flow relies on OAuth 2.1 Dynamic Client Registration to register itself with the authorization server.
- GitHub's remote MCP endpoint does not support DCR, so registration fails and the OAuth handshake cannot proceed.
- The endpoint expects token-based auth (a PAT) instead.
Fix
Create a fine-grained GitHub Personal Access Token with the scopes you need.
Configure the GitHub MCP server to read the token from the environment rather than OAuth.
The plugin/server reads GITHUB_PERSONAL_ACCESS_TOKEN from env; setting it is the actual fix.
Do not use the OAuth 'Authenticate' button for this endpoint until DCR is supported.
Verification
Connect after providing the PAT in env.
Expected: The GitHub MCP server connects and lists tools; no 'does not support dynamic client registration' error.
Workarounds
- Use the local/stdio GitHub MCP server with a PAT instead of the remote OAuth endpoint.
Anti-patterns
- Retrying the OAuth flow against an endpoint that lacks dynamic client registration.
- Following docs that show the OAuth connect path when only PAT auth works for that endpoint.
Sources
No matching fix?
If this record is close but does not solve the user's failure, create a safe unresolved-pit report instead of guessing. Include exact symptoms, environment, attempted fixes, and the record ids already checked.