Skip to content

## Third-party MCP server shows "Connected" in the app but its tools are miss... #1909

Description

@bugale

Third-party MCP server shows "Connected" in the app but its tools are missing from CLI sessions

After signing in to a third-party OAuth MCP server (Atlassian, https://mcp.atlassian.com/v1/mcp) through the app, it shows a green "Connected" badge, but none of its tools are available to the agent in the sessions the app spawns. The first-party GitHub MCP server works fine. Restarting the app, re-enabling the server, re-signing in, and updating the app don't help.

Steps to reproduce

  1. In the Copilot app, add the Atlassian MCP server (https://mcp.atlassian.com/v1/mcp) and complete OAuth sign-in — it shows a green "Connected" badge.
  2. Open any session and ask the agent to list its tools, or to use a Jira/Confluence tool.
  3. No atlassian-* tools are available to the agent.
  4. The session log (~/.copilot/logs/process-*.log) shows: Server atlassian requires authentication, initiating OAuth flow then OAuth required for atlassian with no cached tokens; marking as needs-auth.

Expected behavior

Once the app shows a third-party MCP server as "Connected," its tools should be available to the agent in spawned sessions, just like the first-party GitHub server.

Root cause / context

  • The green badge reflects the app's own daemon MCP connection, authenticated with tokens in Windows Credential Manager (service copilot-mcp-oauth). Each spawned session is a separate MCP client using host-delegated OAuth: for first-party GitHub the app returns a token, but for third-party servers it cancels the host-token hand-back and only reconnects its own daemon so the badge goes green. The session token store is ephemeral, so it can't fall back to the cached tokens on disk. Net: sessions never get third-party credentials and mark the server needs-auth.
  • Evidence the tokens are valid: injecting the app's token as a static Authorization: Bearer header on the atlassian entry in ~/.copilot/mcp-config.json makes sessions connect and load all 31 tools. That static header isn't a real fix — the access token expires in a few hours and rotates.
  • Suggested fix: bridge third-party MCP OAuth tokens to spawned sessions the same way the first-party GitHub token is handed off (or let sessions read the persistent copilot-mcp-oauth store).

Environment

Windows 11 Pro (10.0.26200), x86_64; app 1.0.20; bundled CLI 1.0.70.


Field Value
App version 1.0.20
OS Windows 10.0.26200
Theme GitHub
Path /chat
Tenure Week 4

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions