MCP remote OAuth: two bugs block streamable-http servers (regex `\:` under /u; OAuth errors surfaced as [object Response])

[marcusbsorensen]

Summary

Remote MCP servers that use OAuth fail to connect. I hit two distinct bugs in the MCP OAuth client, both reproducible against public servers (PayPal and Calendly). Reproduced on 2026.6.1 (2e08f0f) and 2026.6.5-beta.2 (131c9bf).

Environment

• OpenClaw 2026.6.1 / 2026.6.5-beta.2
• macOS, Node v24
• Servers added with openclaw mcp add <name> --url <url> --transport streamable-http --auth oauth

---

Bug 1 — Invalid regular expression: /^https\:\/\//u: Invalid escape (post-auth crash)

Server: https://mcp.paypal.com/mcp (streamable-http, OAuth).

Repro

1. openclaw mcp add paypal --url https://mcp.paypal.com/mcp --transport streamable-http --auth oauth
2. openclaw mcp login paypal → authorize in browser → openclaw mcp login paypal --code <code> → MCP OAuth credentials saved for "paypal" (OAuth succeeds).
3. openclaw mcp probe paypal

Result

[bundle-mcp] failed to start server "paypal" (https://mcp.paypal.com/mcp): SyntaxError: Invalid regular expression: /^https\:\/\//u: Invalid escape

The token is saved; the crash is downstream, while building a regex that matches ^https://. The pattern is written as /^https\:\/\// and compiled with the unicode (u) flag. In unicode mode, an identity escape of a non-syntax character (\:) is an Invalid escape.

Fix: drop the unnecessary backslash before : (and / need not be escaped): use /^https:\/\// rather than /^https\:\/\//u, or remove the u flag from that pattern.

---

Bug 2 — OAuth error responses surfaced as "[object Response]" (masks the real error)

Server: https://mcp.calendly.com/ (streamable-http, OAuth).

Repro

1. openclaw mcp add calendly --url https://mcp.calendly.com --transport streamable-http --auth oauth
2. openclaw mcp login calendly

Result (immediately, before any authorize URL is printed)

Invalid OAuth error response: SyntaxError: Unexpected token 'o', "[object Response]" is not valid JSON. Raw body: [object Response]

This masks the real failure, which is at the RFC 7591 dynamic client registration step. Calendly's discovery is well-formed:

• GET https://mcp.calendly.com/.well-known/oauth-protected-resource → 200, authorization_servers: ["https://calendly.com/"]
• GET https://calendly.com/.well-known/oauth-authorization-server → 200, valid JSON, advertises registration_endpoint: https://calendly.com/oauth/register

Reproducing the registration POST that OpenClaw makes (redirect_uri http://127.0.0.1:<port>/oauth/callback) returns HTTP 400 with a perfectly readable JSON body:

{"error":"invalid_client_metadata","errors":{"redirect_uri":["must be an HTTPS/SSL URI or redirect to localhost."]}}

There are two issues here:

2a) The error body is not read. OpenClaw appears to pass the fetch Response object to JSON.parse (hence the literal string "[object Response]") instead of await response.text() / .json(). This swallows every OAuth error and makes failures undiagnosable. Reading and surfacing the body would have shown the cause immediately.

2b) Loopback redirect uses 127.0.0.1 where the AS requires localhost. OpenClaw registers http://127.0.0.1:<port>/oauth/callback. Calendly's /oauth/register rejects the IP literal but accepts http://localhost:<port>/oauth/callback:

# 127.0.0.1  -> 400 invalid_client_metadata (as above)
# localhost  -> 201 Created, client registered successfully

RFC 8252 §7.3 permits both the loopback IP and localhost, but some authorization servers (Calendly) only accept localhost. Consider using localhost for the loopback redirect, or making the loopback host configurable / falling back from 127.0.0.1 to localhost on registration failure.

---

Impact

Remote OAuth MCP servers are currently unusable: PayPal crashes after a successful auth (Bug 1), and Calendly cannot register, with the real cause hidden (Bug 2). Fixing 2a alone would at least make these failures diagnosable; 1 and 2b are the concrete connectivity fixes.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve. Reviewed June 8, 2026, 9:51 AM ET / 13:51 UTC.

Summary
Keep open: current main still routes documented MCP OAuth login/probe through the reported core paths, still defaults dynamic client registration to a 127.0.0.1 redirect, and the reporter's follow-up shows a localhost redirect makes Calendly work while PayPal still hits the regex failure.

Reproducibility: no. full local OAuth login/probe was run, but current source plus the reporter's localhost follow-up make the Calendly path source-reproducible; the PayPal regex failure remains externally reproduced but not source-rooted here.

Ways to help us reproduce this

• Add a screenshot or short recording showing the behavior.
• Add expected vs actual behavior.

Next step
Auth-provider behavior is source-supported, but redirect default/fallback policy and the still-untraced PayPal regex failure need maintainer/security judgment before an automated repair lane.

Review details

Best possible solution:

Fix this in core MCP OAuth by surfacing real DCR error bodies, choosing a tested localhost-compatible loopback strategy, and root-causing the PayPal regex crash with focused tests and live redacted proof.

Do we have a high-confidence way to reproduce the issue?

No full local OAuth login/probe was run, but current source plus the reporter's localhost follow-up make the Calendly path source-reproducible; the PayPal regex failure remains externally reproduced but not source-rooted here.

Is this the best way to solve the issue?

The reported direction is right for Calendly error surfacing and loopback host handling, but the best fix should avoid a broad new config surface and should root-cause the PayPal regex before changing code.

AGENTS.md: found and applied where relevant.

Remaining risk / open question:

• The PayPal invalid-escape regex source was not pinpointed in current source or the inspected SDK auth file, so a fix should not patch a guessed pattern without root-cause proof.
• Changing the default OAuth loopback host or adding redirect fallback is auth compatibility-sensitive and should be checked against loopback security expectations and existing configured overrides.
• A local end-to-end login/probe was not run during this read-only review; live proof comes from the reporter's follow-up plus current public OAuth discovery metadata.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 9a82b60024b5.

Label changes

Label changes:

• add P1: A documented MCP OAuth login/probe workflow fails against public remote servers and blocks affected users from using those authenticated MCP tools.
• add impact:auth-provider: The report is about MCP OAuth registration, redirect metadata, stored OAuth credentials, and authenticated remote-server connection behavior.
• add issue-rating: 🐚 platinum hermit: Current issue advisory state selects this label.
• add clawsweeper:needs-live-repro: Current issue advisory state selects this label.
• add clawsweeper:no-new-fix-pr: Current issue advisory state selects this label.
• add clawsweeper:needs-maintainer-review: Current issue advisory state selects this label.
• add clawsweeper:needs-product-decision: Current issue advisory state selects this label.

Label justifications:

• P1: A documented MCP OAuth login/probe workflow fails against public remote servers and blocks affected users from using those authenticated MCP tools.
• impact:auth-provider: The report is about MCP OAuth registration, redirect metadata, stored OAuth credentials, and authenticated remote-server connection behavior.

Evidence reviewed

Acceptance criteria:

• node scripts/run-vitest.mjs src/agents/mcp-oauth.test.ts src/agents/mcp-transport.test.ts src/agents/mcp-http-fetch.test.ts
• Redacted live MCP OAuth login/probe proof against Calendly and PayPal before merge.

What I checked:

• current-main source: MCP OAuth client metadata still defaults redirect_uris to http://127.0.0.1:8989/oauth/callback, matching the Calendly rejection path in the report. (src/agents/mcp-oauth.ts:47, 9a82b60024b5)
• current-main source: The login helper passes OpenClaw's configured fetch function into the MCP SDK auth flow, so OAuth registration and error handling run through this core MCP client path. (src/agents/mcp-oauth.ts:209, 9a82b60024b5)
• current-main source: Streamable HTTP servers configured with auth: oauth receive an OpenClaw OAuth provider plus OpenClaw's MCP HTTP fetch wrapper. (src/agents/mcp-transport.ts:115, 9a82b60024b5)
• current-main source: The CLI login command wires the resolved HTTP server through buildMcpHttpFetch and withSameOriginMcpHttpHeaders before calling runMcpOAuthLogin. (src/cli/mcp-cli.ts:1244, 9a82b60024b5)
• docs contract: User-facing docs say openclaw mcp login runs OAuth for HTTP servers configured with auth: oauth and that streamable-http is the documented transport spelling. Public docs: docs/cli/mcp.md. (docs/cli/mcp.md:444, 9a82b60024b5)
• dependency contract: @modelcontextprotocol/sdk 1.29.0 dynamic client registration throws parseErrorResponse(response) on non-OK registration responses; parseErrorResponse only reads text when input instanceof Response, which is the dependency boundary implicated by the [object Response] symptom. (package.json:1878, 9a82b60024b5)

Likely related people:

• @steipete: Authored the recent MCP operator workflow commits that added and expanded MCP add/configure/login/logout, OAuth config, docs, and tests. (role: feature owner and recent area contributor; confidence: high; commits: 38d3d11cbc0c, 617c65849856; files: src/agents/mcp-oauth.ts, src/cli/mcp-cli.ts, docs/cli/mcp.md)
• @pgondhi987: Authored the recent guarded MCP HTTP redirect/fetch change in the wrapper used by OAuth login and streamable HTTP transport. (role: recent adjacent contributor; confidence: medium; commits: 3c6259ebb70c; files: src/agents/mcp-http-fetch.ts, src/agents/mcp-transport.ts, src/agents/mcp-http-fetch.test.ts)

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[marcusbsorensen]

Update after further testing — this narrows both bugs:

Calendly now connects successfully (34 tools) after changing only the OAuth redirect from the default http://127.0.0.1:8989/oauth/callback to http://localhost:8989/oauth/callback:

openclaw mcp configure calendly --oauth-redirect-url "http://localhost:8989/oauth/callback"
openclaw mcp login calendly   # now prints an authorize URL instead of "[object Response]"

So:

• Bug 2 is confirmed and fully isolated. The only thing blocking Calendly was the 127.0.0.1 literal in the registered redirect URI (rejected by Calendly's /oauth/register with invalid_client_metadata); the [object Response] handling merely hid that. Switching to localhost resolves it. Both sub-points still stand: 2a read/surface the error body, and 2b prefer (or fall back to) localhost for the loopback redirect.

• Bug 1 appears PayPal-specific. Calendly uses streamable-http + OAuth exactly like PayPal and is now fully authorized, yet it does not trigger the /^https\:\/\//u regex crash. So Bug 1 is not a generic streamable-http+OAuth problem — it is something in the PayPal connection/metadata path specifically. PayPal still fails at openclaw mcp probe paypal with the invalid-escape regex after a successful login.

[LiuwqGit]

Fix submitted

PR: #91451

Summary

• Default MCP OAuth redirect URI uses localhost instead of 127.0.0.1 for AS compatibility (Calendly DCR).
• MCP HTTP fetch normalizes responses to global Response so MCP SDK OAuth error parsing reads JSON bodies instead of [object Response].
• JSON Schema pattern values with redundant \: escapes are repaired before TypeBox unicode RegExp compile (PayPal probe crash).

Test plan

• node scripts/run-vitest.mjs src/agents/mcp-oauth.test.ts src/agents/mcp-http-fetch.test.ts
• node scripts/run-vitest.mjs src/agents/agent-bundle-mcp-runtime.test.ts -t "redundant unicode-invalid"
• pnpm exec oxfmt --check on changed files