OAuth authentication fails: Protected resource origin does not match exact connection URL path

[danielpsf-grover]

What happened?

When attempting to authenticate with a custom MCP server (Swifteq Zendesk) that uses OAuth, the CLI blocks the authentication because the server's protected resource identifier (the origin) does not exactly match the httpUrl (which includes the SSE endpoint path).

Steps to Reproduce:

Configure settings.json with an MCP server that has a path in the URL:

{
  "security": {
    "auth": {
      "selectedType": "oauth-personal"
    }
  },
  "mcpServers": {
    "zendesk": {
      "httpUrl": "https://mcp.swifteq.com/api/mcp/sse"
    }
  }
}

Run /mcp auth zendesk

What did you expect to happen?

Expected Behavior:
The CLI should successfully authenticate. The OAuth resource validation should either accept an origin-level match (https://mcp.swifteq.com matching the base of https://mcp.swifteq.com/api/mcp/sse), or the settings.json schema should allow an override key like resource or expectedResource in the server block.

Actual Behavior:
The authentication fails with the following strict matching error:
✕ Failed to authenticate with MCP server 'zendesk': Protected resource https://mcp.swifteq.com does not match expected https://mcp.swifteq.com/api/mcp/sse

Client information

Client Information

Run gemini to enter the interactive CLI, then run the /about command.

> /about
About Gemini CLI                                                                                                                                                                 
│ CLI Version                                                   0.29.5
│ Git Commit                                                    2ef872e73
│ Model                                                         Auto (Gemini 2.5)
│ Sandbox                                                       no sandbox
│ OS                                                            darwin
│ Auth Method                                                   Logged in with Google (MYEMAIL@MYCOMPANYDOMAIN.com)
│ Tier                                                          Gemini Code Assist
│ GCP Project                                                   my-company-gcp-project

Login information

Google account

Anything else we need to know?

No response

[benjaminblack]

This is also happening with Amplitude.

[vmsysadm]

Same issue with Cloudflare:

✕ MCP ERROR (cloudflare-api)

✕ Error during discovery for MCP server 'cloudflare-api': Client is not connected, must connect before interacting with the server. Current state is disconnected

/mcp auth cloudflare-api

ℹ Starting OAuth authentication for MCP server 'cloudflare-api'...
✕ Failed to authenticate with MCP server 'cloudflare-api': Protected resource https://mcp.cloudflare.com does not match expected
https://mcp.cloudflare.com/mcp

❯ cat ..gemini\settings.json

{
"mcpServers": {
"cloudflare-api": {
"url": "https://mcp.cloudflare.com/mcp"
}
}
}

❯ gemini -v
0.31.0

[JaoMarcos]

Same issue

[CliveCorbishleyTAL]

In my case it was with the gitlab mcp server - If I look at their resource, they're returning an array instead of the expected string. So for that in my case I made a tweak in gemini-cli and installed from source while I follow up with Gitlab

https://gitlab.com/.well-known/oauth-protected-resource/api/v4/mcp

{
  "resource": [
    "https://gitlab.com/api/v4/mcp"
  ],
  "authorization_servers": [
    "https://gitlab.com"
  ],
  "scopes_supported": [
    "mcp"
  ]
}

[edahlseng]

This is also happening with Linear:

{
  "mcpServers": {
    "linear": {
      "url": "https://mcp.linear.app/mcp"
    }
  }
}

Is this an issue with Gemini CLI or with these MCP servers? As the list of examples grows it seems like this might be an issue with Gemini CLI?

[edahlseng]

Slack is also failing for me:

{
  "mcpServers": {
    "slack": {
      "url": "https://mcp.slack.com/mcp"
    }  
  }
}

Failed to authenticate with MCP server 'slack': Protected resource https://mcp.slack.com does not match expected
  https://mcp.slack.com/mcp

[Kevinrob]

Same with Clickhouse

{
  "mcpServers": {
    "clickhouse": {
      "url": "https://mcp.clickhouse.cloud/mcp"
    }
  }
}

> /mcp auth clickhouse

ℹ Starting OAuth authentication for MCP server 'clickhouse'...
✕ Failed to authenticate with MCP server 'clickhouse': Protected resource undefined does not match expected https://mcp.clickhouse.cloud/mcp

https://clickhouse.com/docs/use-cases/AI/MCP/remote_mcp

[jhutar]

OK, I asked Gemini this:

 > Hello Gemini. I added slack MCP server to your config like this:                                                                                                                                                                          
                                                                                                                                                                                                                                             
   ---                                                                                                                                                                                                                                       
   $ jq . .gemini/settings.json | head -n 6                                                                                                                                                                                                  
   {                                                                                                                                                                                                                                         
     "mcpServers": {                                                                                                                                                                                                                         
       "slack": {                                                                                                                                                                                                                            
         "type": "http",                                                                                                                                                                                                                     
         "url": "https://mcp.slack.com/mcp"                                                                                                                                                                                                  
       },                                                                                                                                                                                                                                    
   ---                                                                                                                                                                                                                                       
                                                                                                                                                                                                                                             
   And when I try to authenticate, it fails with this error:                                                                                                                                                                                 
                                                                                                                                                                                                                                             
   ---                                                                                                                                                                                                                                       
   > /mcp auth slack                                                                                                                                                                                                                         
                                                                                                                                                                                                                     
   ℹ Starting OAuth authentication for MCP server 'slack'...                                                                                                                                                                                 
   ✕ Failed to authenticate with MCP server 'slack': Protected resource https://mcp.slack.com does not match expected https://mcp.slack.com/mcp                                                                                              
   ---                                                                                                                                                                                                                                       
                                                                                                                                                                                                                                             
   If it would help, gemini-cli repo is cloned in gemini-cli/                                                                                                                                                                                

and got back this:

✦ I found the root cause of the error. According to RFC 9728 Section 7.3, when validating the protected resource metadata, the client must ensure that the "resource identifier URL it is using as the prefix for the metadata request
  exactly matches the value of the resource metadata parameter". 

  Previously, gemini-cli was incorrectly using the exact input server URL (https://mcp.slack.com/mcp) as the expected prefix. However, because Slack doesn't support the path-based .well-known endpoint, the CLI fell back to checking the
  root endpoint (https://mcp.slack.com/.well-known/...), making https://mcp.slack.com the actual prefix queried. The server correctly returned https://mcp.slack.com, causing a mismatch with the hardcoded input URL.

  I have edited packages/core/src/mcp/oauth-utils.ts to introduce a getPrefixFromMetadataUrl() helper that dynamically infers the expected prefix from the exact metadata URL the CLI queried. The test suite for oauth-utils also passes
  successfully with this change.

  Here is a draft commit message for this change:

   1 fix: correct OAuth expected resource matching for path-based MCP servers
   2
   3 When authenticating with the Slack MCP server (https://mcp.slack.com/mcp), the client threw a "Protected resource ... does not match expected" error. The expected resource was incorrectly computed from the user's input server URL
     rather than using the metadata URL prefix that was actually queried from the remote endpoint as per RFC 9728 Section 7.3. 
   4
   5 This commit introduces a helper to extract the exact requested prefix from the metadata URL and compares it against the metadata resource, which fixes the validation mismatch.
   6
   7 Prompt that led to the change:
   8 I added slack MCP server to your config... And when I try to authenticate, it fails with this error: "Protected resource https://mcp.slack.com does not match expected https://mcp.slack.com/mcp".

  Would you like me to commit these changes to your repository using this message and the appropriate trailers?

The patch it generated is:

diff --git a/packages/core/src/mcp/oauth-utils.ts b/packages/core/src/mcp/oauth-utils.ts
index 12ab2bd9f..7d0a4d56e 100644
--- a/packages/core/src/mcp/oauth-utils.ts
+++ b/packages/core/src/mcp/oauth-utils.ts
@@ -87,6 +87,15 @@ export class OAuthUtils {
     };
   }
 
+  /**
+   * Extracts the prefix used for the metadata request by removing the well-known component.
+   *
+   * @param metadataUrl The requested metadata URL
+   */
+  static getPrefixFromMetadataUrl(metadataUrl: string): string {
+    return metadataUrl.replace('/.well-known/oauth-protected-resource', '');
+  }
+
   /**
    * Fetch OAuth protected resource metadata.
    *
@@ -236,8 +245,9 @@ export class OAuthUtils {
       // RFC 9728 §3.1: Construct well-known URL by inserting /.well-known/oauth-protected-resource
       // between the host and path. This is the RFC-compliant approach.
       const wellKnownUrls = this.buildWellKnownUrls(serverUrl);
+      let usedMetadataUrl = wellKnownUrls.protectedResource;
       let resourceMetadata = await this.fetchProtectedResourceMetadata(
-        wellKnownUrls.protectedResource,
+        usedMetadataUrl,
       );
 
       // Fallback: If path-based discovery fails and we have a path, try root-based discovery
@@ -249,6 +259,9 @@ export class OAuthUtils {
           resourceMetadata = await this.fetchProtectedResourceMetadata(
             rootBasedUrls.protectedResource,
           );
+          if (resourceMetadata) {
+            usedMetadataUrl = rootBasedUrls.protectedResource;
+          }
         }
       }
 
@@ -256,7 +269,7 @@ export class OAuthUtils {
         // RFC 9728 Section 7.3: The client MUST ensure that the resource identifier URL
         // it is using as the prefix for the metadata request exactly matches the value
         // of the resource metadata parameter in the protected resource metadata document.
-        const expectedResource = this.buildResourceParameter(serverUrl);
+        const expectedResource = this.getPrefixFromMetadataUrl(usedMetadataUrl);
         if (
           !this.isEquivalentResourceIdentifier(
             resourceMetadata.resource,
@@ -352,7 +365,7 @@ export class OAuthUtils {
 
     if (resourceMetadata && mcpServerUrl) {
       // Validate resource parameter per RFC 9728 Section 7.3
-      const expectedResource = this.buildResourceParameter(mcpServerUrl);
+      const expectedResource = this.getPrefixFromMetadataUrl(resourceMetadataUri);
       if (
         !this.isEquivalentResourceIdentifier(
           resourceMetadata.resource,

I never worked with TypeScript , so if somebody could review it and possibly create a pull request, that would be cool.

[KingXHJ]

It happens to alphaxiv too.
Error in Gemini CLI:

 > /mcp auth alphaxiv

ℹ Starting OAuth authentication for MCP server 'alphaxiv'...
✕ Failed to authenticate with MCP server 'alphaxiv': Protected resource https://api.alphaxiv.org does not match expected
  https://api.alphaxiv.org/mcp/v1

My settings.json:

"mcpServers": {
    "alphaxiv": {
      "url": "https://api.alphaxiv.org/mcp/v1"
    }
  }