Feature request: add MCP remote using oauth

[benjamine]

using OAuth 2.1, installing an MCP server would get much simpler and secure.

entering just a url (eg https://api.githubcopilot.com/mcp/ for github mcp), the CLI can trigger an oauth flow to complete authorization without copying secrets or putting them in config or env variables.

the process would be very similar to what you do already for authorizing a model.

VSCode has an implementation as MCP host that can be used for reference.

example server: https://github.com/github/github-mcp-server

update: Claude Code added this too (MCP server is added with a cli command, and then auth flow is done when starting the tUI, I guess it makes sense bc there it handles re-connect, disconnect too)

[bobbypiper]

Would be ideal for access to Sentry's MCP https://docs.sentry.io/product/sentry-mcp/

[adrielp]

➕1 to this. Would be great for the Honeycomb MCP as well. OAuth is going to become even more common given the updates to the MCP spec. Also being able to clearly call out that the remote transport is http would be nice.

[idl3]

This would be useful for us before we can fully swap over as we have built quite a lot of workflows that rely on OAuth MCP's like Linear + Sentry.

[wewelll]

+1 on this feature request.

Github and Notion now support Remote MCP servers, which simplifies a lot the setup process

[samholmes]

This is also the official means of authenticating for Asana (https://developers.asana.com/docs/using-asanas-mcp-server)

[ThomasAlbrt]

That would be fantastic as the current process is quite tedious.

[BN-JuzzyP]

+1

[thdxr]

yep on my list

[wkronmiller]

As a temporary workaround, you can use mcp-remote, for example:

    "linear": {
      "type": "local",
      "command": ["npx", "-y", "mcp-remote", "https://mcp.linear.app/sse"]
    },

Just run npx mcp-remote https://mcp.linear.app/sse directly from the CLI to log in, first.

[benjamine]

As a temporary workaround, you can use mcp-remote, for example:

    "linear": {
      "type": "local",
      "command": ["npx", "-y", "mcp-remote", "https://mcp.linear.app/sse"]
    },

Just run npx mcp-remote https://mcp.linear.app/sse directly from the CLI to log in, first.

the feature request is not to have MCP remote (opencode already supports that well), it's to connect without creating api keys or copy-pasting secrets / putting a secret in a config file.

reconnect also becomes much simpler, bonus point if supporting refresh tokens (although I haven't seen other coding CLIs support that)

ps: bun recently launched secret storage, just suggesting maybe worth looking into for implementing this

[rekram1-node]

@benjamine it isnt up to me but I do like the bun secret storage

[wkronmiller]

As a temporary workaround, you can use mcp-remote, for example:

    "linear": {
      "type": "local",
      "command": ["npx", "-y", "mcp-remote", "https://mcp.linear.app/sse"]
    },

Just run npx mcp-remote https://mcp.linear.app/sse directly from the CLI to log in, first.

the feature request is not to have MCP remote (opencode already supports that well), it's to connect without creating api keys or copy-pasting secrets / putting a secret in a config file.

reconnect also becomes much simpler, bonus point if supporting refresh tokens (although I haven't seen other coding CLIs support that)

ps: bun recently launched secret storage, just suggesting maybe worth looking into for implementing this

mcp-remote already supports oauth login (e.g. for Linear), and can therefore be used as a temporary work-around for the lack of secrets support in opencode

[benjamine]

As a temporary workaround, you can use mcp-remote, for example:

    "linear": {
      "type": "local",
      "command": ["npx", "-y", "mcp-remote", "https://mcp.linear.app/sse"]
    },

Just run npx mcp-remote https://mcp.linear.app/sse directly from the CLI to log in, first.

the feature request is not to have MCP remote (opencode already supports that well), it's to connect without creating api keys or copy-pasting secrets / putting a secret in a config file.

reconnect also becomes much simpler, bonus point if supporting refresh tokens (although I haven't seen other coding CLIs support that)

ps: bun recently launched secret storage, just suggesting maybe worth looking into for implementing this

mcp-remote already supports oauth login (e.g. for Linear), and can therefore be used as a temporary work-around for the lack of secrets support in opencode

my bad sorry, didn't realize it supports oauth now, it stores secrets in a file in home dir it seems, but it makes sense as a workaround 👍 thanks

[clouatre]

Enterprise OAuth Need Validated

Our enterprise MCP testing confirms the critical need for native OAuth 2.1 support.

Enterprise Use Case: Multi-tenant Atlassian deployments (Slalom, Plusgrade, PointsBU) requiring separate OAuth sessions per tenant.

Current Limitation: Proxy solutions like mcp-remote share OAuth sessions via coordination lockfiles, preventing true instance isolation:

• GitHub Issue: geelen/mcp-remote#25
• All instances connect to same tenant instead of separate ones

Claude Code Reference: Native SSE + OAuth implementation handles this seamlessly:

• Separate OAuth sessions per server instance
• Built-in re-authentication flows
• No coordination conflicts

Impact: Without native OAuth support, OpenCode enterprise users face architectural limitations that prevent complex multi-tenant MCP workflows.

This feature would eliminate dependency on third-party proxy solutions and enable enterprise-grade MCP deployments.

[m407]

Opencode client must be registered with Figma to work even oAuth is implemented.

[klaudworks]

could also use this. using mcp-remote workaround atm.

[rekram1-node]

we have oauth support now I think this can be closed

[flybayer]

Opencode client must be registered with Figma to work even oAuth is implemented.

Looks like this is still required to get Figma working with opencode

[rekram1-node]

Yeah we have that in the works @flybayer

waiting on figma people to approve