inspector icon indicating copy to clipboard operation
inspector copied to clipboard
verified publisher icon modelcontextprotocol

The "Clear OAuth State" button doesn't actually seem to clear the `lastBearerToken`

Open jpmcb opened this issue 5 months ago • 0 comments

Describe the bug

cc @franz-zuplo

We've encountered some irrecoverable states where we can get stuck somehow with an invalid lastBearerToken in the local storage. This then gets used during OAuth flow and does not get cleared with the "Clear OAuth State" button.

This is partially self induced as we had some misconfiguration in our OAuth provider for our MCP server which led to the broken auth state.

To Reproduce

Steps to reproduce the behavior:

  1. Go to your browser's local storage
  2. Manually edit the lastBearerToken to something
  3. Hit "Clear OAuth State" and see the string you set still persists
  4. Notice this token gets used during "Connect"
Image

Expected behavior

The OAuth token would be completely cleared when "Clear OAuth State"

jpmcb avatar Jul 17 '25 21:07 jpmcb