Issue Station
Sign In
Tools hereToolbox

claude-code - 💡(How to fix) Fix [Bug] Connector marketplace OAuth fails for multi-region SaaS partners with region-specific authorization servers [1 participants]

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…
GitHub stats
anthropics/claude-code#54751Fetched 2026-04-30 06:37:03
View on GitHub
Comments
0
Participants
1
Timeline
3
Reactions
0
Author
glencornell7glencornell7
Participants
glencornell7glencornell7
Timeline (top)
labeled ×3

Error Message

[{"error":"McpToolCallError: MCP error -32602: Input validation error: Invalid arguments for tool artifact_get: [\n {\n "code": "invalid_type",\n "expected": "number",\n "received": "string",\n …

Root Cause

Bug Description Title: Connector marketplace OAuth registration assumes single hostname — blocks all multi-region SaaS partners (Customer.io EU users currently broken)

Organization ID: 1303f3f0-90c7-41c5-8d68-fd6b10f89a9e

Surface: Claude Desktop — connector marketplace (built-in connector flow, not custom connector)

Reporter: Glen Cornell, Product Manager at Customer.io (enterprise plan)

Connector: Customer.io (recently approved, ~1 week ago via partnership thread with Anthony Bibbs)

Summary

The connector marketplace registers OAuth dynamic client registration against a single hardcoded hostname per connector listing. For SaaS partners with strictly-segregated multi-region architecture, this means users from any non-listed region cannot complete the OAuth handshake and are blocked from connecting. There is no point in the flow where the user can specify their region, and no mechanism in the MCP spec for the server to redirect to a region-specific authorization server.

Specific error

"OAuth client not found" — surfaced when an EU Customer.io user attempts to add the connector through Claude Desktop. The handshake hits mcp.customer.io (US), tries to register a client, fails because the EU user has no workspace on the US instance.

Reproduction steps

  1. Have a Customer.io account on the EU region (workspace exists at mcp-eu.customer.io, no corresponding workspace on mcp.customer.io).
  2. Open Claude Desktop → Settings → Connectors → add the Customer.io connector from the directory.
  3. Begin the OAuth flow.
  4. Observe the "OAuth client not found" error after the registration handshake.

100% reproducible with any EU-only Customer.io account.

Expected behavior

Either:

  • The marketplace prompts the user for their region before initiating OAuth, OR
  • The connector listing supports multiple region-specific OAuth registration URLs, OR
  • The OAuth handshake supports HTTP redirects so the server can route the client to the correct regional authorization server.

Actual behavior

OAuth registration is initiated against the single hardcoded US hostname (mcp.customer.io). EU users error out and have no remediation path through the standard connector flow. They can only connect by manually adding a custom connector with the EU URL — which requires Owner-level Claude permissions that most users don't have.

Impact

  • All Customer.io EU customers attempting to use the connector through Claude Desktop are blocked. EU is fully unusable through the marketplace today.
  • Not Customer.io-specific. This affects every multi-region SaaS partner in the connectors directory whose data residency commitments prevent cross-region routing (HubSpot, ZoomInfo, Atlassian, Notion, etc., all have similar architectures).
  • For SaaS with GDPR / data residency commitments, working around this by proxying EU traffic through US is not viable — it violates DPAs and creates Schrems II / CLOUD Act exposure.

Customer.io configuration context

  • US MCP server: mcp.customer.io (currently the marketplace listing)
  • EU MCP server: mcp-eu.customer.io (data residency, no cross-region routing by design)
  • Each MCP server only has visibility into workspaces in its own region.

Workarounds explored / found insufficient

  1. Two separate connector listings (US + EU): rejected — sets bad precedent for the marketplace and doesn't generalize across multi-region partners.
  2. Proxying EU traffic through US: not viable due to GDPR + customer DPA commitments.
  3. managedMcpServers config: partial fix for enterprise customers whose Claude admin can centrally push the EU URL. Doesn't help self-serve users, which are the majority of marketplace traffic.
  4. HTTP redirect at the OAuth final-connection step: prototype in flight (Customer.io engineering). Appears to work in Electron-based clients (Claude Desktop, VS Code, Cursor) because they follow redirects via node fetch, but is not in the MCP spec or any RFC and would silently break in native clients (Swift, ObjC, C). Fragile and undocumented.

Requested resolution

Add first-class multi-region support to the connector flow. Most likely candidates:

  • A region-selection step in the marketplace UI before OAuth initiation, OR
  • A spec addition allowing connectors to declare multiple region-specific OAuth registration URLs, OR
  • Officially supporting HTTP redirects in the OAuth handshake so server-side region routing becomes spec-compliant.

We'd love 15 minutes with whoever owns the connector marketplace product / MCP spec roadmap to walk through what we've seen.

Related

  • Existing email thread with Anthony Bibbs ([email protected]) about this — Naomi West and Glen Cornell looped in.
  • Fin support conversation ID: 215474112452689

Fix Action

Fix / Workaround

Bug Description Title: Connector marketplace OAuth registration assumes single hostname — blocks all multi-region SaaS partners (Customer.io EU users currently broken)

Organization ID: 1303f3f0-90c7-41c5-8d68-fd6b10f89a9e

Surface: Claude Desktop — connector marketplace (built-in connector flow, not custom connector)

Reporter: Glen Cornell, Product Manager at Customer.io (enterprise plan)

Connector: Customer.io (recently approved, ~1 week ago via partnership thread with Anthony Bibbs)

Summary

The connector marketplace registers OAuth dynamic client registration against a single hardcoded hostname per connector listing. For SaaS partners with strictly-segregated multi-region architecture, this means users from any non-listed region cannot complete the OAuth handshake and are blocked from connecting. There is no point in the flow where the user can specify their region, and no mechanism in the MCP spec for the server to redirect to a region-specific authorization server.

Specific error

"OAuth client not found" — surfaced when an EU Customer.io user attempts to add the connector through Claude Desktop. The handshake hits mcp.customer.io (US), tries to register a client, fails because the EU user has no workspace on the US instance.

Reproduction steps

  1. Have a Customer.io account on the EU region (workspace exists at mcp-eu.customer.io, no corresponding workspace on mcp.customer.io).
  2. Open Claude Desktop → Settings → Connectors → add the Customer.io connector from the directory.
  3. Begin the OAuth flow.
  4. Observe the "OAuth client not found" error after the registration handshake.

100% reproducible with any EU-only Customer.io account.

Expected behavior

Either:

  • The marketplace prompts the user for their region before initiating OAuth, OR
  • The connector listing supports multiple region-specific OAuth registration URLs, OR
  • The OAuth handshake supports HTTP redirects so the server can route the client to the correct regional authorization server.

Actual behavior

OAuth registration is initiated against the single hardcoded US hostname (mcp.customer.io). EU users error out and have no remediation path through the standard connector flow. They can only connect by manually adding a custom connector with the EU URL — which requires Owner-level Claude permissions that most users don't have.

Impact

  • All Customer.io EU customers attempting to use the connector through Claude Desktop are blocked. EU is fully unusable through the marketplace today.
  • Not Customer.io-specific. This affects every multi-region SaaS partner in the connectors directory whose data residency commitments prevent cross-region routing (HubSpot, ZoomInfo, Atlassian, Notion, etc., all have similar architectures).
  • For SaaS with GDPR / data residency commitments, working around this by proxying EU traffic through US is not viable — it violates DPAs and creates Schrems II / CLOUD Act exposure.

Customer.io configuration context

  • US MCP server: mcp.customer.io (currently the marketplace listing)
  • EU MCP server: mcp-eu.customer.io (data residency, no cross-region routing by design)
  • Each MCP server only has visibility into workspaces in its own region.

Workarounds explored / found insufficient

  1. Two separate connector listings (US + EU): rejected — sets bad precedent for the marketplace and doesn't generalize across multi-region partners.
  2. Proxying EU traffic through US: not viable due to GDPR + customer DPA commitments.
  3. managedMcpServers config: partial fix for enterprise customers whose Claude admin can centrally push the EU URL. Doesn't help self-serve users, which are the majority of marketplace traffic.
  4. HTTP redirect at the OAuth final-connection step: prototype in flight (Customer.io engineering). Appears to work in Electron-based clients (Claude Desktop, VS Code, Cursor) because they follow redirects via node fetch, but is not in the MCP spec or any RFC and would silently break in native clients (Swift, ObjC, C). Fragile and undocumented.

Requested resolution

Add first-class multi-region support to the connector flow. Most likely candidates:

  • A region-selection step in the marketplace UI before OAuth initiation, OR
  • A spec addition allowing connectors to declare multiple region-specific OAuth registration URLs, OR
  • Officially supporting HTTP redirects in the OAuth handshake so server-side region routing becomes spec-compliant.

We'd love 15 minutes with whoever owns the connector marketplace product / MCP spec roadmap to walk through what we've seen.

Related

  • Existing email thread with Anthony Bibbs ([email protected]) about this — Naomi West and Glen Cornell looped in.
  • Fin support conversation ID: 215474112452689

Code Example

[{"error":"McpToolCallError: MCP error -32602: Input validation error: Invalid arguments for tool artifact_get: [\n  {\n    \"code\": \"invalid_type\",\n    \"expected\": \"number\",\n    \"received\": \"string\",\n …
RAW_BUFFERClick to expand / collapse

Bug Description Title: Connector marketplace OAuth registration assumes single hostname — blocks all multi-region SaaS partners (Customer.io EU users currently broken)

Organization ID: 1303f3f0-90c7-41c5-8d68-fd6b10f89a9e

Surface: Claude Desktop — connector marketplace (built-in connector flow, not custom connector)

Reporter: Glen Cornell, Product Manager at Customer.io (enterprise plan)

Connector: Customer.io (recently approved, ~1 week ago via partnership thread with Anthony Bibbs)

Summary

The connector marketplace registers OAuth dynamic client registration against a single hardcoded hostname per connector listing. For SaaS partners with strictly-segregated multi-region architecture, this means users from any non-listed region cannot complete the OAuth handshake and are blocked from connecting. There is no point in the flow where the user can specify their region, and no mechanism in the MCP spec for the server to redirect to a region-specific authorization server.

Specific error

"OAuth client not found" — surfaced when an EU Customer.io user attempts to add the connector through Claude Desktop. The handshake hits mcp.customer.io (US), tries to register a client, fails because the EU user has no workspace on the US instance.

Reproduction steps

  1. Have a Customer.io account on the EU region (workspace exists at mcp-eu.customer.io, no corresponding workspace on mcp.customer.io).
  2. Open Claude Desktop → Settings → Connectors → add the Customer.io connector from the directory.
  3. Begin the OAuth flow.
  4. Observe the "OAuth client not found" error after the registration handshake.

100% reproducible with any EU-only Customer.io account.

Expected behavior

Either:

  • The marketplace prompts the user for their region before initiating OAuth, OR
  • The connector listing supports multiple region-specific OAuth registration URLs, OR
  • The OAuth handshake supports HTTP redirects so the server can route the client to the correct regional authorization server.

Actual behavior

OAuth registration is initiated against the single hardcoded US hostname (mcp.customer.io). EU users error out and have no remediation path through the standard connector flow. They can only connect by manually adding a custom connector with the EU URL — which requires Owner-level Claude permissions that most users don't have.

Impact

  • All Customer.io EU customers attempting to use the connector through Claude Desktop are blocked. EU is fully unusable through the marketplace today.
  • Not Customer.io-specific. This affects every multi-region SaaS partner in the connectors directory whose data residency commitments prevent cross-region routing (HubSpot, ZoomInfo, Atlassian, Notion, etc., all have similar architectures).
  • For SaaS with GDPR / data residency commitments, working around this by proxying EU traffic through US is not viable — it violates DPAs and creates Schrems II / CLOUD Act exposure.

Customer.io configuration context

  • US MCP server: mcp.customer.io (currently the marketplace listing)
  • EU MCP server: mcp-eu.customer.io (data residency, no cross-region routing by design)
  • Each MCP server only has visibility into workspaces in its own region.

Workarounds explored / found insufficient

  1. Two separate connector listings (US + EU): rejected — sets bad precedent for the marketplace and doesn't generalize across multi-region partners.
  2. Proxying EU traffic through US: not viable due to GDPR + customer DPA commitments.
  3. managedMcpServers config: partial fix for enterprise customers whose Claude admin can centrally push the EU URL. Doesn't help self-serve users, which are the majority of marketplace traffic.
  4. HTTP redirect at the OAuth final-connection step: prototype in flight (Customer.io engineering). Appears to work in Electron-based clients (Claude Desktop, VS Code, Cursor) because they follow redirects via node fetch, but is not in the MCP spec or any RFC and would silently break in native clients (Swift, ObjC, C). Fragile and undocumented.

Requested resolution

Add first-class multi-region support to the connector flow. Most likely candidates:

  • A region-selection step in the marketplace UI before OAuth initiation, OR
  • A spec addition allowing connectors to declare multiple region-specific OAuth registration URLs, OR
  • Officially supporting HTTP redirects in the OAuth handshake so server-side region routing becomes spec-compliant.

We'd love 15 minutes with whoever owns the connector marketplace product / MCP spec roadmap to walk through what we've seen.

Related

  • Existing email thread with Anthony Bibbs ([email protected]) about this — Naomi West and Glen Cornell looped in.
  • Fin support conversation ID: 215474112452689

Environment Info

  • Platform: darwin
  • Terminal: iTerm.app
  • Version: 2.1.123
  • Feedback ID: bd7ff9dc-e3ae-4f50-b273-bf6bbbf1ddaf

Errors

[{"error":"McpToolCallError: MCP error -32602: Input validation error: Invalid arguments for tool artifact_get: [\n  {\n    \"code\": \"invalid_type\",\n    \"expected\": \"number\",\n    \"received\": \"string\",\n …

Note: Content was truncated.

extent analysis

TL;DR

The most likely fix is to add first-class multi-region support to the connector flow, allowing users to select their region before OAuth initiation or supporting multiple region-specific OAuth registration URLs.

Guidance

  • The current implementation assumes a single hostname per connector listing, which blocks multi-region SaaS partners like Customer.io EU users.
  • To resolve this, consider adding a region-selection step in the marketplace UI before OAuth initiation.
  • Alternatively, the connector listing could support multiple region-specific OAuth registration URLs.
  • Another possible solution is to officially support HTTP redirects in the OAuth handshake, enabling server-side region routing.

Example

No code snippet is provided as the issue description does not include specific code references.

Notes

The provided solution is based on the information given in the issue description and may not be exhaustive. The implementation details and potential edge cases should be considered when applying the suggested fixes.

Recommendation

Apply a workaround by adding a region-selection step in the marketplace UI before OAuth initiation, as this seems to be the most straightforward solution to support multi-region SaaS partners.

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…
#api#ssr#environment variable#network issue#logging issue

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING

claude-code - 💡(How to fix) Fix [Bug] Connector marketplace OAuth fails for multi-region SaaS partners with region-specific authorization servers [1 participants]