n8n - 💡(How to fix) Fix Bug: MCP Client Tool OAuth2 flow omits RFC 8707 resource parameter, breaks spec-compliant MCP servers [2 comments, 3 participants]

Bug Description

The mcpClientTool node combined with the mcpOAuth2Api credential (Dynamic Client Registration enabled) does not include the RFC 8707 resource parameter on either the authorization request or the token request. As a result, spec-compliant MCP servers — those that enforce the MCP Authorization specification's resource indicator requirement — issue access tokens with an empty resources claim, then reject every subsequent API call from n8n with 401 invalid_token.

The OAuth dance itself completes successfully (the user approves consent, n8n exchanges the code for a token), but the very first authenticated MCP request fails. From the UI this surfaces as "failed to connect" right after approving OAuth, with no diagnostic.

This breaks the n8n MCP Client Tool against any MCP server that follows the MCP Authorization spec (2025-06-18) and RFC 8707 §2.2. Confirmed against https://mcp.lusha.com; the same defect will affect any server that strictly validates the token's bound resource (which the spec requires).

Root cause (in source)

In packages/cli/src/oauth/oauth.service.ts:

1. discoverProtectedResourceMetadata() (~L720) extracts only authorization_servers from the RFC 9728 protected-resource metadata and discards the resource field that identifies the canonical resource URL.
2. generateAOauth2AuthUri() (~L393–604) never adds resource to oAuthOptions.query, so the URL returned by oAuthObj.code.getUri() lacks resource=<serverUrl>.
3. convertCredentialToOptions() (~L688) doesn't carry a resource value through to the token-exchange options either.
4. The DCR registerPayload (~L532) doesn't declare resource indicators either (less critical, but related).

Per RFC 8707 §2 and §2.2, the resource parameter MUST be sent on both /authorize and /token when the client is requesting a token bound to a specific protected resource. The MCP spec mandates this.

To Reproduce

1. Stand up any MCP server that validates the aud / resources claim on inbound bearer tokens (RFC 9728 + RFC 8707 compliant). https://mcp.lusha.com is one such server.
2. In n8n, add an MCP Client Tool node. Set:
   • Endpoint URL = the MCP server URL
   • Server Transport = httpStreamable
   • Authentication = MCP OAuth2 API
   • Create a new mcpOAuth2Api credential with Use Dynamic Client Registration = true.
3. Walk through "Connect my account" and approve consent.
4. The credential shows connected, but the next operation (e.g. fetching the tools list / getTools) fails. The MCP server logs show the issued token has resources: [].
5. Inspect the authorize URL n8n redirects to — resource= is absent. Inspect the token exchange body — resource= is absent.

Expected behavior

For an OAuth2 credential with Dynamic Client Registration against an MCP server:

1. discoverProtectedResourceMetadata() should also return the resource field from the RFC 9728 metadata.
2. The resource value should be added as resource=<resource> on:
   • the authorize URL (oAuthOptions.query.resource)
   • the token exchange request body
   • the refresh-token request body
3. The mcpOAuth2Api credential should also surface an optional Resource field for static (non-DCR) setups, so users can specify the resource indicator manually (mirroring how scope works today).

This brings the MCP Client Tool in line with the spec it claims to implement, and unblocks every server that enforces RFC 8707.

Debug Info

Bug reproduced against master source as of November 2025. Trace from the affected MCP server clearly shows expectedResource: https://mcp.lusha.com vs tokenResources: [] for every n8n-issued token.

Environment

• Operating System: n/a (n8n Cloud)
• n8n Version: latest cloud
• Node.js Version: n/a
• Database: n/a
• Execution mode: main
• Hosting: n8n cloud
• Affected node: @n8n/n8n-nodes-langchain.mcpClientTool v1.2
• Affected credential: mcpOAuth2Api

Related

• #30500 — same RFC 8707 violation, reverse direction (n8n's MCP server ignores resource). This issue is about the n8n MCP client.
• #22851 — closed/stale, similar class of OAuth2 query parameter handling bugs in DCR.