Description
escription
When a remote MCP server's OAuth token expires mid-session, the local auth cache file (~/.local/share/opencode/mcp-auth.json) becomes corrupted. After corruption, all subsequent MCP commands fail with JSON Parse error: Unrecognized token '' and the MCP server cannot be re-authenticated without manually deleting the cache file.
Environment
OS: macOS (darwin-arm64)
OpenCode CLI: @salesforce/cli/2.130.9
MCP Server: cf-portal (remote, OAuth-enabled)
Config: ~/.config/opencode/opencode.jsonc
Steps to Reproduce
Configure a remote MCP server with OAuth in opencode.jsonc:
{
"mcp": {
"cf-portal": {
"type": "remote",
"url": "https://portal.mcp.cfdata.org/mcp",
"enabled": true
}
}
}
Start OpenCode and authenticate. MCP server connects successfully.
Use the MCP server tools for an extended session (1-2 hours).
After a period of inactivity (or mid-session), the MCP server starts returning "Unauthorized" errors.
Eventually, the MCP server tools disappear entirely from the available tools list.
Exit OpenCode and attempt to re-authenticate:
opencode mcp auth cf-portal
Get error:
MCP OAuth Authentication
Error: Unexpected error, check log file at ~/.local/share/opencode/log/...
JSON Parse error: Unrecognized token ''
opencode mcp auth list also fails with the same JSON parse error.
All MCP auth commands are broken until the cache file is manually deleted.
Workaround
rm ~/.local/share/opencode/mcp-auth.json
opencode mcp auth cf-portal
This forces a clean re-authentication. Without this, the MCP server cannot be reconnected.
Expected Behavior
When an OAuth token expires, OpenCode should automatically refresh it or prompt for re-authentication — not corrupt the cache file.
If the cache file is corrupted, opencode mcp auth should detect the corruption and recreate it rather than throwing a JSON parse error.
The --force flag should be supported on opencode mcp auth to allow clearing and re-authenticating in one step.
Observed Frequency
This happens multiple times per day during extended sessions (4-8 hours). The token appears to expire after approximately 30-60 minutes of inactivity, but can also expire mid-use. Over a 2-day working session, we experienced this issue approximately 8-10 times.
Additional Issues Observed
Silent tool disappearance: When the MCP server disconnects, the tools silently disappear from the available tools list. There is no error message or notification — tool calls just start failing with "Model tried to call unavailable tool." A warning/notification would be helpful.
Restart required: Sometimes even after successful re-authentication via opencode mcp auth cf-portal, the tools don't reappear until OpenCode is fully restarted.
Cloudflare 500 errors: Occasionally the MCP server returns Cloudflare 500 errors (portal.mcp.cfdata.org) which also trigger the same auth corruption path.
Suggested Improvements
Add OAuth token auto-refresh before expiry
Add corruption detection and auto-recovery for the auth cache file
Add a --force or --reset flag to opencode mcp auth
Show a visible warning when an MCP server disconnects mid-session
Allow reconnecting an MCP server without restarting OpenCode (e.g., via Ctrl+P menu)
Plugins
No response
OpenCode version
No response
Steps to reproduce
No response
Screenshot and/or share link
No response
Operating System
No response
Terminal
No response
Description
escription
When a remote MCP server's OAuth token expires mid-session, the local auth cache file (~/.local/share/opencode/mcp-auth.json) becomes corrupted. After corruption, all subsequent MCP commands fail with JSON Parse error: Unrecognized token '' and the MCP server cannot be re-authenticated without manually deleting the cache file.
Environment
OS: macOS (darwin-arm64)
OpenCode CLI: @salesforce/cli/2.130.9
MCP Server: cf-portal (remote, OAuth-enabled)
Config: ~/.config/opencode/opencode.jsonc
Steps to Reproduce
Configure a remote MCP server with OAuth in opencode.jsonc:
{
"mcp": {
"cf-portal": {
"type": "remote",
"url": "https://portal.mcp.cfdata.org/mcp",
"enabled": true
}
}
}
Start OpenCode and authenticate. MCP server connects successfully.
Use the MCP server tools for an extended session (1-2 hours).
After a period of inactivity (or mid-session), the MCP server starts returning "Unauthorized" errors.
Eventually, the MCP server tools disappear entirely from the available tools list.
Exit OpenCode and attempt to re-authenticate:
opencode mcp auth cf-portal
Get error:
MCP OAuth Authentication
Error: Unexpected error, check log file at ~/.local/share/opencode/log/...
JSON Parse error: Unrecognized token ''
opencode mcp auth list also fails with the same JSON parse error.
All MCP auth commands are broken until the cache file is manually deleted.
Workaround
rm ~/.local/share/opencode/mcp-auth.json
opencode mcp auth cf-portal
This forces a clean re-authentication. Without this, the MCP server cannot be reconnected.
Expected Behavior
When an OAuth token expires, OpenCode should automatically refresh it or prompt for re-authentication — not corrupt the cache file.
If the cache file is corrupted, opencode mcp auth should detect the corruption and recreate it rather than throwing a JSON parse error.
The --force flag should be supported on opencode mcp auth to allow clearing and re-authenticating in one step.
Observed Frequency
This happens multiple times per day during extended sessions (4-8 hours). The token appears to expire after approximately 30-60 minutes of inactivity, but can also expire mid-use. Over a 2-day working session, we experienced this issue approximately 8-10 times.
Additional Issues Observed
Silent tool disappearance: When the MCP server disconnects, the tools silently disappear from the available tools list. There is no error message or notification — tool calls just start failing with "Model tried to call unavailable tool." A warning/notification would be helpful.
Restart required: Sometimes even after successful re-authentication via opencode mcp auth cf-portal, the tools don't reappear until OpenCode is fully restarted.
Cloudflare 500 errors: Occasionally the MCP server returns Cloudflare 500 errors (portal.mcp.cfdata.org) which also trigger the same auth corruption path.
Suggested Improvements
Add OAuth token auto-refresh before expiry
Add corruption detection and auto-recovery for the auth cache file
Add a --force or --reset flag to opencode mcp auth
Show a visible warning when an MCP server disconnects mid-session
Allow reconnecting an MCP server without restarting OpenCode (e.g., via Ctrl+P menu)
Plugins
No response
OpenCode version
No response
Steps to reproduce
No response
Screenshot and/or share link
No response
Operating System
No response
Terminal
No response