Hey, thanks for the detailed bug report. The logs are really helpful.
This is a known issue with MCP OAuth over Remote SSH. What happens is the OAuth callback finishes on the local side, but the MCP extension runs on the remote host. When you reconnect, the saved tokens don’t make it to the remote extension host, so right after ReloadClient it starts a new OAuth flow instead of using the token you already got.
The team is aware of this. I don’t have a specific timeline yet, but your report helps us prioritize it.
For now, your workaround using an API key via an env var is the most reliable option for Remote SSH. A couple of similar threads for context:
Let me know if you need anything else.