3 days ago
The Railway MCP server (https://mcp.railway.com) OAuth flow fails at the authorization step. Hitting the authorize URL returns:
{"error":"invalid_client","error_description":"client is invalid","state":"...","iss":"https://backboard.railway.com"}
What I've ruled out:
- Not a stale cached client. I deleted the cached OAuth client and re-ran the flow — a brand-new dynamically-registered client_id (different value) gets the SAME
invalid_clientat authorize. So Railway is rejecting a client it just issued via DCR. - Not my account/network.
railway loginvia the CLI works fine on the same machine, same user. - Backend is up: both discovery docs resolve —
- The DCR endpoint (https://backboard.railway.com/oauth/register) currently returns
{"error":"too_many_requests","error_description":"Rate limit exceeded"}after a few attempts.
Possible clue — resource indicator mismatch:
The protected-resource metadata advertises the resource as https://mcp.railway.com (no trailing slash), but the MCP client's authorize request uses resource=https%3A%2F%2Fmcp.railway.com%2F (WITH a trailing slash). If backboard matches the client/audience strictly, that trailing slash could be why a valid client reads as invalid.
Client: Claude Code MCP integration (HTTP transport to https://mcp.railway.com).
1 Replies
Heya @vinbitz - I’ve seen this and will check it out! Thanks for the heads up.