#Asana MCP OAuth completes, but Codex sends an invalid token and Asana tools never become available

1 messages · Page 1 of 1 (latest)

slim vineBOT
#

Reported by @surreal pumice

Bug Report: Asana MCP OAuth completes, but Codex sends an invalid token and Asana tools never become available
`Steps to Reproduce`
  1. Remove existing Asana MCP config:
    codex mcp remove asana
  2. Add Asana MCP again:
    codex mcp add asana --url https://mcp.asana.com/v2/mcp
  3. Complete the OAuth flow in the browser from the URL printed by the command.
  4. The command reports:
    Successfully logged in.
  5. Also tested the strict auth-only flow:
    codex mcp login asana
  6. That command reports:
    Successfully logged in to MCP server 'asana'.
  7. After that, launch a fresh Codex session/subprocess and
`Expected Result`
  • Asana MCP should expose usable Asana tools/resources in the fresh session.
  • I should be able to list accessible Asana workspaces/teams or perform any basic Asana MCP read action.
`Actual Result`

  • Fresh session does not expose usable Asana MCP actions.

  • Asana MCP worker fails with this error:

    Transport channel closed, when AuthRequired(AuthRequiredError { www_authenticate_header: "Bearer realm=\"Asana MCP\", resource_metadata=\"https://mcp.asana.com/.well-known/oauth-protected-resource/v2\", error=\"invalid_token\", error_description=\"Invalid token signature - token was not issued by Asana OAuth\"" })

  • The fresh session then reports that Asana MCP tools are unavailable.

`Environment`
  • Codex desktop on macOS - codex --version returned codex-cli 0.118.0-alpha.2 - Asana MCP URL: https://mcp.asana.com/v2/mcp
#
Additional Information

Please provide relevant details to help resolve the issue, such as:

  • ChatGPT Shared Link (if applicable).
  • Screenshots or videos demonstrating the problem.

-# ➜ Need to contact support? Visit the OpenAI Help Center.

surreal pumice
#
  • This is reproducible after logout, restart, remove/re-add, and strict single-login flow.
  • ClickUp MCP works after the same remove/re-add OAuth procedure, so the Codex environment can complete this pattern successfully for at least one OAuth MCP server.
  • codex mcp list still shows Auth: Unsupported for both ClickUp and Asana, so that field may not reflect actual auth state in this build.