Describe the bug
When running Copilot CLI inside a remote container (e.g., GitHub Codespaces, Dev Containers), the MCP OAuth flow redirects to a localhost callback URL that is unreachable from the user's browser. There is no mechanism to manually paste the authorization code/callback URL back into the CLI, unlike Claude Desktop which provides a dialog for this.
Affected version
1.0.36
Steps to reproduce
- Run Copilot CLI inside a GitHub Codespace or remote dev container
- Add an HTTP MCP server that requires OAuth
- Run
/mcp → trigger auth → browser opens and user authorises
- Browser attempts to redirect to
http://127.0.0.1:<port>/?code=...&state=...
- Redirect fails — localhost resolves to the user's local machine, not the container
- OAuth handshake never completes; MCP server remains unauthenticated
Expected behavior
The CLI should either: (a) detect that the callback was not received and prompt the user to paste the callback URL manually, or (b) provide a /mcp auth paste style command to accept the code out-of-band.
Workaround
Paste the callback URL to an AI agent running inside the container and have it curl the URL against the local listener. Not a user-friendly solution.
Additional context
Claude Desktop handles this via a dedicated token paste dialog. Related to #1491 (random port issue) but distinct — this is specifically about remote container environments where localhost is unreachable from the browser.
Describe the bug
When running Copilot CLI inside a remote container (e.g., GitHub Codespaces, Dev Containers), the MCP OAuth flow redirects to a
localhostcallback URL that is unreachable from the user's browser. There is no mechanism to manually paste the authorization code/callback URL back into the CLI, unlike Claude Desktop which provides a dialog for this.Affected version
1.0.36
Steps to reproduce
/mcp→ trigger auth → browser opens and user authoriseshttp://127.0.0.1:<port>/?code=...&state=...Expected behavior
The CLI should either: (a) detect that the callback was not received and prompt the user to paste the callback URL manually, or (b) provide a
/mcp auth pastestyle command to accept the code out-of-band.Workaround
Paste the callback URL to an AI agent running inside the container and have it
curlthe URL against the local listener. Not a user-friendly solution.Additional context
Claude Desktop handles this via a dedicated token paste dialog. Related to #1491 (random port issue) but distinct — this is specifically about remote container environments where localhost is unreachable from the browser.