Bug: Mixed Auth fails when publishing app (406 / 400 on /mcp)

Gabriel_Camargo · January 19, 2026, 12:16pm

Summary

When trying to publish an app on the OpenAI Platform using the Apps SDK with Mixed Auth, the publishing flow fails during the tool scanning step.
The platform sends a POST /mcp request which returns an error (406 in TypeScript, 400 in Python), preventing the publishing process from completing.

The issue only occurs with Mixed Auth. Using OAuth or No Auth works as expected.

Steps to Reproduce

Create an app using this mixed auth example:
openai-apps-sdk-examples/authenticated_server_python at main · openai/openai-apps-sdk-examples · GitHub
Configure the authorization server (Auth0) following the instructions
Configure authentication mode as Mixed Auth on this screen:

Attempt to publish the app on the OpenAI Platform
During the publishing flow, the platform attempts to scan tools
The platform sends a POST request to /mcp
The request fails and publishing cannot continue

Actual Behavior

TypeScript

POST /mcp returns 406 Not Acceptable

Python

POST /mcp returns 400 Bad Request
Warning/error message:
Invalid Content-type: text/octet-stream

Expected Behavior

When using Mixed Auth, the platform should successfully call /mcp, scan the tools, and allow the publishing process to proceed, the same as with OAuth or No Auth.

Additional Context

This error blocks the tool scanning step, making it impossible to publish apps that require Mixed Auth.

benlesh · January 19, 2026, 10:54pm

Hey, @Gabriel_Camargo , do you happen to have an example repository? Did anything change? Or was this just a straight copy of the example above?

Gabriel_Camargo · January 20, 2026, 12:22am

Hey @benlesh! I actually ran into this issue while working on a private project. To rule out whether it was something specific to my application or a platform issue, I also tested using the example repository.

I basically cloned the repo, configured Auth0, set the environment variables, ran it using ngrok, and then tried to go through the login flow and scan the tools. The login itself works fine, but when returning to the platform, the tools are not scanned.

So the behavior seems to be the same both in my private project and in the example repo.

benlesh · January 20, 2026, 5:54pm

Alright, thanks for letting me know. I’ll make sure there’s a ticket around it.

Topic		Replies	Views
MCP File Uploads Broken on Mobile App 📱 ChatGPT Apps SDK	0	24	January 20, 2026
Not all requested permissions were granted ChatGPT Apps SDK oauth , app , mcp	3	348	December 7, 2025
Platform Chat + MCP Server + Never require approval = all tools calls fail Bugs playground , platform	3	188	December 15, 2025
Are ChatGPT docs lying about this MCP tool field existing? ChatGPT Apps SDK app , chatgpt-app , sdk , mcp , apps-sdk	4	457	December 20, 2025
MCP details save failed: No app id found ChatGPT Apps SDK mcp	2	98	December 26, 2025