ChatGPT MCP connector refreshes token on every tool call and doesn't persist sessions

Summary

ChatGPT’s MCP connector unconditionally refreshes the OAuth token and
creates a new MCP session before every single tool call, even when the access token is still
valid.

Observed Behavior

Every tool invocation follows this pattern:

POST /token (grant_type=refresh_token) ← token is still valid
initialize ← new MCP session
message processing canceled ← previous session killed
tools/call ← actual work

This happens regardless of expires_in — even with a freshly issued access token (e.g.,
expires_in: 3600), the next tool call triggers a full refresh + new session.

Evidence from Server Logs

Refresh token request — clientId={clientId}, userAgent=Python/3.12 aiohttp/3.13.3
POST /token → 200
initialize → Client
message processing canceled
tools/call → success
Refresh token request — clientId={clientId} ← immediately refreshes again
initialize → Client ← brand new session
tools/call → success

Problems This Causes

1. Unnecessary load on authorization servers. Every tool call hits the token endpoint even
   when the access token has minutes/hours of remaining validity.

2. Users are repeatedly prompted to re-authenticate despite having valid tokens with
   offline_access scope.

Environment

• MCP client: ChatGPT Desktop/Web
• OAuth flow: Authorization Code + PKCE (OAuth 2.1)
• Scopes: openid profile api offline_access
• Server correctly returns expires_in, access_token, and refresh_token in token responses

Same issue here except that on each tool call even when I manually connect it still gives me the “connect to x to continue”.

This is happening to us but, even if we click connect, it still doesn’t work… Keeps asking to “Connect to continue”

Same issue here, it was working well yesterday. Did anyone find how to resolve it?

Not sure if it’s related to your issue, but after deploying a new version of my app in the development environment without OAuth today, it continues to prompt ChatGPT wants to connect to {app}

When I click on “Connect” in the dialog below, the prompt is triggered again in an infinite loop.

image776×906 57.2 KB

I believe I am experiencing the same here when the MCP is using streaming-http stateless protocol. Are you using using this trasportation protocol too? (In my case I dont have any auth in place at all)

@malteCondor Could you try again ? I had the same issue, but it’s now fixed on my end without me doing anything

Yes, I am indeed using StreamableHTTPServerTransport.

unfortunately to me, it still not working, it must be a slightly different issue. Do you know if you have configured StreamableHTTPServerTransport to be stateless?

Directly after another deployment, it stopped working again. Something still seems to be faulty here.

@adellibovi-edreams

It is currently stateless.

Same problem; literally the same code that worked last week (FastMCP + Auth0 ) stopped working today

Same problem. Stuck in endless “Connect” loop. streaming-http, stateless, no auth.

I had this issue on Wed March 18th. Then yesterday, it was working fine. All day today, I’m getting the issue described above. My app is connected but everytime a tool is invoked, I’m stuck in the connect loop.

We are seeing the same loop in production with a custom MCP server and detailed logs.

What we can confirm from server-side logs:

- DCR works (/register 201, token_endpoint_auth_method=none).

- OAuth code flow works (/authorize → /token 200).

- Access tokens are valid and MCP calls are authorized (initialize, tools/list, resources/list all 200).

- We issue and return Mcp-Session-Id and later requests include it.

- We include OAuth challenge metadata and resource_metadata correctly.

Yet in ChatGPT web, after the connector shows as active, tool invocation can still trigger a fresh auth popup. This happens even when token + MCP RPC logs look healthy.

Question to OpenAI team: is there any known connector-side session invalidation/regression right now for stateless streamable HTTP transports (or specific required fields beyond current Apps SDK docs) that could cause repeated re-auth despite valid token + successful RPC handshake?

If useful, we can share sanitized trace IDs and exact request/response headers.

I’m having the same issue. Has anyone found a solution or gotten a response from OpenAI yet?

Had the same issue, suddenly started to work fine. Unclear how it was fixed and for how long.

Hi everyone apologies for this experience - this was due to an internal caching issue that we identified and rolled back earlier today. The issue started yesterday morning and lasted until ~ 3pm today. It affected a portion of users that were attempting to authenticate into their ChatGPT apps.

but is it normal for ChatGPT to call refresh token on every request?

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.