Auth error with OpenAI API using MCP server

English Forum Developers & API
1

The Asana MCP (Model Context Protocol) server integration fails with authentication errors when accessed through OpenAI’s Responses API, despite the OAuth token working correctly for direct Asana API calls. This prevents the use of Asana tools in our AI reasoning engine.

Error Details

Primary Error

Error code: 424 - {
  'error': {
    'message': "Error retrieving tool list from MCP server: 'Asana'. Http status code: 401 (Unauthorized)",
    'type': 'external_connector_error',
    'param': 'tools',
    'code': 'http_error'
  }
}

Error Flow

  1. User initiates reasoning session with Asana enabled in tools
  2. Our backend builds MCP tool configuration with Asana credentials
  3. OpenAI’s API attempts to probe the Asana MCP server at https://mcp.asana.com/sse
  4. Asana MCP server returns 401 Unauthorized
  5. OpenAI surfaces this as a 424 external_connector_error
  6. Our API returns 500 Internal Server Error to the frontend

Environment

  • Asana MCP Server URL: https://mcp.asana.com/sse
  • Authentication Method: OAuth 2.0
  • Token Storage: PostgreSQL with encryption (working correctly)
  • OpenAI API: GPT-5 Responses API (/v1/responses)
  • Backend: Python FastAPI
  • Working Integration: Zapier MCP (for comparison)

Code Implementation

Current Configuration (Not Working)

File: backend/app/core/gpt5_client.py

# Building Asana MCP tool configuration
if "asana" in ds.name.lower():
    access_token = credentials.get("access_token")
    
    if access_token:
        tools.append({
            "type": "mcp",
            "server_label": "Asana",
            "server_description": "Asana project management tools",
            "server_url": "https://mcp.asana.com/sse",
            "authorization": access_token,  # Raw OAuth token
            "require_approval": "never"
        })

Working Zapier Configuration (For Comparison)

# Zapier MCP configuration that works correctly
elif "zapier" in ds.name.lower():
    mcp_server_url = ds.config.get("mcp_server_url")
    api_key = credentials.get("api_key")
    
    if mcp_server_url and api_key:
        tools.append({
            "type": "mcp",
            "server_label": "Zapier",
            "server_description": "Zapier automation and workflow tools",
            "server_url": mcp_server_url,
            "authorization": api_key,  # Raw API key
            "require_approval": "never"
        })

Direct Asana API Call (Working)

File: backend/app/api/v1/endpoints/asana.py

# This works correctly with the same token
me_response = await client.get(
    "https://app.asana.com/api/1.0/users/me",
    headers={"Authorization": f"Bearer {tokens['access_token']}"},
    timeout=10.0
)
# Returns 200 OK with user data

Attempted Solutions

We’ve tried multiple authentication formats, all resulting in the same 401 error:

1. Raw Token (Current)

"authorization": access_token

Result: 401 Unauthorized

2. Bearer Prefix in Authorization Field

"authorization": f"Bearer {access_token}"

Result: 401 Unauthorized

3. Headers Object with Bearer Token

"headers": {
    "Authorization": f"Bearer {access_token}"
}

Result: 401 Unauthorized

4. Both Authorization Field and Headers

"authorization": access_token,
"headers": {
    "Authorization": f"Bearer {access_token}"
}

Result: 400 Bad Request - “Cannot specify both ‘authorization’ parameter and ‘Authorization’ header”

Token Storage and Retrieval

The OAuth token is correctly stored and retrieved from our database:

# Token storage after OAuth callback
credentials_json = json.dumps({
    "access_token": tokens.get("access_token"),
    "refresh_token": tokens.get("refresh_token"),
    "expires_in": tokens.get("expires_in"),
    "token_type": tokens.get("token_type", "Bearer")
})
credentials_encrypted = encrypt_value(credentials_json)

Any ideas?

1 Like
2

Hi @Chris_Wright,

Thanks for reaching out!

Dominik from the Asana API Support team here. I can see you’ve already submitted a support ticket for this MCP-related issue, so I’ll be taking over that case to ensure you get the specialized attention this needs. I’ll provide you with a more detailed response tomorrow at the latest.

As the Asana MCP is a new feature that is still in beta, I need to conduct some additional research and analysis to establish what has gone wrong.

I will follow up directly through your support ticket with my findings and will add a note here if the issue turns out to be more general.

Best,
Dominik

3 Likes
3

Hi @Chris_Wright and everyone!

I wanted to follow up with some good news.

Thanks to your feedback about MCP authentication challenges, we’ve improved our documentation to provide clearer guidance for all developers and added two new sections covering authentication methods to our Integrating with Asana’s MCP Server documentation.

This is a direct result of community feedback, so thank you for taking the time to report these issues, it helps us improve the developer experience for everyone!

Best,
Dominik

2 Likes