Access Token Invalid or Expired (MCP Server + CodeScene Cloud)

If you encounter an "access token is invalid or expired" error when using the MCP Server with CodeScene Cloud, this typically indicates a configuration, environment, or connectivity issue rather than a problem with the token itself.

Step 1: Run Diagnostics

Start by running the MCP tool:

  • verify_installation

This tool provides detailed diagnostics and will help identify exactly where the failure occurs (authentication, connectivity, or configuration).

Step 2: Confirm Your Token

Ensure that:

  • Your Personal Access Token (PAT) for CodeScene Cloud is valid and active.

  • The token has not expired or been revoked.

Note that the associated email address does not affect authentication; only the validity of the token matters.

Step 3: Check for Environmental Restrictions

If your token is valid but still reported as invalid, the issue is often related to your environment:

  • You may be working in a corporate or restricted network.

  • Outbound access to CodeScene Cloud might be blocked or filtered.

In such cases, verify whether your environment allows connections to CodeScene Cloud endpoints.

Step 4: Custom Certificate Authority (CA) Issues

If your environment uses a custom certificate authority (CA), you may need to configure MCP accordingly.

  • Set the REQUESTS_CA_BUNDLE environment variable to point to your CA bundle.

More details are available here:
https://github.com/codescene-oss/codescene-mcp-server/blob/main/docs/configuration-options.md#ca_bundle

Important: There is a known issue affecting MCP versions 1.3, 1.3.1, and 1.3.2 related to custom CA handling. This may cause valid tokens to be incorrectly rejected so please upgrade to the latest version.

Step 5: Upgrade MCP Server

You are strongly advised to upgrade to the latest MCP Server version.

Newer versions provide:

  • Improved handling of custom certificate authorities.

  • More detailed and actionable diagnostic output from verify_installation.

Example Scenario

A user runs MCP inside a corporate network with strict outbound HTTPS inspection. Even with a valid token, requests to CodeScene Cloud fail due to untrusted certificates. By configuring REQUESTS_CA_BUNDLE with the corporate CA and upgrading MCP, the issue is resolved.

Summary of Common Causes

  • Invalid or expired PAT.

  • Network restrictions blocking CodeScene Cloud.

  • Missing or misconfigured custom CA.

  • Known bug in MCP versions 1.3–1.3.2.

If the issue persists after following these steps, run verify_installation and include its output when logging an issue with the MCP team.