DX: MCP client OAuth (private_key_jwt) compatibility docs + Auth Logs default filter

[ekline]

Summary

Two developer-experience gaps surfaced through support while debugging MCP-over-OAuth client connections.

1. MCP client token-endpoint auth compatibility

Some MCP clients (for example, the ChatGPT connector) enforce private_key_jwt at the token endpoint even when the authorization server advertises other supported token-endpoint auth methods. This caused the /oauth/token exchange to fail for that client while the same server worked correctly with other clients. A platform fix has shipped.

• Document the supported MCP client token-endpoint auth methods and any known client-specific quirks.
• Document the remediation step for affected users: disconnect and reconnect the connector to force a fresh client registration with the corrected configuration.

Related: #671 (COOP header troubleshooting for OAuth popup flows in MCP clients).

2. Auth Logs default filter hides failures

When debugging a failing flow, developers reported the Auth Logs view defaults to showing success events only. The failing event that explains the error is hidden until the filter is switched to show all events, which costs debugging time.

• Evaluate defaulting the Auth Logs view to show all events, or surfacing failures more prominently.
• Consider exposing per-client logs on the MCP Clients page.

Related: #738 (DX for product — feature-term discoverability).

Source

Surfaced through developer support. Item 1 is shipped (docs follow-up); item 2 is a product/DX consideration.