Fixing Sentry MCP Server Authentication in Remote VS Code (Code-Server)
The Model Context Protocol (MCP) is a powerful standard that allows AI assistants—like Amazon Q, Cursor, or GitHub Copilot—to interact directly with developer tools. However, integrating the Sentry MCP Server into a remote IDE environment, such as VS Code running on a code-server instance, often hits a wall due to the OAuth authentication flow. This post walks through the necessary steps to bypass the failed 127.0.0.1 OAuth redirect and successfully configure the Sentry MCP Server using the Local STDIO Transport and a User Access Token.
1. The Problem: OAuth Redirect Failure
When attempting to configure the Sentry MCP Server using the standard OAuth flow in a remote VS Code environment (like code-server accessed via a private IP), the system tries to redirect the user back to http://127.0.0.1. Since this IP refers to the local browser machine, not the remote code-server host, the authentication step fails with a timeout.
The solution is to use Sentry’s Local STDIO Mode, which authenticates using a pre-generated token, completely bypassing the web-based OAuth flow.
2. Generate the Sentry User Auth Token
The local MCP server requires a Sentry User Auth Token (which is a Personal Access Token) with specific scopes to access your organization’s data.
- Navigate to your Sentry Account Settings.
- Go to Auth Tokens and generate a new token.
- Ensure the token includes the following required scopes for full Amazon Q Developer functionality:
org:readproject:read,project:writeteam:read,team:writeevent:write,event:readmember:readalerts:readproject:releases
Note: Treat this token like a password. Save it securely.
3. Configure the MCP Server in Your AI Client
Instead of using the default arguments that attempt a remote connection, we configure the client (Amazon Q Developer in VS Code) to launch the Sentry MCP server locally using the npx command and our new token. This process is done via the “Add MCP Server” interface in your AI assistant’s settings.
Correct Configuration Details
| Field | Value | Notes |
|---|---|---|
| Name | Sentry |
A descriptive name for the server. |
| Transport | stdio |
Specifies running a local command (Standard Input/Output). |
| Command | npx |
The executable used to run the Node package. |
Entering the Arguments
The key to success is providing the arguments in the correct sequence. When adding the server in the Amazon Q UI, you must enter each part of the command as a separate line or argument field:
- Argument 1:
@sentry/mcp-server@latest - Argument 2:
--access-token - Argument 3:
<YOUR_SENTRY_USER_TOKEN>
Replace <YOUR_SENTRY_USER_TOKEN> with the long token string generated in Step 2.
Adding Environment Variables
To allow Amazon Q Developer to function, you may need to add the OPENAI_API_KEY to the Environment variables section in the “Edit MCP Server” interface (or the equivalent configuration UI for setting STDIO server environment variables).
| Field Name | Value | Notes |
|---|---|---|
OPENAI_API_KEY |
<YOUR_OPENAI_KEY> |
Required by some models utilized by the Sentry MCP server. |
Self-Hosted Sentry Adjustment
If you are using a self-hosted Sentry instance, you must include a fourth argument to specify your host:
- Argument 4:
--host=<YOUR_SENTRY_HOST>(e.g.,--host=sentry.example.com)
Conclusion
By configuring the MCP server to use the Local STDIO Transport and providing the --access-token and OPENAI_API_KEY directly, you successfully decouple the authentication process from the remote IDE’s network limitations. Your AI assistant can now securely access Sentry data from your remote code-server instance, providing valuable context without leaving your editor.
Did you find this useful?
I'm always happy to help! You can show your support and appreciation by Buying me a coffee (I love coffee!).