Copilot Studio’s MCP (Model Context Protocol) connector to Salesforce is dropping the active session once the OAuth/JWT token expires and is not automatically re-authenticating using the refresh token.
As a result, every token expiration causes the MCP connection to become permanently disconnected until the user manually re-authenticates the integration.
Environment
Integration: Salesforce External Client App (ECA) ↔ Microsoft Copilot Studio via MCP
Salesforce Org Type: Production (non-Hyperforce)
What has been validated successfully on the Salesforce side
ECA OAuth scopes configured correctly:
api, refresh_token, openid, sfap_api, mcp_api
“Issue JWT-based access tokens for named users” setting: Enabled
PKCE: Disabled
(Disabling PKCE resolved the original handshake/authentication failure)
Refresh Token Policy: “Refresh token is valid until revoked”
OAuth Connected App status: Active
Connected user present and tokens valid/not revoked
Session timeout configured to 24 hours
No IP restrictions configured
MCP V2 endpoint was also created and tested; behavior remained the same
Observed behavior / failure
Once the JWT/OAuth token expires, Copilot Studio terminates the MCP session entirely instead of silently using the refresh token to re-authenticate
The session does not recover automatically and requires manual user re-authentication each time
This behavior was reproduced and validated live during our troubleshooting session
We revoked and recreated credentials successfully, and the MCP connection was re-established; however, the session dropped again once the token lifecycle completed
Other MCP-compatible integrations such as Claude and Gemini appear to handle token expiration gracefully by automatically performing background re-authentication, whereas Copilot Studio currently does not demonstrate the same behavior
Specific questions/request for Microsoft
Why does Copilot Studio’s MCP client not attempt automatic re-authentication when the Salesforce OAuth token expires?
Is there a Copilot Studio configuration or setting available to enable automatic token refresh handling for MCP integrations?
Is this a known limitation/issue within Copilot Studio MCP integrations, and if so, is there an available fix or roadmap timeline?
Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.
Share
Report
All responses (
Answers (
8,711
