# Figma MCP Plugin β OAuth Account Switch Issue
## Summary
**Figma MCP `whoami` does not reflect account changes after logging out and switching accounts in Figma Desktop.** The MCP server caches the OAuth token server-side with no local mechanism to force re-authentication. There is currently **no known way** to switch the MCP-authenticated account β no `logout` tool, no re-auth flow, and no revoke entry found in Figma web settings (Connected Apps). Users are permanently locked to the first authenticated account.
**Plugin version**: `figma@claude-plugins-official` v2.2.68
**MCP server**: `https://mcp.figma.com/mcp`
**Platform**: macOS (Claude Code)
---
## Steps to Reproduce
1. Install Figma MCP plugin in Claude Code
2. Authenticate with Figma account A (`user-a@example.com`) β OAuth flow completes via Figma Desktop
3. `figma whoami` β returns account A β
4. In Figma Desktop: logout from account A, login as account B (`user-b@example.com`)
5. `figma whoami` β **still returns account A** β (expected: account B)
---
## Investigation & Root Cause
### What was tried (none worked):
| Action | Result |
|--------|--------|
| Logout from Figma Desktop + switch account | `whoami` unchanged |
| Delete Figma Keychain entry (`Figma Safe Storage`) | `whoami` unchanged |
| Clear `~/Library/Application Support/Figma/desktop_state.json` | `whoami` unchanged |
| Clear `~/Library/Application Support/Figma/settings.json` | `whoami` unchanged |
| Restart Claude Code + reload plugins | `whoami` unchanged |
| Visit `figma.com/settings` β Connected Apps β search for MCP grant to revoke | **No revoke entry found** β the Figma MCP grant does not appear in Connected Apps |
### Root cause:
The MCP authenticates via OAuth against `https://mcp.figma.com/mcp`. Once the OAuth grant is established, the token is cached **server-side** and is never invalidated when:
- The user logs out of Figma Desktop
- The user switches accounts in Figma Desktop
- Local credential stores (Keychain, state files) are cleared
There is **no known workaround**. The OAuth grant is invisible to the end user:
- Not listed in Figma web settings β Connected Apps
- No `logout` or `reauth` tool provided by the MCP plugin
- No documented account-switch procedure in the plugin README or POWER.md
---
## Expected Behavior
1. **`figma logout` should invalidate the MCP session** β clear the server-side OAuth token so the next `whoami` (or any MCP call) triggers a fresh OAuth flow
2. **Account changes in Figma Desktop should propagate** β if the Desktop app's active user changes, the MCP should detect this and prompt re-auth
3. **`figma whoami` should have a `--reauth` flag** β allow users to explicitly force re-authentication
---
## Suggested Fixes
1. **Add a `logout` or `reauth` MCP tool** β calls an endpoint on `mcp.figma.com` to revoke the current OAuth token server-side
2. **Bind MCP session to Figma Desktop's active user** β have the MCP server verify the Desktop user ID against the OAuth token on each call; if mismatched, return an auth error that triggers re-auth
3. **Add `--reauth` flag to `whoami`** β or make `figma logout` clear the server-side session
4. **Document the account-switch flow** β currently no documentation on how to change accounts for the MCP plugin
---
## Additional Notes
- The `figma-power/steering` directory in the plugin cache is empty β no logout/reauth binary exists
- The Keychain entry (`Figma Safe Storage` / `Figma Key`) appears unused by the MCP OAuth flow
- This affects any user with multiple Figma accounts (personal + work), which is common in enterprise settings
Β
