Skip to main content
Question

Figma MCP: Cannot switch OAuth account β€” no logout/reauth mechanism

  • July 6, 2026
  • 2 replies
  • 28 views

Jinzhe

# Figma MCP Plugin β€” OAuth Account Switch Issue

## Summary

**Figma MCP `whoami` does not reflect account changes after logging out and switching accounts in Figma Desktop.** The MCP server caches the OAuth token server-side with no local mechanism to force re-authentication. There is currently **no known way** to switch the MCP-authenticated account β€” no `logout` tool, no re-auth flow, and no revoke entry found in Figma web settings (Connected Apps). Users are permanently locked to the first authenticated account.

**Plugin version**: `figma@claude-plugins-official` v2.2.68
**MCP server**: `https://mcp.figma.com/mcp`
**Platform**: macOS (Claude Code)

---

## Steps to Reproduce

1. Install Figma MCP plugin in Claude Code
2. Authenticate with Figma account A (`user-a@example.com`) β€” OAuth flow completes via Figma Desktop
3. `figma whoami` β†’ returns account A βœ“
4. In Figma Desktop: logout from account A, login as account B (`user-b@example.com`)
5. `figma whoami` β†’ **still returns account A** βœ— (expected: account B)

---

## Investigation & Root Cause

### What was tried (none worked):

| Action | Result |
|--------|--------|
| Logout from Figma Desktop + switch account | `whoami` unchanged |
| Delete Figma Keychain entry (`Figma Safe Storage`) | `whoami` unchanged |
| Clear `~/Library/Application Support/Figma/desktop_state.json` | `whoami` unchanged |
| Clear `~/Library/Application Support/Figma/settings.json` | `whoami` unchanged |
| Restart Claude Code + reload plugins | `whoami` unchanged |
| Visit `figma.com/settings` β†’ Connected Apps β€” search for MCP grant to revoke | **No revoke entry found** β€” the Figma MCP grant does not appear in Connected Apps |

### Root cause:

The MCP authenticates via OAuth against `https://mcp.figma.com/mcp`. Once the OAuth grant is established, the token is cached **server-side** and is never invalidated when:
- The user logs out of Figma Desktop
- The user switches accounts in Figma Desktop
- Local credential stores (Keychain, state files) are cleared

There is **no known workaround**. The OAuth grant is invisible to the end user:

- Not listed in Figma web settings β†’ Connected Apps
- No `logout` or `reauth` tool provided by the MCP plugin
- No documented account-switch procedure in the plugin README or POWER.md

---

## Expected Behavior

1. **`figma logout` should invalidate the MCP session** β€” clear the server-side OAuth token so the next `whoami` (or any MCP call) triggers a fresh OAuth flow
2. **Account changes in Figma Desktop should propagate** β€” if the Desktop app's active user changes, the MCP should detect this and prompt re-auth
3. **`figma whoami` should have a `--reauth` flag** β€” allow users to explicitly force re-authentication

---

## Suggested Fixes

1. **Add a `logout` or `reauth` MCP tool** β€” calls an endpoint on `mcp.figma.com` to revoke the current OAuth token server-side
2. **Bind MCP session to Figma Desktop's active user** β€” have the MCP server verify the Desktop user ID against the OAuth token on each call; if mismatched, return an auth error that triggers re-auth
3. **Add `--reauth` flag to `whoami`** β€” or make `figma logout` clear the server-side session
4. **Document the account-switch flow** β€” currently no documentation on how to change accounts for the MCP plugin

---

## Additional Notes

- The `figma-power/steering` directory in the plugin cache is empty β€” no logout/reauth binary exists
- The Keychain entry (`Figma Safe Storage` / `Figma Key`) appears unused by the MCP OAuth flow
- This affects any user with multiple Figma accounts (personal + work), which is common in enterprise settings
Β 

2 replies

Jaycee Lewis
Figmate

Hi ​@JinzheΒ πŸ‘‹ Thanks for flagging this. I took this to the MCP server team adn will follow up here with any updates I receive. Thank you! β€” Jaycee


Jaycee Lewis
Figmate

Hi, ​@JinzheΒ πŸ‘‹ It sounds like this is related toΒ client-side OAuth token persistence in Claude Code. I have two steps for you to try (in order):

  1. Run claude mcp remove figma-mcp && claude mcp add figma-mcp <url> in Claude Code. This drops the stored token and forces a fresh OAuth flow on your next tool call
  2. Log out of Figma.com in your browser before re-authorizing (or use an incognito window). The authorization page uses browser session cookies to identify the userβ€”not your Figma Desktop logged-in account. If the browser is still signed in as account A, the re-authorization will silently re-approve account A, even if Figma Desktop is on account B

Try both and let me know if that helps. Talk soon! β€” Jaycee