Troubleshooting agent sign-in

If you are setting up Freddy with Claude Code, Cursor, or another agent and something is not working, this page covers the common cases. For the basic walkthrough, start with Connect Freddy from any AI agent.

My agent told me to "go to freddy.coach and sign up manually"

This is the most common one. Your agent's underlying model does not yet know about Freddy's device-flow sign-in, so it falls back to the only thing it knows: pointing you at the sign-up page.

You have two options:

1. Tell the agent about the flow. Drop the system-prompt snippet from Connect Freddy from Claude Code (Path A) into your agent's instructions or CLAUDE.md. The agent can then walk the flow itself.
2. Run the shell recipe once and paste the access token. This works for any agent that accepts a custom HTTP header for MCP servers. See Path B in the same article.

I opened the device URL and it said "expired"

The verification URL has a 10-minute window. If you start the flow, then go make coffee, the URL expires before you approve.

Just start the flow again. The shell recipe is cheap to re-run; the agent walking it itself can simply call /oauth/device_authorization again.

I get "audience_mismatch"

This means your token was minted for a different surface than you are calling. Two cases:

• Token from a different Freddy environment. If you have been testing locally against a dev build and copy-pasted a token to production by mistake, you will see this. Use the right environment's token.
• A ChatGPT-issued token used outside the ChatGPT connector. Tokens issued through the ChatGPT redirect flow are scoped to mcp only and bound to a different audience than tokens from device flow. They cannot be reused against the REST API. Fix: run the device flow yourself and request the scopes you need explicitly, e.g. scope=mcp account:read connections:write.

My access token expired

Access tokens (freddy_at_...) last 1 hour. The agent or shell recipe also returns a refresh token (freddy_rt_...) that lasts 60 days. To refresh:

curl -X POST https://freddy.coach/oauth/token \
  --data-urlencode "grant_type=refresh_token" \
  --data-urlencode "client_id=<your client_id>" \
  --data-urlencode "refresh_token=<freddy_rt_...>"

The response carries a fresh access token and a fresh refresh token. Replace your stored refresh token with the new one. Reusing the previous refresh token after rotation will revoke your entire grant for safety, and the agent will have to sign you in again from scratch.

If your agent caches the access token in MCP config, you will need to update the Authorization: Bearer ... header with the new value.

Can I keep using my existing path-token MCP URL?

Yes. The legacy URL of the form https://freddy.coach/mcp/<long-token> keeps working exactly as before. It also gets the three new write tools (connect_wearable, disconnect_wearable, sync_provider) automatically. There is no per-tool toggle and no read-only mode for path-tokens; the kill-switch if a URL leaks is POST /me/rotate-mcp-token from the dashboard, which invalidates the old URL immediately.

You only need the new device flow if you want a token your agent can refresh, or if your agent calls REST endpoints (account management, audit log, billing) in addition to MCP.

My wearable connect URL keeps redirecting me to login

When an agent connects a wearable on your behalf, Freddy generates a one-shot /connect/<provider> URL signed for your account. Opening that URL in a browser where you are not signed in will bounce you to login first, then continue the connect flow.

If that does not work (you sign in, and the page does not continue to the wearable's OAuth page), please file a bug. Email the URL, the timestamp, and the agent name to support@freddy.coach, or message us in-app at freddy.coach/app/chat.

I get "insufficient_scope"

You called an endpoint that needs a scope your token does not have. Common cases:

• Calling POST /connections/.../sync without connections:write.
• Reading the audit log without audit:read.

Re-run the device flow and pass the scopes you need in the scope parameter, separated by spaces. Available scopes: mcp, account:read, account:write, connections:write, audit:read.

I want to revoke an agent's access

Visit freddy.coach/app/connections, scroll to "Connected apps", and click revoke on the grant you want to remove. The agent's tokens are immediately invalid. The agent will need to sign in again from scratch the next time you use it.

Still stuck?

Email support@freddy.coach with the agent name, the exact error, and any logs you have. Or message us in-app at freddy.coach/app/chat. We respond fast.