Add documentation for Figma MCP OAuth in Docker sandboxes. The Figma MCP server (https://mcp.figma.com/mcp) uses
OAuth which can't complete inside a Docker sandbox because the redirect URI is unreachable from the host browser.
The workaround:
- Authenticate the Figma MCP from Claude Code running locally on the Mac (not in Docker)
- Extract the credentials from macOS Keychain:
security find-generic-password -s "Claude Code-credentials" -w
- Find the figma/mcp.figma.com entries in the JSON output
- Inject those entries into the sandbox's ~/.claude/.credentials.json
The MCP server definition lives in .mcp.json (checked into each project repo). Only the auth tokens in
.credentials.json are per-machine. When tokens expire, repeat the extract-and-inject flow.
This should be documented wherever sandbox setup/configuration docs live, since it affects any project that uses the
Figma MCP. Ideally this would also be scripted — a turbo command like turbo figma-auth <sandbox-name> that
automates the extract-and-inject flow.
Add documentation for Figma MCP OAuth in Docker sandboxes. The Figma MCP server (https://mcp.figma.com/mcp) uses
OAuth which can't complete inside a Docker sandbox because the redirect URI is unreachable from the host browser.
The workaround:
security find-generic-password -s "Claude Code-credentials" -w
The MCP server definition lives in .mcp.json (checked into each project repo). Only the auth tokens in
.credentials.json are per-machine. When tokens expire, repeat the extract-and-inject flow.
This should be documented wherever sandbox setup/configuration docs live, since it affects any project that uses the
Figma MCP. Ideally this would also be scripted — a turbo command like
turbo figma-auth <sandbox-name>thatautomates the extract-and-inject flow.