verify_intent / get_verification over the network — no local process to install.
- One-click OAuth — Claude.ai, Claude Desktop, Claude mobile, and ChatGPT open a Chance sign-in screen; no key to paste.
- API key — the Anthropic and OpenAI developer APIs pass your
chance_sk_key as a header.
Prefer a local install (Claude Desktop / Cursor / Windsurf via
npx)? Use the stdio MCP server instead — same tools, runs on your machine.Claude.ai · Claude Desktop · Claude mobile (OAuth)
1
Open connector settings
Settings → Connectors → Add custom connector (Team/Enterprise: an owner adds it under Organization settings).
2
Add the URL
Paste
https://harness.chance.cc/api/mcp and click Add. No OAuth client ID/secret needed — Chance registers your client automatically.3
Sign in
Click Connect and approve on the Chance screen (sign in with the same account as your dashboard). Done —
verify_intent is now available in chat.ChatGPT (OAuth)
Enable Developer Mode (Settings → Connectors → Advanced), then Add custom connector and enterhttps://harness.chance.cc/api/mcp. Approve the Chance sign-in. Developer Mode exposes the full read/write tools (verify_intent is a write tool); the read-only Deep Research connector path is not the one you want here.
Anthropic Messages API (key)
Call the remote server directly from the API with the MCP connector — yourchance_sk_ key goes in authorization_token:
The MCP-connector beta header and exact fields evolve — see Anthropic’s MCP connector docs for the current version.
OpenAI Responses API (key)
Add a remote MCP tool and pass your key as a header:Any MCP client, via bridge (key)
For a client that only speaks local stdio, bridge to the hosted server with your key:How the OAuth flow works
Chance implements the MCP Authorization spec (OAuth 2.1 + PKCE):- Discovery —
/.well-known/oauth-protected-resourceand/.well-known/oauth-authorization-server - Dynamic Client Registration — clients register automatically; nothing to configure
- PKCE (S256), single-use authorization codes, and rotating refresh tokens
- The consent screen authenticates you with the same identity as the dashboard, then issues the client a scoped token that spends your credits
