I'm building a GitHub app that posts reviews in pull requests for repos where it's installed.

What I'm wondering is, which token should I use to authenticate against the MCP server?
Readinghttps://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/about-authentication-with-a-github-app it seems I should authenticate as an application install, so the agent can get access to the target repo through the MCP.

However, if I do that then Claude Code fails to connect to the MCP server, whereas it succeeds if I use e.g. my personal GitHub token.
I verified that the installation access token is correct/has the right permissions by making a GitHub API request with it, aGET on my target pull request:

curl -X GET "https://api.github.com/repos/<org>/<repo>/pulls/1" -H "Authorization: Bearer ghs_..."

I then tried to directly ping the MCP server:

curl -X GET "https://api.githubcopilot.com/mcp/x/pull_requests" -H"Authorization:Bearer <token>"

this works when using my personal token (ghp_...) but not with an installation access token. In the latter case I get a 400 response code with messagebad request: Authorization header is badly formatted

What is your guidance on this?