Cursor CLI - Robinhood MCP OAuth Fails

Support Bug Reports
, ,
1

Where does the bug appear (feature/product)?

Cursor CLI

Describe the Bug

Robinhood MCP OAuth fails in Cursor CLI during the authorize step. The IDE auth flow for the same server works.

Steps to Reproduce

  1. ~/.cursor/mcp.json contains:
     "robinhood": {
       "url": "https://agent.robinhood.com/mcp/trading"
     }
  1. Run agent mcp login robinhood in a standalone terminal
  2. CLI opens browser with auth URL containing redirect_uri=http%3A%2F%2Flocalhost%3A8787%2Fcallback
  3. CLI listens on http://localhost:8787/callback
  4. Robinhood goes to https://robinhood.com/oauth/error and shows something is wrong
  5. Browser console: 403 on authorize, 400 on security (Ă—3)
  6. No redirect to localhost; agent mcp list still shows requires_authentication

Expected Behavior

Robinhood authorize succeeds and redirects to http://localhost:8787/callback with an auth code, same as other MCP providers that support CLI OAuth.

Operating System

MacOS

Version Information

CLI Version 2026.06.04-5fd875e
Model Composer 2.5 Fast
Subscription Tier Pro
OS darwin (arm64)
Terminal iterm2
Shell zsh

Does this stop you from using Cursor

No - Cursor works, but with this issue

5

Hey, thanks for the detailed report. This is a known CLI limitation, not something specific to Robinhood.

What’s happening:
The CLI uses the loopback redirect URI http://localhost:8787/callback, while the IDE uses a different callback mechanism, a deeplink like cursor://.... Robinhood’s OAuth server accepts the IDE option, but rejects the CLI loopback one. That’s why you see a 403 on authorize and a redirect to robinhood.com/oauth/error. So the same server can log in from the IDE, but fails via agent mcp login.

We saw the exact same pattern with Slack MCP in the CLI. Details here: Slack MCP: CLI login fails — redirect_uri mismatch (localhost:8787). Some fixes around redirect URI reordering have already shipped, but for providers that don’t allowlist loopback addresses, this still happens. This is a known issue and it’s being tracked, but I can’t share an ETA for Robinhood.

What you can do right now:

  • The IDE path still works, auth for this server succeeds there.
  • If Robinhood supports MCP via stdio or a token flow without an OAuth redirect, that transport is stable in the CLI since it fully avoids the loopback flow.

If I have an update on a fix, I’ll post it in the thread.