Hi @German_Lena,
Thanks for the detailed report and the pointer to the authorization server metadata. You’ve correctly identified the issue: when the token endpoint is on a non-default path (like /oauth2/token), Cursor isn’t using the token_endpoint value from the authorization server metadata and instead falls back to an incorrect URL.
This is a known issue affecting MCP servers that use a separate authorization server with custom token endpoint paths. You can see similar reports from users of other MCP providers in this thread.
Our engineering team is actively working on a fix. Unfortunately there isn’t a client-side workaround available right now since the issue is in the internal token exchange logic.
We’ll make sure this report is tracked alongside the fix effort. Apologies for the inconvenience.