Custom MCP Client - No Option to Disable Dynamic Client Registration (DCR) and Use Static MCP_CLIENT_ID in Cursor IDE

Ashwin_Jeksani · June 29, 2025, 8:47am

Describe the Bug

I’m working with an internal MCP server (compliant with rfc-9728) that does not support Dynamic Client Registration (DCR) as per OAuth 2.1, and I’ve encountered issues with Cursor IDE attempting to perform DCR automatically during the authorization handshake.

Here’s what I need:

A reliable way to force-disable DCR in Cursor so that it skips POSTing to the registration_endpoint, even if advertised in the server metadata.
The ability to use a static client ID from an environment variable (MCP_CLIENT_ID) to complete the OAuth code flow with the existing authorization server.

What I’ve tried / Observed:

The DCR call is triggered automatically, leading to an error: Client error for command Incompatible auth server: does not support dynamic client registration
The server does expose a .well-known/oauth-protected-resource and openid-configuration, but not registration_endpoint.
I attempted to pass client_id using mcp.json and environment variables, but the DCR call still occurs.

Please let me know if:

This feature is already supported and I’m missing the correct configuration.
There’s a workaround or recommended way to achieve static client OAuth flows without relying on DCR.
Any Cursor source files can be patched temporarily as a last resort.

Thanks,
Ashwin Jeksani

Steps to Reproduce

Add MCP Client pointing to a server that supports local custom MCP Server

// ~/.cursor/mcp.json   or   .cursor/mcp.json (per‑project)
{
  "mcpServers": {
    "finance-prod": {
      "transport": "streamable-http",
      "url": "https://example.com/mcp",
      "oauth": {
        // Tell Cursor to skip DCR, this is not mandated by the spec
        "dynamicRegistration": false,
        "clientId": "${env:MCP_CLIENT_ID}"
        "clientSecret": "${env:MCP_CLIENT_SECRET}"
      }
    }
  }
}

Expected Behavior

If I define “dynamicRegistration”: false in the oauth config of a given MCP server in mcp.json, DCR should be completely skipped.
The client_id should be accepted from ${env:MCP_CLIENT_ID} and injected into the authorization request directly.
Ideally, a fallback should occur if the server’s metadata has no registration_endpoint or if DCR fails, to allow static client-based flows to proceed.

Operating System

MacOS

Current Cursor Version (Menu → About Cursor → Copy)

Version: 1.1.6 (Universal)
VSCode Version: 1.96.2
Commit: 5b19bac7a947f54e4caa3eb7e4c5fbf832389850
Date: 2025-06-25T02:16:57.571Z
Electron: 34.5.1
Chromium: 132.0.6834.210
Node.js: 20.19.0
V8: 13.2.152.41-electron.0
OS: Darwin arm64 24.5.0

Does this stop you from using Cursor

Sometimes - I can sometimes use Cursor

noahberman · July 1, 2025, 1:40pm

Thanks for this note, Ashwin. Our team is working on supporting static client registration and expanded access for custom MCP servers more broadly. More to come in the next few weeks!

yurikunash · July 17, 2025, 3:41am

Hello @noahberman since more than 2 weeks have passed after your reply, is there more clarity about the expected timeline of resolving this issue?
Thank you

Topic		Replies	Views
OAuth Code Flow with Cursor in MCP Server Without Dynamic Client Registration Discussions	1	168	July 10, 2025
Securing Dynamic Client Registration (DCR) from Abuse in OAuth for MCP Server Discussions	1	35	July 24, 2025
MCP OAuth2 authentication code and implicit problems Bug Reports	3	187	July 26, 2025
We need Cursor to support OAuth flow for remote MCP servers Feature Requests	7	1743	July 28, 2025
Delete oauth tokens when an mcp is uninstalled Bug Reports	0	19	July 19, 2025