Custom MCP Client - No Option to Disable Dynamic Client Registration (DCR) and Use Static MCP_CLIENT_ID in Cursor IDE

Describe the Bug

I’m working with an internal MCP server (compliant with rfc-9728) that does not support Dynamic Client Registration (DCR) as per OAuth 2.1, and I’ve encountered issues with Cursor IDE attempting to perform DCR automatically during the authorization handshake.

Here’s what I need:

  1. A reliable way to force-disable DCR in Cursor so that it skips POSTing to the registration_endpoint, even if advertised in the server metadata.
  2. The ability to use a static client ID from an environment variable (MCP_CLIENT_ID) to complete the OAuth code flow with the existing authorization server.

What I’ve tried / Observed:

  • The DCR call is triggered automatically, leading to an error: Client error for command Incompatible auth server: does not support dynamic client registration
  • The server does expose a .well-known/oauth-protected-resource and openid-configuration, but not registration_endpoint.
  • I attempted to pass client_id using mcp.json and environment variables, but the DCR call still occurs.

Please let me know if:

  • This feature is already supported and I’m missing the correct configuration.
  • There’s a workaround or recommended way to achieve static client OAuth flows without relying on DCR.
  • Any Cursor source files can be patched temporarily as a last resort.

Thanks,
Ashwin Jeksani

Steps to Reproduce

Add MCP Client pointing to a server that supports local custom MCP Server

// ~/.cursor/mcp.json   or   .cursor/mcp.json (per‑project)
{
  "mcpServers": {
    "finance-prod": {
      "transport": "streamable-http",
      "url": "https://example.com/mcp",
      "oauth": {
        // Tell Cursor to skip DCR, this is not mandated by the spec
        "dynamicRegistration": false,
        "clientId": "${env:MCP_CLIENT_ID}"
        "clientSecret": "${env:MCP_CLIENT_SECRET}"
      }
    }
  }
}

Expected Behavior

  • If I define “dynamicRegistration”: false in the oauth config of a given MCP server in mcp.json, DCR should be completely skipped.
  • The client_id should be accepted from ${env:MCP_CLIENT_ID} and injected into the authorization request directly.
  • Ideally, a fallback should occur if the server’s metadata has no registration_endpoint or if DCR fails, to allow static client-based flows to proceed.

Operating System

MacOS

Current Cursor Version (Menu → About Cursor → Copy)

Version: 1.1.6 (Universal)
VSCode Version: 1.96.2
Commit: 5b19bac7a947f54e4caa3eb7e4c5fbf832389850
Date: 2025-06-25T02:16:57.571Z
Electron: 34.5.1
Chromium: 132.0.6834.210
Node.js: 20.19.0
V8: 13.2.152.41-electron.0
OS: Darwin arm64 24.5.0

Does this stop you from using Cursor

Sometimes - I can sometimes use Cursor

1 Like

Thanks for this note, Ashwin. Our team is working on supporting static client registration and expanded access for custom MCP servers more broadly. More to come in the next few weeks!

1 Like