Custom MCP Client - No Option to Disable Dynamic Client Registration (DCR) and Use Static MCP_CLIENT_ID in Cursor IDE

Ashwin_Jeksani · June 29, 2025, 8:47am

Describe the Bug

I’m working with an internal MCP server (compliant with rfc-9728) that does not support Dynamic Client Registration (DCR) as per OAuth 2.1, and I’ve encountered issues with Cursor IDE attempting to perform DCR automatically during the authorization handshake.

Here’s what I need:

A reliable way to force-disable DCR in Cursor so that it skips POSTing to the registration_endpoint, even if advertised in the server metadata.
The ability to use a static client ID from an environment variable (MCP_CLIENT_ID) to complete the OAuth code flow with the existing authorization server.

What I’ve tried / Observed:

The DCR call is triggered automatically, leading to an error: Client error for command Incompatible auth server: does not support dynamic client registration
The server does expose a .well-known/oauth-protected-resource and openid-configuration, but not registration_endpoint.
I attempted to pass client_id using mcp.json and environment variables, but the DCR call still occurs.

Please let me know if:

This feature is already supported and I’m missing the correct configuration.
There’s a workaround or recommended way to achieve static client OAuth flows without relying on DCR.
Any Cursor source files can be patched temporarily as a last resort.

Thanks,
Ashwin Jeksani

Steps to Reproduce

Add MCP Client pointing to a server that supports local custom MCP Server

// ~/.cursor/mcp.json   or   .cursor/mcp.json (per‑project)
{
  "mcpServers": {
    "finance-prod": {
      "transport": "streamable-http",
      "url": "https://example.com/mcp",
      "oauth": {
        // Tell Cursor to skip DCR, this is not mandated by the spec
        "dynamicRegistration": false,
        "clientId": "${env:MCP_CLIENT_ID}"
        "clientSecret": "${env:MCP_CLIENT_SECRET}"
      }
    }
  }
}

Expected Behavior

If I define “dynamicRegistration”: false in the oauth config of a given MCP server in mcp.json, DCR should be completely skipped.
The client_id should be accepted from ${env:MCP_CLIENT_ID} and injected into the authorization request directly.
Ideally, a fallback should occur if the server’s metadata has no registration_endpoint or if DCR fails, to allow static client-based flows to proceed.

Operating System

MacOS

Current Cursor Version (Menu → About Cursor → Copy)

Version: 1.1.6 (Universal)
VSCode Version: 1.96.2
Commit: 5b19bac7a947f54e4caa3eb7e4c5fbf832389850
Date: 2025-06-25T02:16:57.571Z
Electron: 34.5.1
Chromium: 132.0.6834.210
Node.js: 20.19.0
V8: 13.2.152.41-electron.0
OS: Darwin arm64 24.5.0

Does this stop you from using Cursor

Sometimes - I can sometimes use Cursor

noahberman · July 1, 2025, 1:40pm

Thanks for this note, Ashwin. Our team is working on supporting static client registration and expanded access for custom MCP servers more broadly. More to come in the next few weeks!

Topic		Replies	Views
OAuth Code Flow with Cursor in MCP Server Without Dynamic Client Registration Discussions	1	49	July 10, 2025
MCP OAuth2 authentication code and implicit problems Bug Reports	2	70	July 4, 2025
We need Cursor to support OAuth flow for remote MCP servers Feature Requests	6	1374	July 2, 2025
Cursor cannot pass auth identity to agent for MCP calls Bug Reports	1	137	June 7, 2025
Enhance MCP Integration in Cursor: Dynamic Tool Updates, Roots Support, progress tokens & Streamable HTTP Feature Requests	2	331	June 5, 2025