[Feature] Invalidate Oauth2 session

bug · August 12, 2025, 7:41am

Describe the Bug

After a MCP server is added and authenticated, logging out seem to re-use the same session. The same situation occurs when deleting and then re-adding the MCP server in the json file. Thiis request is to add a feature to invalidate the session so that an new Oauth2 cycle (including Dynamic Client Registration and (well known) server authentication server discovery is started). This will help to test and develop MCP servers authentication process.

Steps to Reproduce

Add an MCP server in the json file.
Connect
Logout the MCP server
Remove the MCP server form json file
Go back to integration panel.
Close Cursor
Restart cursor
Added the same server in json file
Observe Cursor find the tools, prompts from the MCP server w/o new authentication code flow

Expected Behavior

Add a button to invalid Oauth2 session.

Operating System

Linux

custom MCP server streaming HTTP , DCR and well known auth endpoint

Current Cursor Version (Menu → About Cursor → Copy)

Version: 1.4.3
VSCode Version: 1.99.3
Commit: e50823e9ded15fddfd743c7122b4724130c25df0
Date: 2025-08-08T17:34:53.060Z
Electron: 34.5.1
Chromium: 132.0.6834.210
Node.js: 20.19.0
V8: 13.2.152.41-electron.0
OS: Linux x64 6.16.0

Does this stop you from using Cursor

Yes - Cursor is unusable

Topic		Replies	Views
Delete oauth tokens when an mcp is uninstalled Bug Reports	1	42	August 10, 2025
MCP OAuth not working after 1.2.0 Bug Reports	7	164	August 7, 2025
MCP asks for OAuth even when disabled Bug Reports	1	68	June 28, 2025
MCP Oauth not working on Ubuntu Bug Reports	2	148	July 27, 2025
MCP OAuth2 authentication code and implicit problems Bug Reports	3	274	July 26, 2025