Describe the Bug
We have a Django backend running at http://django.x where we have implemented the authorize, token, callback, the well_known endpoints (oauth-protected-resource and oauth-authorization-server.
Then we have an MCP server where we list the MCP tools and have our MCP-related implementation there, let’s call it http://mcp.y
–
The bug is that despite clearly mentioning that our oauth server is django.x and MCP server is mcp.y, MCP continues to send the authorize and oauth-authorization-server calls to mcp.y, where the endpoints do not exist.
Steps to Reproduce
Here is the mcp.json that we have so far:
{
"mcpServers": {
"CoolApp": {
"url": "http://mcp.y/mcp/",
"transport": {
"type": "http",
"url": "http://mcp.y/mcp/",
"requiresAuth": true,
"scopes": [
"openid",
"profile",
"email"
]
},
"oauthConfig": {
"protectedResourceUrl": "http://django.x/.well-known/oauth-protected-resource",
"authorizationServerMeta": "http://django.x/.well-known/oauth-authorization-server",
"authorizationUrl": "http://django.x/authorize",
"tokenUrl": "http://django.x/token",
"registrationUrl": "http://django.x/register",
"openidConfiguration": "http://django.x/.well-known/openid_configuration"
}
}
}
}
Despite all this setting, Cursor continues to send the calls to the wrong server.
Expected Behavior
It should point the oauth calls to django.x and the MCP calls to mcp.y, simply. We think that there might be an issue in Cursor’s implementation OR the documentation is unclear regarding our mcp.json.
Operating System
MacOS
Current Cursor Version (Menu → About Cursor → Copy)
Version: 1.1.6 (Universal)
VSCode Version: 1.96.2
Commit: 5b19bac7a947f54e4caa3eb7e4c5fbf832389850
Date: 2025-06-25T02:16:57.571Z
Electron: 34.5.1
Chromium: 132.0.6834.210
Node.js: 20.19.0
V8: 13.2.152.41-electron.0
OS: Darwin arm64 24.5.0
Does this stop you from using Cursor
Yes - Cursor is unusable