Cursor IDE
Latest version broke our MCP authorisation
auth work with version 3.0.9
2026-04-07 18:26:08.685 [info] ReloadClient completed, connected: false, statusType: needsAuth
2026-04-07 18:26:13.592 [info] Received OAuth callback with code
2026-04-07 18:26:16.243 [info] Using attempt-scoped OAuth client information for callback flow
2026-04-07 18:26:16.247 [info] Using redirect URL
2026-04-07 18:26:16.400 [error] Failed to complete OAuth exchange HTTP 404: Invalid OAuth error response: SyntaxError: Unexpected token '<', "<html>
<h"... is not valid JSON. Raw body: <html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
I’m on version:
Version: 3.0.12 (Universal)
Also logs (even in debug mode) don’t tell which URL returned 404 so there is not much I can debug on my side
install 3.0.12 and use oAuth
MacOS
Version: 3.0.12 (Universal)
Yes - Cursor is unusable
Colin
April 8, 2026, 10:38am
5
Hey @Karlis_Melderis !
There are a few known issues around MCP Auth and Cursor in 3.x. To determine whether this matches a known issue, could you share your mcp.json file and specify which MCP servers you’re trying to use? For example, we’ve received specific feedback about Atlassian and Webflow MCP servers.
it’s our own remote MCP server that support PKCE Auth
config looks like this:
"mcp-xx": {
"url": "https://mcp.something.com/mcp/v1",
"auth": {
"CLIENT_ID": "uuid..."
}
},
Colin
April 9, 2026, 11:46am
9
Thanks @Karlis_Melderis
I worked with a user yesterday who got past this issue by running Cmd + Shift + P > Cursor: Clear All MCP Tokens from the Editor window, and reconnecting their MCP server. Could you give that a try?
Unfortunately it didn’t help in our case
Hi @Colin , I’m from the same team as Karlis, are there any updates on the above issue? any timelines for the fix? it becomes critical for our project because as you can see this completely blocks further MCP integration.
Colin
April 13, 2026, 3:55pm
12
The ticket is in progress, but not resolved yet! We’ll update this thread when there’s more to share.
so after resorting to good old network capture I figured out what’s wrong
our oAuth configuration was wrong
e.g. this should probably never work
authorization_servers: [null],
Can you please add response validation for /.well-known/oauth-protected-resource response?
we would have caught issue much earlier if Cursor wouldn’t try to be so nice
Colin
April 30, 2026, 2:26pm
20
Hey all!
Things should be shaped up in Cursor 3.2. Give the latest version a try and let us know if you’re still facing the 404 issue.
in v 3.3.30 I’m observing that Cursor fails to try re-auth after token has expired
we have to explicitly chose “Logout” and then Cursor is back to normal
I would expect that once tokens are expired they are discarded and Cursor will try re-auth on it’s own
this keeps on repeating in logs:
2026-05-12 03:33:57.059 [error] Client error: Unauthorized Unauthorized
2026-05-12 03:50:01.883 [warning] MCP HTTP exchange failed
2026-05-12 03:50:01.884 [info] Using redirect URL
2026-05-12 03:50:01.887 [info] Saving PKCE code verifier
2026-05-12 03:50:02.103 [info] MCP OAuth redirect to authorization
2026-05-12 03:50:02.327 [info] Stored server URL for OAuth flow
2026-05-12 03:50:02.327 [info] OAuth provider needs auth callback during connection
2026-05-12 03:50:02.327 [error] Client error: Unauthorized Unauthorized
unfortunately as always Cursor is not showing what URLs and tokens were used here so I can only assume that issue is due to long expired token
once we “Logout” we’re back to normal for a while
2026-05-12 09:32:53.120 [info] [V2] Handling LogoutServer action
2026-05-12 09:32:53.120 [info] MCP OAuth provider initialized
2026-05-12 09:32:53.120 [info] Clearing stored OAuth data
2026-05-12 09:32:53.139 [info] Successfully cleared OAuth tokens
2026-05-12 09:32:53.139 [info] [V2] Removing client, reason: logout_server
2026-05-12 09:32:53.141 [info] [V2] Handling ReloadClient action
2026-05-12 09:32:53.141 [info] [V2 FSM] connection:connect_start: conn=idle,auth=unknown -> conn=connecting,auth=unknown
2026-05-12 09:32:53.840 [info] MCP OAuth provider initialized
2026-05-12 09:32:53.850 [info] Persisting static OAuth client information for callback flow
2026-05-12 09:32:54.327 [warning] MCP HTTP exchange completed
2026-05-12 09:32:55.093 [info] MCP HTTP exchange completed
2026-05-12 09:32:55.538 [warning] MCP HTTP exchange completed
2026-05-12 09:32:55.696 [warning] MCP HTTP exchange completed
2026-05-12 09:32:55.740 [info] MCP HTTP exchange completed
2026-05-12 09:32:55.741 [info] Using enriched static OAuth client information from storage
2026-05-12 09:32:55.741 [info] Using redirect URL
2026-05-12 09:32:55.742 [info] Using redirect URL
2026-05-12 09:32:55.742 [info] Saving PKCE code verifier
2026-05-12 09:32:55.746 [info] MCP OAuth redirect to authorization
2026-05-12 09:32:55.753 [info] Stored server URL for OAuth flow
2026-05-12 09:32:55.753 [info] OAuth provider needs auth callback during connection
2026-05-12 09:32:55.753 [info] Connect failed after auth_required; returning needsAuth (streamableHttp)
2026-05-12 09:32:55.754 [info] MCP OAuth needsAuth (v2)
2026-05-12 09:32:55.754 [info] ReloadClient completed, connected: false, statusType: needsAuth
2026-05-12 09:32:57.471 [info] [V2] Handling LogoutServer action
2026-05-12 09:32:57.471 [info] MCP OAuth provider initialized
2026-05-12 09:32:57.471 [info] Clearing stored OAuth data
2026-05-12 09:32:57.487 [info] Successfully cleared OAuth tokens
2026-05-12 09:32:57.487 [info] [V2] Removing client, reason: logout_server
2026-05-12 09:32:57.489 [info] [V2] Handling ReloadClient action
2026-05-12 09:32:57.489 [info] [V2 FSM] connection:connect_start: conn=idle,auth=unknown -> conn=connecting,auth=unknown
2026-05-12 09:32:57.625 [info] MCP OAuth provider initialized
2026-05-12 09:32:57.627 [info] Persisting static OAuth client information for callback flow
2026-05-12 09:32:57.801 [warning] MCP HTTP exchange completed
2026-05-12 09:32:57.926 [info] MCP HTTP exchange completed
2026-05-12 09:32:58.083 [warning] MCP HTTP exchange completed
2026-05-12 09:32:58.247 [warning] MCP HTTP exchange completed
2026-05-12 09:32:58.299 [info] MCP HTTP exchange completed
2026-05-12 09:32:58.300 [info] Using enriched static OAuth client information from storage
2026-05-12 09:32:58.301 [info] Using redirect URL
2026-05-12 09:32:58.301 [info] Using redirect URL
2026-05-12 09:32:58.302 [info] Saving PKCE code verifier
2026-05-12 09:32:58.306 [info] MCP OAuth redirect to authorization
2026-05-12 09:32:58.318 [info] Stored server URL for OAuth flow
2026-05-12 09:32:58.318 [info] OAuth provider needs auth callback during connection
2026-05-12 09:32:58.318 [info] Connect failed after auth_required; returning needsAuth (streamableHttp)
2026-05-12 09:32:58.318 [info] MCP OAuth needsAuth (v2)
2026-05-12 09:32:58.319 [info] ReloadClient completed, connected: false, statusType: needsAuth
2026-05-12 09:32:59.081 [info] Received OAuth callback with code
2026-05-12 09:32:59.083 [info] MCP OAuth provider initialized
2026-05-12 09:32:59.779 [info] Using attempt-scoped OAuth client information for callback flow
2026-05-12 09:32:59.780 [info] Using redirect URL
2026-05-12 09:33:00.329 [info] MCP OAuth tokens persisted
2026-05-12 09:33:00.337 [info] tokens() returning OAuth tokens
2026-05-12 09:33:00.337 [info] MCP OAuth callback exchange completed
2026-05-12 09:33:00.338 [info] [V2] Handling ReloadClient action
2026-05-12 09:33:00.338 [info] [V2 FSM] connection:connect_start: conn=idle,auth=unknown -> conn=connecting,auth=unknown
2026-05-12 09:33:00.473 [info] MCP OAuth provider initialized
2026-05-12 09:33:00.475 [info] Persisting static OAuth client information for callback flow
2026-05-12 09:33:00.480 [info] tokens() returning OAuth tokens
2026-05-12 09:33:00.624 [info] MCP HTTP exchange completed
2026-05-12 09:33:00.626 [info] tokens() returning OAuth tokens
2026-05-12 09:33:00.765 [info] MCP HTTP exchange completed
2026-05-12 09:33:00.766 [info] Successfully connected to streamableHttp server
and possibly even empty array