MCP oAuth fails with 404 error

Support Bug Reports
1

Where does the bug appear (feature/product)?

Cursor IDE

Describe the Bug

Latest version broke our MCP authorisation

auth work with version 3.0.9

2026-04-07 18:26:08.685 [info] ReloadClient completed, connected: false, statusType: needsAuth
2026-04-07 18:26:13.592 [info] Received OAuth callback with code
2026-04-07 18:26:16.243 [info] Using attempt-scoped OAuth client information for callback flow
2026-04-07 18:26:16.247 [info] Using redirect URL
2026-04-07 18:26:16.400 [error] Failed to complete OAuth exchange HTTP 404: Invalid OAuth error response: SyntaxError: Unexpected token '<', "<html>
<h"... is not valid JSON. Raw body: <html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>

I’m on version:

Version: 3.0.12 (Universal)

Also logs (even in debug mode) don’t tell which URL returned 404 so there is not much I can debug on my side

Steps to Reproduce

install 3.0.12 and use oAuth

Operating System

MacOS

Version Information

Version: 3.0.12 (Universal)
VSCode Version: 1.105.1
Commit: a80ff7dfcaa45d7750f6e30be457261379c29b00
Date: 2026-04-04T00:13:18.452Z
Layout: editor
Build Type: Stable
Release Track: Default
Electron: 39.8.1
Chromium: 142.0.7444.265
Node.js: 22.22.1
V8: 14.2.231.22-electron.0
OS: Darwin arm64 25.4.0

Does this stop you from using Cursor

Yes - Cursor is unusable

5

Hey @Karlis_Melderis!

There are a few known issues around MCP Auth and Cursor in 3.x. To determine whether this matches a known issue, could you share your mcp.json file and specify which MCP servers you’re trying to use? For example, we’ve received specific feedback about Atlassian and Webflow MCP servers.

8

it’s our own remote MCP server that support PKCE Auth

config looks like this:

    "mcp-xx": {
      "url": "https://mcp.something.com/mcp/v1",
      "auth": {
        "CLIENT_ID": "uuid..."
      }
    },
9

Thanks @Karlis_Melderis

I worked with a user yesterday who got past this issue by running Cmd + Shift + P > Cursor: Clear All MCP Tokens from the Editor window, and reconnecting their MCP server. Could you give that a try?

10

Unfortunately it didn’t help in our case

11

Hi @Colin , I’m from the same team as Karlis, are there any updates on the above issue? any timelines for the fix? it becomes critical for our project because as you can see this completely blocks further MCP integration.

12

The ticket is in progress, but not resolved yet! We’ll update this thread when there’s more to share.

13

:exploding_head:

so after resorting to good old network capture I figured out what’s wrong

our oAuth configuration was wrong
it was never meant to work honestly and because older Cursor versions auto-magically got around I was under impression that our setup is correct

e.g. this should probably never work :wink: and possibly even empty array

authorization_servers: [null],

Can you please add response validation for /.well-known/oauth-protected-resource response?
also please log response (at least in debug mode) and which auth URL will be tried to expedite debugging

we would have caught issue much earlier if Cursor wouldn’t try to be so nice :sweat_smile: