MCP OAuth: persist DCR client_id across reconnects (avoid AS-side registration spam)

Hey, great bug report, and thanks for the details.

This is a known issue. DCR persistence in Cursor is implemented, but there are a few edge-case paths that can force a re-registration instead of reusing the cached client_id, which is why you see duplicates on the AS side.

Over the last few weeks we’ve landed several solid fixes in this area (race conditions around invalidation credentials, contention when multiple clients are involved, and more), but some of them might not be in 3.1.15 yet. Please try updating to the latest version, and you might see the rate of re-registrations drop a lot.

I’ve passed this to the team to take a closer look. No exact timeline yet, but your report helps with prioritization, especially the context about AS-side cleanup, that’s a useful data point.

Let me know if anything changes after you update.