OAuth MCP login fails

Where does the bug appear (feature/product)?

Cursor IDE

Describe the Bug

When trying to connect to a remote MCP server with OAuth (in my case Figma MCP) on Linux via AppImage, the cursor:// protocol handler doesn’t correctly authorize the OAuth flow.

After allowing the access via browser, the IDE initializes a new empty file with the name “callback?code=<code>&state=”. This is a similar problem to OAuth MCP login via custom protocol fails on Linux AppImage

Steps to Reproduce

Mostly directly copied from the previously mentioned bug report

1. Download Cursor AppImage and run it on Linux
2. Register a desktop entry with:

• MimeType=x-scheme-handler/cursor;

3. Register an MCP server with OAuth (e.g., Figma)
4. Cursor displays “Connect”
5. Click login, complete OAuth flow in the browser
6. Browser tries to open cursor://anysphere.cursor-mcp/oauth/user-/callback?code=…
7. Cursor opens a new tab, but does not process or finalize the OAuth login

Expected Behavior

The IDE should process the URL correctly to finish the OAuth handshake with the MCP server

Operating System

Linux

Current Cursor Version (Menu → About Cursor → Copy)

Version: 1.7.17
VSCode Version: 1.99.3
Commit: 34881053400013f38e2354f1479c88c9067039a0
Date: 2025-09-29T03:10:26.099Z
Electron: 34.5.8
Chromium: 132.0.6834.210
Node.js: 20.19.1
V8: 13.2.152.41-electron.0
OS: Linux x64 6.16.3-76061603-generic

Does this stop you from using Cursor

No - Cursor works, but with this issue

Hey, thanks for the report. We’ll investigate it.

In the meantime, is there any way for us to manually complete authentication given we have access to the token?

Where does the bug appear (feature/product)?

Cursor IDE

Describe the Bug

OAuth discovery and authorization work correctly, but the callback fails to return to Cursor after user authentication.

After successful authentication, Keycloak redirects to callback URL but browser stays on redirect page instead of returning to Cursor with the token.

Are there specific OAuth metadata fields Cursor requires beyond standard OpenID Connect discovery?

Steps to Reproduce

1. Add a streamable-http MCP server into Cursor MCP tools config:
   {
   “custom-mcp”: {
   “url”: “https://custom.com/mcp”
   }
   }

2. Try to connect from the IDE

3. It will take you to the authorization URL which is returned from metadata discovery as per the OAuth flow spec

4. Once it lets you login, it will get stuck/left there on the browser

Expected Behavior

Once it gets the token from the authorization URL/server, it should take the user back to the launched Cursor app.

Operating System

Linux

Current Cursor Version (Menu → About Cursor → Copy)

Version: 1.7.28
VSCode Version: 1.99.3
Commit: adb0f9e3e4f184bba7f3fa6dbfd72ad0ebb8cfd0
Date: 2025-10-01T02:45:21.769Z
Electron: 34.5.8
Chromium: 132.0.6834.210
Node.js: 20.19.1
V8: 13.2.152.41-electron.0
OS: Linux x64 6.14.0-29-generic

Does this stop you from using Cursor

No - Cursor works, but with this issue

Hello, have the same issue on my side, the auth flow only creates a file with the callback url.

Where does the bug appear (feature/product)?

Cursor IDE

Describe the Bug

It seems cursor is either not following DCR procedure properly or there is something else wrong. Cursor MCP is fundamentally broken. Multiple problems:

• Redirect after authentication opens a new cursor agent window - doesn’t get registered.
• npx mcp-remote based servers: get client not found error.

Goose desktop client doesn’t have these issues with the same configuration. It is fundamentally something that is going wrong with oauth authentication flow in cursor. It is not working correctly. Only thing that works right now is running local server and authenticating through mcp-remote with it.

Steps to Reproduce

Try connecting to any mcp server without mcp remote. With mcp remote sometimes it does sometimes it doesn’t. Try for example atlassian mcp.

Expected Behavior

Authentication flow should terminate with cursor having the token. It doesn’t.

Operating System

Linux

Current Cursor Version (Menu → About Cursor → Copy)

Version: 1.7.33
VSCode Version: 1.99.3
Commit: a84f941711ad680a635c8a3456002833186c4840
Date: 2025-10-03T03:28:06.574Z
Electron: 34.5.8
Chromium: 132.0.6834.210
Node.js: 20.19.1
V8: 13.2.152.41-electron.0
OS: Linux x64 6.14.0-33-generic

Does this stop you from using Cursor

Sometimes - I can sometimes use Cursor

Where does the bug appear (feature/product)?

Cursor IDE

Describe the Bug

I fail to authenticate via OAuth to my mcp-server

Cursor output logs -

2025-09-21 14:46:52.315 [info] Received OAuth callback with code
2025-09-21 14:46:54.309 [info] Using redirect URL {"url":"cursor://anysphere.cursor-retrieval/oauth/user-***-mcp/callback"}
2025-09-21 14:46:56.987 [info] Using redirect URL {"url":"cursor://anysphere.cursor-retrieval/oauth/user-***-mcp/callback"}
2025-09-21 14:46:57.633 [error] Failed to complete OAuth exchange authorization code does not exist

Backend logs -

"POST /token HTTP/1.1" 400 Bad Request

We’ve confirmed the auth flow works well in prev’s Cursor versions.

Steps to Reproduce

Try to authenticate via OAuth to a working mcp-server

Expected Behavior

OAuth exchange should work properly and mcp-server should load its tools and resources

Operating System

MacOS

Current Cursor Version (Menu → About Cursor → Copy)

Version: 1.6.42 (Universal)
VSCode Version: 1.99.3
Commit: 5911e9593196a000b1c00553aaf03b0b32042b90
Date: 2025-09-20T17:16:56.346Z
Electron: 34.5.8
Chromium: 132.0.6834.210
Node.js: 20.19.1
V8: 13.2.152.41-electron.0
OS: Darwin arm64 24.6.0

Does this stop you from using Cursor

No - Cursor works, but with this issue

Hi, posting here to give you know I have the same bug on my Linux (exactly the same cursor behaviour). It’s common issue now, not specific to one user.

Version: 1.7.39
VSCode Version: 1.99.3
Commit: a9c77ceae65b77ff772d6adfe05f24d8ebcb2790
Date: 2025-10-08T00:33:20.352Z
Electron: 34.5.8
Chromium: 132.0.6834.210
Node.js: 20.19.1
V8: 13.2.152.41-electron.0
OS: Linux x64 6.14.0-33-generic

Where does the bug appear (feature/product)?

Cursor IDE

Describe the Bug

I have issues adding figma mcp server to my cursor. when i add the mcp, it requires authentication. it successfuly authenticates in browser, but it cannot open the callback link in cursor. nothing happened after authentication. I searched the net it was tod to add a desktop file with this content:
[Desktop Entry]
Name=Cursor URL Handler
Exec=/opt/cursor/Cursor-1.7.33-x86_64.AppImage – %u
Type=Application
Terminal=false
MimeType=x-scheme-handler/cursor;
now it opens a new file with the link in title instead.

Steps to Reproduce

add figma mcp server from settings, tools and MCP, then add this link https://mcp.figma.com/mcp

Operating System

Linux

Current Cursor Version (Menu → About Cursor → Copy)

Version: 1.7.33
VSCode Version: 1.99.3
Commit: a84f941711ad680a635c8a3456002833186c4840
Date: 2025-10-03T03:28:06.574Z
Electron: 34.5.8
Chromium: 132.0.6834.210
Node.js: 20.19.1
V8: 13.2.152.41-electron.0
OS: Linux x64 6.14.0-33-generic

Does this stop you from using Cursor

No - Cursor works, but with this issue

Hey, try updating your Cursor first. From the way it looks, you aren’t on the latest version.
Then try adding Figma mcp again and connecting. You can quickly add it through the directory: MCP Directory | Cursor Docs

If it still happens, please check the Output tab in the same place as your Cursor terminal, and on the right select MCP: Figma to display any logs. Check the Output again to see whether there are any errors.

Still doesn’t work, I check every update. Seems like xdg-open is not working properly with AppImage Cursor. ,Add to Cursor” button also doesn’t work on the site you’ve linked MCP Directory | Cursor Docs clicking it just opens a new tab in Cursor as a file and nothing else happens, exactly the same as using xdg-open with the figma mcp auth. Btw I really don’t know if it’s important but I’m using Ubuntu with Wayland what is not specified below:

Version: 1.7.44
VSCode Version: 1.99.3
Commit: 9d178a4■■■89981b62546448bb32920a8219a5d0
Date: 2025-10-10T15:43:37.500Z
Electron: 34.5.8
Chromium: 132.0.6834.210
Node.js: 20.19.1
V8: 13.2.152.41-electron.0
OS: Linux x64 6.14.0-33-generic

Can confirm that it’s still not working on version 1.7.44. Adding the MCP server manually and from the mentioned directory produces the same bug.

Come on guys, we really need this. If its possible just give us a manual workaround or any clarification.

Version: 1.7.46
VSCode Version: 1.99.3
Commit: b9e5948c1ad20443a5cecba6b84a3c9b99d62580
Date: 2025-10-14T01:21:46.830Z
Electron: 34.5.8
Chromium: 132.0.6834.210
Node.js: 20.19.1
V8: 13.2.152.41-electron.0
OS: Linux x64 6.14.0-33-generic

I can also confirm it is not working for App image. Is there a work around? This problem has been around forever. The Open in Cursor buttons on the Agent dashboard do not work….

Any updates?

The problem is with the AppImage, the now offer (but didn’t communicate well on it), .deb images. The OAuth flow of the MCPs are working for me now after installing it.

I tried the AppImage and .rpm and they both fail on Fedora/KDE.
@Eugen can you perhaps share your Exec= line from Cursor’s .desktop ?

If I use the default Exec=/usr/share/cursor/cursor %F , an empty window opens when returning from the browser
If I change that to Exec=/usr/share/cursor/cursor %U a new tab opens for new file e.g. ~/cursor:/anysphere.cursor-mcp/oauth/user-.../callback?code=...

EDIT:

Ok, I believe I figured it out. If I run xdg-open 'cursor://anysphere.cursor-mcp/oauth/...’ it uses cursor-url-handler.desktop which correctly handles the callback. The .desktop file uses Exec=/usr/share/cursor/cursor --open-url %U
For AppImage users, it should be possible creating such cursor-url-handler.desktop file and registering the scheme with xdg-mime default cursor-url-handler.desktop 'x-scheme-handler/cursor'

So, it looks like in my case the browser (Edge ) doesn’t execute xdg-open in the same way.