Hey, thanks for the report. This is a known bug. Cursor starts OAuth discovery before it sends the POST with your Authorization header. If the server (in this case api.githubcopilot.com) responds to the OAuth discovery endpoints, Cursor tries Dynamic Client Registration, but GitHub doesn’t support it. That’s why you see the error.
More details on the root cause and discussion here: MCP headers config ignored when server has OAuth discovery
Unfortunately there’s no client-side workaround. The issue is that the logic “if Authorization is already in headers, skip OAuth” is missing. The team is aware, but there’s no ETA yet. Your report helps with prioritization.
Let me know if anything changes.