Bug Report: SDK Local Agents Cannot Access HTTP MCPs with OAuth from settingSources
Summary
When using @cursor/sdk with local.settingSources: ["user"], HTTP-based MCPs that use OAuth (like Notion and Linear) are not loaded, even though:
-
They are configured in
~/.cursor/mcp.json -
The user has completed OAuth authentication via the Cursor app
-
The MCPs work correctly from within a Cursor IDE session
Stdio-based MCPs from the same config file ARE loaded correctly.
Environment
-
Cursor SDK:
@cursor/[email protected] -
Node.js: v24.12.0
-
macOS: 24.6.0 (darwin)
-
Cursor App Version: (current as of May 2026)
Expected Behavior
Per the SDK documentation:
“If a local MCP server requires OAuth login, the SDK can’t prompt you to sign in. It only works if you’ve already signed in to that server from the Cursor app, in which case the SDK reuses that saved login.”
HTTP MCPs configured in ~/.cursor/mcp.json with OAuth should be available to SDK agents when settingSources: ["user"] is set, provided the user has already authenticated via the Cursor app.
Actual Behavior
-
Stdio MCPs from
~/.cursor/mcp.jsonARE loaded (github, slack, LaunchDarkly, etc.) -
HTTP MCPs from
~/.cursor/mcp.jsonare NOT loaded (notion, Linear)
The agent reports: “MCP server not available” for HTTP MCPs.
Reproduction Steps
1. User’s ~/.cursor/mcp.json contains both types:
{
"mcpServers": {
"github": {
"command": "/path/to/github-mcp.sh"
},
"slack": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-slack"],
"env": { "SLACK_BOT_TOKEN": "..." }
},
"notion": {
"url": "https://mcp.notion.com/mcp"
},
"Linear": {
"url": "https://mcp.linear.app/mcp",
"headers": {}
}
}
}
2. User has authenticated Notion and Linear via Cursor app
Both MCPs work from within a Cursor IDE session:
-
CallMcpTooltouser-notion→ Works
-
CallMcpTooltouser-Linear→ Works
3. SDK agent is created with settingSources
import { Agent } from "@cursor/sdk";
const agent = await Agent.create({
apiKey: process.env.CURSOR_API_KEY!,
model: { id: "claude-haiku-4-5" },
local: {
cwd: "/path/to/repo",
settingSources: ["user", "project", "plugins"],
},
});
const run = await agent.send("List the MCPs you have access to");
4. Agent output shows HTTP MCPs missing
Agent reports available MCPs:
-
LaunchDarkly
-
mcp-clickhouse
-
recall
-
slack
-
github
-
plugin-figma-figma
Missing:
-
notion
-
Linear
Workaround
Currently, the only workaround is to:
-
Obtain API tokens (not OAuth) for Notion/Linear
-
Configure them inline in the SDK with explicit
headers:
const agent = await Agent.create({
// ...
mcpServers: {
notion: {
type: "http",
url: "https://mcp.notion.com/mcp",
headers: { Authorization: `Bearer ${NOTION_API_KEY}` },
},
},
});
This defeats the purpose of settingSources and requires duplicate configuration.
Root Cause Hypothesis
The SDK loads MCP configs from ~/.cursor/mcp.json but does not have access to the OAuth token storage that the Cursor IDE uses. For HTTP MCPs without explicit headers or auth blocks, the SDK cannot authenticate.
The Cursor IDE stores OAuth tokens separately (likely in a secure credential store), and the SDK’s settingSources mechanism doesn’t include reading from that store.
Impact
This breaks the promise of “reusing saved logins” for HTTP OAuth MCPs when using the SDK. Users building automation tools that need multiple MCPs must either:
-
Duplicate MCP configuration with explicit tokens
-
Use workarounds (CLI fallbacks, API tokens instead of OAuth)
Related Issues
-
Forum: “MCP OAuth not working after 1.2.0”
-
Forum: “Missing Refresh Token logic for MCP OAuth”
-
Forum: “Cursor does not refresh OAuth tokens for MCP Servers”
Suggested Fix
The SDK should:
-
When loading HTTP MCPs from
settingSources, check Cursor’s OAuth token store for existing credentials -
Attach those credentials to HTTP MCPs that have been previously authenticated
-
Or provide explicit documentation that HTTP OAuth MCPs are NOT supported via
settingSourcesand require inline configuration