Slack MCP auth fails with Must use PKCE to redirect to a non-web URI

Support Bug Reports
, ,
1

Where does the bug appear (feature/product)?

Cursor IDE

Describe the Bug

Title: Slack MCP auth fails — “Must use PKCE to redirect to a non-web URI”

Steps to Reproduce

Open Cursor agent chat
Trigger Slack MCP authentication via mcp_auth on the plugin-slack-slack server
Slack OAuth page opens in browser
Expected: OAuth flow completes and Slack grants access to Cursor

Actual: Two sequential failures:

OAuth page shows “Please select at least one feature or permission scope to install your app” — the authorization request contains no scopes
On proceeding anyway by clicking cancel, Slack returns: Must use PKCE to redirect to a non-web URI
Root cause: The OAuth request to Slack is missing two required parameters for non-web (deep-link) redirect URIs:
scope — no permission scopes are being requested
code_challenge + code_challenge_method=S256 — PKCE is required by Slack when the redirect target is a non-web URI (e.g. cursor://)

Expected Behavior

Oauth completion

Screenshots / Screen Recordings

Screenshot 2026-04-22 155408.png
Screenshot 2026-04-22 155408.png609×327 12.1 KB

Operating System

Windows 10/11

Version Information

Version: 3.1.17 (user setup)
VSCode Version: 1.105.1
Commit: fce1e9ab7844f9ea35793da01e634aa7e50bce90
Date: 2026-04-19T19:33:58.189Z
Layout: editor
Build Type: Stable
Release Track: Default
Electron: 39.8.1
Chromium: 142.0.7444.265
Node.js: 22.22.1
V8: 14.2.231.22-electron.0
OS: Windows_NT x64 10.0.26100
MCP servers affected: slack
Impact: Slack MCP is entirely non-functional. Cannot pull Slack highlights into agent workflows.

Does this stop you from using Cursor

No - Cursor works, but with this issue

5

Hi @jbloom!

Can you share how you’ve configured the Slack MCP server in your mcp.json?

7 
"slack": {

      "url": "https://mcp.slack.com/mcp",

      "auth": {

        "CLIENT_ID": "3660753192626.8903469228982"

      }

Also I tried adding it as an app and get the same error

"plugins": {

    "slack": {

      "enabled": true

    }

  }
8

Thanks @jbloom!

I can reproduce this message as well. However, it appears the authentication callback actually made it to Cursor anyway. If I press Cancel, I see the same message you described.

Could you check whether the Slack authorization ultimately works to authenticate the MCP server? If so, I suspect this issue is on Slack’s side rather than ours.

9

image
image1058×557 38.6 KB
I

I cant click “Allow” on this page and then I see the error message when I hit cancel. I havent been able to get it to authenticate anyway.

10

Interesting development. I checked with others in my company and some cant get the slack to work, they have the same problem I do, one person was able to get it to work so it seems like a slack permission config or something.

11

Same issue here, unable to connect Cursor with slack, is there any workaround possible?

12

Hey @jbloom and @Gaurav_Kumar!

Ran into a similar issue internally, the same MCP server was generating two different OAuth authorization URLs with different client IDs and scopes.

Could you try:

  1. Making sure you’re on the latest version of Cursor (3.2)
  2. Open the command palette (Cmd+Shift+P / Ctrl+Shift+P) and run “Clear All MCP Tokens”
  3. Restart Cursor
  4. Re-authenticate the Slack MCP server

That command should wipe any stored OAuth tokens and client registrations, forcing a clean re-registration with Slack on the next connection.

Let me know if that resolves it!

13

Hi,

I’m running into the exact same issue on my side (and several others in my company are as well).
I followed the steps you shared, but unfortunately it didn’t resolve the problem.

Do you have any other suggestions or things we could try?
Thanks!

15

Having the same issue here. I tried uninstalling the Slack plugin and reinstall it. Still having the same issue.

16

I couldnt get this solution to work.

17

Hey all!

Two things:

  • We have flagged an issue with the MCP server to Slack. It may or may not be the same issue reported here.
  • We shipped a lot of updates to MCP authentication in 3.3, and if you’re still facing issues, it would be great if you could update to the newest release, and report what version of Cursor you’re using!
18

On the latest version

Version: 3.3.27
VSCode Version: 1.105.1
Commit: 80b138a7a0a948e1a798e9ed7867d76a1ba9a310
Date: 2026-05-08T02:26:22.498Z
Layout: editor
Build Type: Stable
Release Track: Default
Electron: 41.3.0
Chromium: 146.0.7680.188
Node.js: 24.15.0
V8: 14.6.202.33-electron.0
OS: Linux x64 6.18.26-1-MANJARO

Still seeing the same error:

image
image1479×668 91.5 KB

20

Thanks for confirming the version, @Gaurav_Kumar

We’re actively investigating Slack MCP OAuth issues with Slack’s team directly. The “no scopes” error you’re seeing is a known problem on our radar. We shipped several MCP auth improvements in 3.3, but this particular flow still needs work.

To help us narrow things down, could you grab the MCP output logs? Go to View > Output, then select MCP Logs (or MCP: slack) from the dropdown, and share what you see when the auth attempt fails.

We’ll follow up here once we have a resolution.

22

Output for MCP: plugin-slack-slack

2026-05-10 14:59:51.312 [info] [V2] Handling LogoutServer action
2026-05-10 14:59:51.312 [info] MCP OAuth provider initialized
2026-05-10 14:59:51.312 [info] Clearing stored OAuth data
2026-05-10 14:59:51.332 [info] Successfully cleared OAuth tokens
2026-05-10 14:59:51.332 [info] [V2] Removing client, reason: logout_server
2026-05-10 14:59:51.334 [info] [V2] Handling ReloadClient action
2026-05-10 14:59:51.334 [info] [V2 FSM] connection:connect_start: conn=idle,auth=unknown → conn=connecting,auth=unknown
2026-05-10 14:59:52.403 [info] MCP OAuth provider initialized
2026-05-10 14:59:52.404 [info] Persisting static OAuth client information for callback flow
2026-05-10 14:59:52.424 [debug] No stored tokens found
2026-05-10 14:59:52.672 [warning] MCP HTTP exchange completed
2026-05-10 14:59:52.999 [info] MCP HTTP exchange completed
2026-05-10 14:59:53.251 [info] MCP HTTP exchange completed
2026-05-10 14:59:53.254 [info] Using enriched static OAuth client information from storage
2026-05-10 14:59:53.255 [info] Using redirect URL
2026-05-10 14:59:53.256 [debug] No stored tokens found
2026-05-10 14:59:53.256 [info] Using redirect URL
2026-05-10 14:59:53.257 [info] Saving PKCE code verifier
2026-05-10 14:59:53.261 [info] MCP OAuth redirect to authorization
2026-05-10 14:59:53.266 [info] Stored server URL for OAuth flow
2026-05-10 14:59:53.266 [info] OAuth provider needs auth callback during connection
2026-05-10 14:59:53.266 [info] Connect failed after auth_required; returning needsAuth (streamableHttp)
2026-05-10 14:59:53.267 [debug] No stored tokens found
2026-05-10 14:59:53.268 [info] MCP OAuth needsAuth (v2)
2026-05-10 14:59:53.269 [debug] [V2 FSM] connection:connect_failure: conn=connecting,auth=unknown → conn=transient_failure,auth=unknown
2026-05-10 14:59:53.269 [debug] [V2 FSM] auth:auth_required: conn=transient_failure,auth=unknown → conn=transient_failure,auth=needsUserAuth
2026-05-10 14:59:53.269 [info] ReloadClient completed, connected: false, statusType: needsAuth

23

Thanks for sharing those logs. They confirm that Cursor is generating the PKCE parameters correctly on its side (“Saving PKCE code verifier” appears before the redirect). The rejection is happening on Slack’s authorization server after the browser opens.

This aligns with what we’re seeing internally. Our team is actively working with Slack to resolve the handshake issue. No action needed on your end for now. We’ll update this thread once we have a fix.

24

Any update? Such a critical functionality and it’s still broken even after so many days