Connect Cursor
This guide shows you how to connect Cursor IDE to Casdoor's MCP server, enabling AI-powered code assistance with direct access to manage your Casdoor applications, users, and resources.
Prerequisites
Before you begin, ensure you have:
- A running Casdoor instance (HTTPS recommended for production)
- Cursor IDE installed on your computer
- Admin access to your Casdoor instance to create applications
Step 1: Create an Application in Casdoor
Configure a Casdoor application that Cursor will use for OAuth authentication:
Log in to your Casdoor admin panel
Navigate to Applications and click Add
Configure the application with these settings:
Name:
cursor-mcp(or your preferred name)Display Name:
Cursor IDE MCP ClientOrganization: Select your organization
Redirect URIs: Add these OAuth callback URLs:
http://127.0.0.1:*/callback
http://localhost:*/callbackipucuThe wildcard
*allows Cursor to use any available port for the OAuth callback.
Grant Types: Enable
Authorization Codeand optionallyRefresh TokenEnable PKCE: Check this option for enhanced security
Token Format:
JWT(recommended)(Optional) Application Type: Set to
Agent(Optional) Category: Set to
MCPfor better organizationbilgiApplication categories help organize your apps. See Application Categories for more details.
Click Save and note down your Client ID (you'll need it in the next step)
Step 2: Configure Cursor MCP Settings
Cursor supports MCP server configuration through its settings. You can configure it either through the UI or by directly editing the configuration file.
Option A: Using Cursor Settings UI
- Open Cursor IDE
- Go to Settings (Cmd+, on macOS or Ctrl+, on Windows/Linux)
- Search for "MCP" in the settings search bar
- Click Edit in settings.json to open the MCP configuration file
Option B: Direct File Edit
The MCP configuration file location depends on your operating system:
- macOS:
~/Library/Application Support/Cursor/User/mcp.json - Windows:
%APPDATA%\Cursor\User\mcp.json - Linux:
~/.config/Cursor/User/mcp.json
Add your Casdoor MCP server configuration:
{
"mcpServers": {
"casdoor": {
"command": "npx",
"args": [
"-y",
"@modelcontextprotocol/server-oauth",
"https://your-casdoor.com/api/mcp"
],
"env": {
"OAUTH_CLIENT_ID": "your-client-id",
"OAUTH_SCOPES": "read:application write:application openid profile email"
}
}
}
}
Replace the following placeholders:
your-casdoor.com→ Your Casdoor instance domainyour-client-id→ The Client ID from Step 1
The @modelcontextprotocol/server-oauth package handles OAuth flows automatically. Cursor will open your browser to complete authentication.
Configuring Scopes
The OAUTH_SCOPES environment variable controls what permissions Cursor's AI has. Common scopes include:
read:application- View applicationswrite:application- Create, update, delete applicationsread:user- View userswrite:user- Create, update, delete usersopenid profile email- Basic user information (required for OAuth)
See Authorization and Scopes for the complete list of available scopes.
Step 3: Reload Cursor
After saving the configuration:
- Reload Cursor IDE (Cmd+Shift+P or Ctrl+Shift+P → "Developer: Reload Window")
- Alternatively, restart Cursor completely
Cursor will automatically detect and load the new MCP server configuration.
Step 4: Complete the OAuth Flow
When Cursor first connects to your Casdoor MCP server:
- Cursor will automatically open your default web browser
- You'll see the Casdoor login page (if not already logged in)
- After logging in, you'll see a Consent Screen asking you to authorize Cursor
- The consent screen displays the requested scopes (permissions)
- Click Authorize to grant access
- Your browser will redirect to
http://127.0.0.1:<port>/callbackand show a success message - Return to Cursor - the connection is now established
The OAuth token is securely stored by the MCP OAuth helper. You won't need to re-authorize unless you revoke the token or change scopes.
Step 5: Verify the Connection
Test the connection by using Cursor's AI features to interact with Casdoor:
Example prompts to try in Cursor's chat:
- "Using the Casdoor MCP server, list all applications"
- "Show me details about the application named 'my-app' from Casdoor"
- "Create a new Casdoor application called 'test-app' in organization 'my-org'"
Cursor's AI will use the MCP tools to execute these commands. You should see responses with data from your Casdoor instance.
Expected output:
I've queried the Casdoor MCP server and found the following applications:
1. cursor-mcp (Cursor IDE MCP Client)
2. app-built-in (Casdoor)
...
Troubleshooting
Issue: "MCP server not found" in Cursor
Cause: The configuration file might not be in the correct location or has syntax errors.
Solution:
- Verify the file path for your operating system
- Check that the JSON is valid (no trailing commas, proper quotes)
- Reload Cursor after making changes
Issue: "Unable to connect to MCP server"
Cause: The MCP server URL might be incorrect or unreachable.
Solution:
- Verify the URL in your
mcp.jsonis correct - Ensure your Casdoor instance is running and accessible
- Check for HTTPS/HTTP mismatch (use HTTPS in production)
Issue: "Redirect URI mismatch" error during OAuth
Cause: The callback URL doesn't match the configured Redirect URI in Casdoor.
Solution:
In Casdoor, ensure your application has these redirect URIs:
http://127.0.0.1:*/callback
http://localhost:*/callbackThe wildcard
*is crucial - it allows any port
Issue: "CORS error" in browser console
Cause: Cross-Origin Resource Sharing (CORS) restrictions.
Solution:
- Casdoor's MCP endpoint should automatically handle CORS for localhost origins
- If you're using a custom domain, ensure CORS is properly configured in Casdoor
Issue: "insufficient_scope" error when using AI features
Cause: The requested operation requires a scope that wasn't granted.
Solution:
- Update the
OAUTH_SCOPESin yourmcp.jsonto include the required scope - Example: Add
write:applicationif you want to create/modify applications - Reload Cursor and re-authorize to get a new token with updated scopes
Issue: OAuth token expired
Cause: Access tokens expire after a certain time.
Solution:
- If you enabled
Refresh Tokengrant type in Step 1, the MCP OAuth helper will automatically refresh expired tokens - Otherwise, you'll need to re-authorize by reloading Cursor
Issue: MCP tools not available in Cursor's AI
Cause: Cursor might not have loaded the MCP server or OAuth hasn't completed.
Solution:
- Check Cursor's developer console (Help → Toggle Developer Tools) for errors
- Try explicitly mentioning "using Casdoor MCP server" in your prompts
- Ensure you've completed the OAuth flow in Step 4
Security Considerations
- PKCE (Proof Key for Code Exchange): Always enable PKCE in your Casdoor application for enhanced security
- Scopes: Follow the principle of least privilege - only grant scopes that Cursor actually needs
- Token Storage: The MCP OAuth helper stores tokens securely in your system's keychain
- HTTPS: Always use HTTPS for production Casdoor instances to protect OAuth flows
- Token Revocation: You can revoke access tokens in Casdoor's admin panel under Tokens
- Code Review: Always review AI-generated code that interacts with Casdoor before executing it
Use Cases
With Cursor connected to Casdoor's MCP server, you can:
- Generate configuration code: Ask Cursor to generate application setup code based on existing Casdoor apps
- Automate user management: Create scripts to bulk-create users or update permissions
- Documentation: Generate documentation for your Casdoor setup automatically
- Testing: Create test applications and clean them up programmatically
- Migration scripts: Build scripts to migrate configurations between Casdoor instances
Next Steps
Now that Cursor is connected to Casdoor:
- Explore available MCP Tools that Cursor can use
- Learn about Authentication methods
- Understand Error Handling for better debugging
- Check out the Integration Example for programmatic access