Skip to content

docs(agent-tools): fix Cursor MCP setup to use API key auth#1221

Merged
comfyui-wiki merged 1 commit into
mainfrom
docs/cursor-mcp-api-key-setup
Jul 3, 2026
Merged

docs(agent-tools): fix Cursor MCP setup to use API key auth#1221
comfyui-wiki merged 1 commit into
mainfrom
docs/cursor-mcp-api-key-setup

Conversation

@comfyui-wiki

Copy link
Copy Markdown
Member

Summary

  • Correct the Cursor tab in Cloud MCP docs: Cursor does not support MCP OAuth, so setup uses a Comfy Cloud API key in mcp.json instead of Connect/sign-in.
  • Add step-by-step Cursor screenshots (Settings, Tools & MCPs, API key config).
  • Update Authentication and FAQ to note Cursor requires an API key; sync ja/zh/ko translations.

Test plan

  • Preview agent-tools/cloud and verify the Cursor tab shows 4 steps and all 3 screenshots render.
  • Confirm ja/zh/ko Cursor sections match English and no longer mention OAuth Connect.
  • Check FAQ "Do I need an API key?" links to the Cursor tab.

Replace incorrect OAuth Connect steps with screenshot-guided API key setup in mcp.json, and sync ja/zh/ko translations plus FAQ auth notes.
@mintlify

mintlify Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Preview deployment for your docs. Learn more about Mintlify Previews.

Project Status Preview Updated (UTC)
comfy 🟡 Building Jul 3, 2026, 10:25 AM

💡 Tip: Enable Workflows to automatically generate PRs for you.

@coderabbitai

coderabbitai Bot commented Jul 3, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

Documentation across English, Japanese, Korean, and Chinese versions of agent-tools/cloud.mdx is updated to state that Cursor does not support MCP OAuth. Setup instructions now require configuring a Comfy Cloud API key via X-API-Key header in mcp.json, with matching updates to known-limitations and FAQ text and translation metadata hashes.

Changes

Cloud MCP authentication documentation

Layer / File(s) Summary
English Cursor setup, limitations, FAQ
agent-tools/cloud.mdx
Cursor's OAuth sign-in flow is replaced with API-key configuration via X-API-Key header in mcp.json; known-limitations and FAQ text clarify Cursor requires an API key.
Japanese Cursor setup, other clients, limitations, FAQ
ja/agent-tools/cloud.mdx
Frontmatter translation hashes are updated; Cursor OAuth instructions are replaced with API-key setup; Amp wording is adjusted; limitations and FAQ text (including command-prefix examples) are revised.
Korean Cursor setup, limitations, FAQ
ko/agent-tools/cloud.mdx
Frontmatter translation hashes are updated; Cursor OAuth instructions are replaced with API-key setup; limitations and FAQ text (including command-prefix formatting) are revised.
Chinese Cursor setup, limitations, FAQ
zh/agent-tools/cloud.mdx
Frontmatter translation hashes are updated; Cursor OAuth instructions are replaced with API-key setup; limitations and FAQ text clarify Cursor's API-key requirement.

No sequence diagram needed here — this is pure prose fixin', not a flow worth mixin'.

Possibly related PRs

  • Comfy-Org/docs#1204: Also rewrites Known limitations/FAQ text in agent-tools/cloud.mdx around client support and API-key requirements.

With OAuth doors now closed up tight,
Cursor keys its way in with API might.
Four tongues retold the very same tale,
So no dev, in any locale, shall fail. 🔑✨

🚥 Pre-merge checks | ✅ 2
✅ Passed checks (2 passed)
Check name Status Explanation
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch docs/cursor-mcp-api-key-setup
✨ Simplify code
  • Create PR with simplified code
  • Commit simplified code in branch docs/cursor-mcp-api-key-setup

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@comfyui-wiki comfyui-wiki merged commit 5b8f020 into main Jul 3, 2026
9 of 10 checks passed
@github-actions github-actions Bot deleted the docs/cursor-mcp-api-key-setup branch July 3, 2026 10:28

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@agent-tools/cloud.mdx`:
- Around line 148-180: The Cursor MCP setup copy is outdated and currently says
Cursor does not support MCP OAuth, which conflicts with current support for
remote MCP OAuth and static client ID/secret flows. Update the guidance in the
Comfy Cloud setup section to describe OAuth as the default path in Cursor, and
only mention the API-key approach as a fallback if Comfy Cloud specifically
requires it. In the `Steps` content and the `mcp.json` example, revise the
`X-API-Key` guidance and avoid using `${env:COMFY_API_KEY}` in `headers` unless
that remote HTTP configuration is actually supported.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: ef597658-93c1-42b5-bcb7-1341e9673a8b

📥 Commits

Reviewing files that changed from the base of the PR and between f2af415 and a35b7b8.

⛔ Files ignored due to path filters (3)
  • images/agent_tools/cursor_mcp_setup_step1.png is excluded by !**/*.png
  • images/agent_tools/cursor_mcp_setup_step2.png is excluded by !**/*.png
  • images/agent_tools/cursor_mcp_setup_step3.png is excluded by !**/*.png
📒 Files selected for processing (4)
  • agent-tools/cloud.mdx
  • ja/agent-tools/cloud.mdx
  • ko/agent-tools/cloud.mdx
  • zh/agent-tools/cloud.mdx

Comment thread agent-tools/cloud.mdx
Comment on lines +148 to +180
Cursor connects to remote MCP servers over HTTP. Cursor does **not** support MCP OAuth today. Add Comfy Cloud with a Comfy Cloud API key in your MCP config.

<Steps>
<Step title="Add the server URL">
Create or edit `.cursor/mcp.json` in your project, or `~/.cursor/mcp.json` for a global setup:
<Step title="Open Cursor Settings">
Click the **Settings** gear in the top-right corner (labeled **1**).

![Cursor — open Settings](/images/agent_tools/cursor_mcp_setup_step1.png)
</Step>
<Step title="Open Tools & MCP">
1. In the sidebar, click **Tools & MCPs** (labeled **2**).
2. Click **+ New MCP Server** (labeled **3**) → **Add a Custom MCP Server**.

![Cursor — Tools & MCPs](/images/agent_tools/cursor_mcp_setup_step2.png)
</Step>
<Step title="Add your API key">
Edit `~/.cursor/mcp.json` (global) or `.cursor/mcp.json` (project). Set the server URL and pass your Comfy Cloud API key in the `X-API-Key` header. Create a key at [platform.comfy.org/profile/api-keys](https://platform.comfy.org/profile/api-keys) (starts with `comfyui-`):

```json
{
"mcpServers": {
"comfy-cloud": {
"url": "https://cloud.comfy.org/mcp"
"url": "https://cloud.comfy.org/mcp",
"headers": {
"X-API-Key": "${env:COMFY_API_KEY}"
}
}
}
}
```
</Step>
<Step title="Sign in">
Open **Cursor Settings → Tools & MCP**. Select **comfy-cloud** and click **Connect** to sign in through your browser (OAuth). Tokens refresh automatically.

Set `COMFY_API_KEY` in your shell or system environment. Prefer `${env:COMFY_API_KEY}` over hardcoding the key in a file you might commit to git.

![Cursor — mcp.json with API key](/images/agent_tools/cursor_mcp_setup_step3.png)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🌐 Web query:

Does Cursor support OAuth for remote MCP servers as of mid-2026, and does it work with static/pre-shared Client ID flows for third-party MCP providers?

💡 Result:

As of July 2026, Cursor provides native support for OAuth for remote Model Context Protocol (MCP) servers [1][2]. For MCP servers requiring OAuth, you can configure them in your mcp.json file [1][3]. Cursor supports the use of static OAuth client credentials to bypass or supplement dynamic flows [1][3]. Key details regarding this support include: Static/Pre-shared Client ID Flows: Cursor allows you to provide a static CLIENT_ID and optional CLIENT_SECRET directly within the auth object of an MCP server entry in mcp.json [1][3]. This is intended for providers that supply fixed credentials, require specific redirect URL whitelisting, or do not support OAuth 2.0 Dynamic Client Registration (DCR) [1][3]. Technical Considerations and Known Limitations: 1. Authorization Code Flow Enforcement: Cursor's MCP client is primarily designed to use the authorization code (redirect-based) flow [4][5]. Even when a CLIENT_SECRET is provided in the configuration, the client may still initiate a redirect-based flow rather than utilizing a client credentials grant (RFC 6749 §4.4) to obtain tokens server-to-server [4][5]. 2. Callback Handling: Cursor utilizes fixed redirect URLs, specifically cursor://anysphere.cursor-mcp/oauth/callback [1][3]. You must register this URL with your OAuth provider [1][3]. Some users have reported issues where the internal callback handler may occasionally fail to respond correctly (e.g., ERR_EMPTY_RESPONSE) or where the "Connect" button fails to trigger the browser flow [6][2]. 3. Fixed Redirection: Because Cursor uses fixed, random-port based redirection for OAuth callbacks, it may experience difficulties with strict Identity Providers (IdPs) like Okta, Entra, or Cognito that require exact, pre-registered redirect URIs, whereas it typically works seamlessly with providers like Keycloak that allow wildcard redirects [7]. For configuration, you can add an auth block to your mcp.json as follows: { "mcpServers": { "your-server-name": { "url": "https://api.example.com/mcp", "auth": { "CLIENT_ID": "your-oauth-client-id", "CLIENT_SECRET": "your-client-secret", "scopes": ["read", "write"] } } } } [1][3]

Citations:


🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Inspect the target doc and nearby context
git ls-files agent-tools/cloud.mdx
wc -l agent-tools/cloud.mdx
sed -n '140,190p' agent-tools/cloud.mdx

# Look for any other Cursor/MCP mentions in the repo
rg -n "Cursor|MCP OAuth|mcp.json|X-API-Key|COMFY_API_KEY" -S .

Repository: Comfy-Org/docs

Length of output: 38197


Update the Cursor setup copy to match current MCP OAuth support. Cursor now supports OAuth for remote MCP servers, including static client ID/secret flows, so this section should only fall back to an API key if Comfy Cloud has a specific incompatibility. If the API-key example stays, avoid ${env:COMFY_API_KEY} in headers unless Cursor expands that field for remote HTTP configs.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@agent-tools/cloud.mdx` around lines 148 - 180, The Cursor MCP setup copy is
outdated and currently says Cursor does not support MCP OAuth, which conflicts
with current support for remote MCP OAuth and static client ID/secret flows.
Update the guidance in the Comfy Cloud setup section to describe OAuth as the
default path in Cursor, and only mention the API-key approach as a fallback if
Comfy Cloud specifically requires it. In the `Steps` content and the `mcp.json`
example, revise the `X-API-Key` guidance and avoid using `${env:COMFY_API_KEY}`
in `headers` unless that remote HTTP configuration is actually supported.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant