.cursor/skills/nv-onboard-dcr-mcp/blocked-mcp-servers.md
Living register of MCP catalog entries that failed the nv-onboard-dcr-mcp docs gate or live probes. Keep catalog entries on provider-managed (or novu-app / user-app if a fixed OAuth app is viable) until a row here is resolved.
When to append: any onboarding attempt that aborts before upgrading oauth.mode to dcr.
When to remove or mark resolved: provider enables self-serve DCR for Novu's callback, Novu completes a novu-app pre-registration, or the entry is intentionally retired.
Copy the template below to the Open blockers table (newest first). Fill every column you can; link probe evidence in the PR or agent report.
| `<id>` | `<name>` | `<mcp-url>` | `<YYYY-MM-DD>` | `<blocker category>` | `<one-line reason>` | `<doc link>` | `<next step>` |
Blocker categories (pick the primary one):
| Category | Meaning |
|---|---|
client-allowlist | Provider only supports a fixed list of approved MCP clients |
redirect-whitelist | DCR or OAuth rejects Novu's callback until redirect URI is pre-approved |
manual-oauth-app | Users or Novu must create a fixed OAuth app; no RFC 7591 DCR |
no-registration-endpoint | PRM/AS metadata lacks a working registration_endpoint |
partner-approval | Provider requires partner/onboarding approval before OAuth |
other | Anything else — explain in Reason |
| ID | Name | MCP URL | Blocked | Category | Reason | Docs | Next step |
|---|---|---|---|---|---|---|---|
digitalocean-droplets | DigitalOcean Droplets | https://droplets.mcp.digitalocean.com/mcp | 2026-06-08 | other | Official Remote MCP uses Bearer DigitalOcean API token in Authorization header per request; no RFC 9728 PRM or RFC 8414 AS metadata (well-known URLs 404/302→docs); DCR probes 302→docs; tools/call requires API token, not OAuth code flow | Configure Remote MCP, Remote MCP blog | Do not add catalog dcr; if catalogging use provider-managed or per-org user-app with DO API tokens |
digitalocean-docs | DigitalOcean Docs | https://docs.mcp.digitalocean.com/mcp | 2026-06-08 | other | Documentation MCP is public/unauthenticated (no API token required per docs); no OAuth PRM/AS/DCR; initialize/tools/list succeed without auth; other DO MCPs use Bearer PAT, not OAuth | Configure Remote MCP | Do not add catalog dcr; if catalogging use provider-managed with no credential or extend Novu for credential-less MCPs |
digitalocean-doks | DigitalOcean Kubernetes | https://doks.mcp.digitalocean.com/mcp | 2026-06-08 | other | Official remote MCP uses static DigitalOcean API token in Authorization: Bearer header; no RFC 9728 PRM JSON (404/302→docs), no RFC 8414 AS metadata, no registration_endpoint; tools/call returns no auth header found without Bearer | Configure Remote MCP, DOKS tools | Do not add catalog dcr; evaluate provider-managed or per-org user-app API-token storage |
digitalocean-databases | DigitalOcean Databases | https://databases.mcp.digitalocean.com/mcp | 2026-06-08 | other | Same Bearer PAT auth model as other DO remote MCPs; no PRM/AS/DCR; tools/call fails with no auth header found without DO API token | Configure Remote MCP, Remote MCP blog | Do not add catalog dcr; evaluate provider-managed or per-org user-app with DIGITALOCEAN_API_TOKEN |
digitalocean-apps | DigitalOcean App Platform | https://apps.mcp.digitalocean.com/mcp | 2026-06-08 | other | Official remote MCP auth is per-user DigitalOcean API token in Authorization: Bearer header — not OAuth authorization-code or RFC 7591 DCR; PRM/AS well-known URLs 302→docs; tools/call requires DO API token | Configure Remote MCP, App Platform MCP | Do not add catalog dcr; same pattern as Render — provider-managed or per-org API-key/user-app |
netdocuments | NetDocuments | https://web-api.us.netdocuments.app/connect/mcp | 2026-06-08 | client-allowlist | ndConnect Enterprise docs restrict MCP to approved AI platforms (Claude, ChatGPT, Microsoft Copilot); ndMAX Enterprise + Security Center admin toggle required; DCR accepts Novu callback but Novu is not an approved MCP partner | Legal AI integrations, Anthropic MCP blog | Keep provider-managed; pursue ndConnect partner approval for Novu before catalog dcr |
gamma | Gamma | https://mcp.gamma.app/mcp | 2026-06-08 | redirect-whitelist | AS exposes registration_endpoint at auth.gamma.app/oauth/register with S256; DCR POST for Novu callback returns 400 redirect_uri not allowed; docs require "Request custom MCP access" form with pre-approved redirect URIs | Gamma MCP server | Request allowlist for https://api.novu.co/v1/agents/mcp/oauth/callback; keep provider-managed until approved |
trimble-sketchup | Trimble SketchUp | https://api.sketchup.com/mcp/v1/sketchup/mcp | 2026-06-08 | redirect-whitelist | DCR at api.sketchup.com/mcp/v1/identity/register succeeds for localhost redirects only; Novu callback returns 400 invalid_redirect_uri ("Only http://localhost and http://127.0.0.1 redirect URIs are allowed") — built for desktop loopback clients | SketchUp MCP announcement | Request Trimble allowlist Novu callback; keep provider-managed until approved |
adobe-for-creativity | Adobe for creativity | https://adobe-creativity.adobe.io/mcp | 2026-06-08 | client-allowlist | MCP host returns HTTP 403 on PRM/AS/MCP probes; official docs distribute as Claude-only connector; sibling Adobe MCP DCR rejects Novu production callback (invalid_redirect_uri) while localhost succeeds | Adobe for creativity | Keep provider-managed; request Adobe vetted MCP client + Novu callback allowlist on IMS/per-product DCR |
adobe-experience-manager | Adobe Experience Manager | https://mcp.adobeaemcloud.com/adobe/mcp/aem | 2026-06-08 | client-allowlist | Adobe docs restrict MCP to Supported MCP Applications list (Claude, ChatGPT, Cursor, etc.); DCR at oauth.adobeaemcloud.com/register rejects Novu callback (No IMS client configuration found for redirect URI) while localhost DCR succeeds (201) | AEM MCP docs | Contact [email protected] for Novu client + redirect allowlist; keep provider-managed |
ifttt | IFTTT | https://ifttt.com/mcp | 2026-06-08 | redirect-whitelist | RFC 9728 PRM at ifttt.com/.well-known/oauth-protected-resource (issuer ifttt.com, scope mcp); RFC 8414 AS exposes registration_endpoint ifttt.com/oauth/register and S256; DCR rejects Novu callback (invalid_redirect_uri / not authorized); localhost DCR succeeds (HTTP 201) — redirect URI allowlist, not missing DCR | IFTTT MCP, What is IFTTT MCP?, AI Assistants Help | Request https://api.novu.co/v1/agents/mcp/oauth/callback be added to IFTTT's DCR redirect allowlist; keep provider-managed until approved |
process-street | Process Street | https://mcp.process.st | 2026-06-08 | no-registration-endpoint | AS metadata advertises registration_endpoint at login.process.st/oidc/register and S256 PKCE; DCR POST returns 400 dynamic client registration is disabled (Novu + localhost). OAuth challenge at mcp.process.st/mcp; catalog URL is root host | Process Street MCP | Ask Process Street to enable DCR for Novu callback, or evaluate novu-app with a Process Street-issued OAuth client |
thoughtspot-spotter | ThoughtSpot Spotter | https://agent.thoughtspot.app/mcp?api-version=latest | 2026-06-08 | other | DCR at agent.thoughtspot.app/register succeeds for Novu callback (S256, client_secret_post), but no RFC 9728 PRM at standard well-known URLs; MCP 401 lacks resource_metadata — Novu DCR flow fails at discoverProtectedResource | ThoughtSpot MCP clients, mcp-server README | Ask ThoughtSpot to publish PRM at /.well-known/oauth-protected-resource/mcp with authorization_servers: ["https://agent.thoughtspot.app"]; re-probe after fix |
orion-by-gravity | Orion by Gravity | https://g.runorion.com/mcp | 2026-06-08 | other | RFC 8414 AS metadata and DCR at g.runorion.com/mcp/register succeed for Novu callback (orion:full, client_secret_post), but no RFC 9728 PRM at any well-known URL; MCP 401 returns JSON without WWW-Authenticate / resource_metadata — Novu discovery cannot proceed | Orion MCP setup, MCP overview | Ask Orion to publish PRM with authorization_servers: ["https://g.runorion.com"] and scopes_supported: ["orion:full"]; re-probe after fix |
sprouts-data-intelligence | Sprouts Data Intelligence | https://sprouts-mcp-server.kartikay-dhar.workers.dev | 2026-06-11 | other | DCR via Scalekit at mcp.sprouts.ai/.../clients:register succeeds (client_secret_post), but the only known MCP resource URL is a personal Cloudflare Workers subdomain — not a canonical Sprouts production host | Scalekit × Sprouts case study | Keep provider-managed until Sprouts publishes a production MCP URL; re-probe and upgrade to dcr when available |
zoho-projects | Zoho Projects | https://claude-zohoprojects.zohomcp.com/mcp/message | 2026-06-03 | manual-oauth-app | Catalog URL is Anthropic/Claude-branded hosted connector (claude-zohoprojects); AS authorization_endpoint and registration_endpoint are scoped to pre-provisioned MCP server 1b1ba8e33192df4ef7fe6fc984da9ec6 with /claude/ paths on mcp.zoho.com. DCR at …/claude/register echoes requested redirect_uris (incl. Novu callback) but always returns the same client_id (1000.74OGCXOVDQ7CEELAD7VUSDCCDS433P) for distinct redirects — stub registration, not per-client RFC 7591. Production Zoho MCP uses per-tenant URLs from zoho.com/mcp (*.zohomcp.com), not this shared hostname | Zoho MCP, Zoho Projects MCP | Keep provider-managed; evaluate novu-app with Zoho-issued OAuth client + Novu callback on a Novu-provisioned MCP server URL, or pursue true DCR with unique client_id per registration |
bigdata-com | Bigdata.com | https://mcp.bigdata.com/ | 2026-06-03 | no-registration-endpoint | OAuth AS is Clerk (clerk.bigdata.com); RFC 8414 metadata has no registration_endpoint; DCR probe to clerk.bigdata.com/oauth/register returns 422 dynamic client registration is not enabled (same for Novu callback and localhost). Official docs: agentic platforms use pre-built OAuth connectors (Claude/ChatGPT/Copilot); proprietary clients use API key (x-api-key) — not self-serve RFC 7591 DCR | Bigdata Authentication, MCP API Key integration, Claude MCP, MCP changelog | Keep provider-managed; ask Bigdata to enable Clerk dynamic OAuth client registration and publish registration_endpoint in AS metadata, or evaluate novu-app with a Bigdata-issued OAuth client |
dovetail | Dovetail | https://dovetail.com/api/mcp | 2026-06-03 | manual-oauth-app | Official docs state hosted MCP does not support RFC 7591 DCR or CIMD and does not expose clientId/clientSecret for third-party tools (API token or browser OAuth for compatible clients). Path-suffixed PRM at dovetail.com/.well-known/oauth-protected-resource/api/mcp (issuer auth.dovetail.com, MCP scopes incl. search:read, offline_access). AS metadata advertises registration_endpoint https://auth.dovetail.com/oidc/register and S256; DCR POST for Novu callback returns 400 dynamic client registration is disabled | Dovetail MCP server | Keep provider-managed; evaluate novu-app only if Dovetail enables DCR for https://api.novu.co/v1/agents/mcp/oauth/callback or issues a fixed OAuth client for Novu |
fly-io | Fly.io | (no official hosted URL — probes: https://mcp.fly.io/mcp, https://api.fly.io/mcp) | 2026-06-03 | other | Fly.io is a deployment platform for user-hosted MCP servers (fly mcp proxy, fly mcp wrap), not a first-party SaaS MCP with OAuth/DCR. mcp.fly.io does not resolve; no RFC 9728 PRM or RFC 8414 AS at candidate URLs. Docs describe bearer/basic HTTP auth for wrapped servers, not self-serve RFC 7591 DCR for Novu's callback | Remote MCP servers blueprint, HTTP authorization, MCP launch blog | Do not add catalog dcr entry; if catalogging later use provider-managed or per-org API-key/user-app for customer-deployed Fly apps until Fly ships a hosted OAuth MCP product |
microsoft-365 | Microsoft 365 | https://microsoft365.mcp.claude.com/mcp | 2026-06-03 | manual-oauth-app | Anthropic-hosted connector uses two fixed Entra app registrations (08ad6f98-a4f8-4635-bb8d-f1a3044760f0 client, 07c030f6-5743-41b7-ba00-0a6e85f37c17 server); tenant admin consent required before any user can connect; Cowork deployments require Anthropic allowlist of tenant + client IDs; /oauth2/register is a stub that always returns the same client_id regardless of redirect URI (not true RFC 7591); PRM at challenge URL /.well-known/oauth-protected-resource/mcp returns 404; AS metadata issuer is login.microsoftonline.com/common (Entra has no native DCR); authorize flow uses fixed client with redirect URIs that must be pre-registered on Anthropic's Entra app | Set up the Microsoft 365 connector, Cowork M365 setup (allowlist), Security guide, OAuth redirect bug #52730 | Keep provider-managed; not viable for Novu catalog dcr — evaluate novu-app only if Anthropic registers Novu's callback on 08ad6f98-… and grants partner/tenant allowlist |
guru | Guru | https://mcp.api.getguru.com/mcp | 2026-06-03 | other | RFC 9728 PRM URLs (/.well-known/oauth-protected-resource, path-suffixed /mcp) return HTTP 200 with zero-length body; MCP GET/POST returns 401 Bearer without resource_metadata — Novu discoverProtectedResource cannot proceed. AS metadata at mcp.api.getguru.com/.well-known/oauth-authorization-server is valid (registration_endpoint /oauth/mcp/register, S256, scope default); DCR probe succeeds for Novu callback (client_secret_post). Help docs mention OAuth redirect whitelist for some clients; live DCR did not reject Novu's callback | MCP setup (help), Auth setup, Connections (n8n DCR) | Keep provider-managed; ask Guru to publish valid PRM with authorization_servers: ["https://mcp.api.getguru.com"] and optional scopes_supported; re-probe after fix |
google-calendar | Google Calendar | https://calendarmcp.googleapis.com/mcp/v1 | 2026-06-03 | manual-oauth-app | Same Google Cloud MCP auth model as Drive/Gmail: manual OAuth Web/Desktop client ID + secret in Google Cloud Console; official configure guide requires creating OAuth client and pasting clientId/clientSecret into MCP client config; accounts.google.com AS metadata has no registration_endpoint; DCR probe to oauth2.googleapis.com/register returns 404; PRM at path-suffixed calendarmcp.googleapis.com/.well-known/oauth-protected-resource/mcp/v1 (issuer accounts.google.com) | Configure the Calendar MCP server, Authenticate to Google Cloud MCP, Configure MCP in an AI application | Keep provider-managed, or evaluate novu-app with a Novu pre-registered Google OAuth Web client + https://api.novu.co/v1/agents/mcp/oauth/callback in Authorized redirect URIs |
gmail | Gmail | https://gmailmcp.googleapis.com/mcp/v1 | 2026-06-03 | manual-oauth-app | Same Google Cloud MCP auth model as Drive/Calendar: manual OAuth Web/Desktop client ID + secret in Google Cloud Console; VS Code shows "Dynamic client registration not supported"; accounts.google.com AS metadata has no registration_endpoint; DCR probe to oauth2.googleapis.com/register returns 404; PRM at path-suffixed gmailmcp.googleapis.com/.well-known/oauth-protected-resource/mcp/v1 (issuer accounts.google.com) | Configure the Gmail MCP server, Authenticate to Google Cloud MCP, Configure MCP in an AI application | Keep provider-managed, or evaluate novu-app with a Novu pre-registered Google OAuth Web client + https://api.novu.co/v1/agents/mcp/oauth/callback in Authorized redirect URIs |
algolia | Algolia | https://mcp.algolia.com/mcp | 2026-06-03 | client-allowlist | Productivity MCP docs: OAuth sign-in with empty client ID/secret for MCP clients; PRM path-suffixed at mcp.algolia.com/.well-known/oauth-protected-resource/mcp (issuer dashboard.algolia.com, scope public); AS exposes registration_endpoint at dashboard.algolia.com/2/oauth/register and S256; DCR rejects Novu callback and localhost with 400 This client is not allowed to register | Productivity MCP, MCP overview, mcp-node | Request Algolia allow Novu DCR at https://api.novu.co/v1/agents/mcp/oauth/callback; keep provider-managed or evaluate novu-app with a pre-registered Algolia OAuth client until DCR opens |
browserbase | Browserbase | https://mcp.browserbase.com/mcp | 2026-06-03 | other | Official hosted MCP uses Browserbase API key auth (browserbaseApiKey query param or BROWSERBASE_API_KEY env var), not OAuth; PRM probes return 404; AS metadata at mcp.browserbase.com / api.browserbase.com has no registration_endpoint; DCR probes to /register and /oauth/register return 404; MCP endpoint returns Missing mcp-session-id with no WWW-Authenticate challenge | MCP setup, MCP introduction | Not a DCR OAuth target; evaluate user-app or per-org API-key credential storage if Novu adds non-OAuth MCP auth |
render | Render | https://mcp.render.com/mcp | 2026-06-03 | other | Official hosted MCP uses Bearer API key auth only (Account Settings → API key); June 2025 changelog states OAuth is not yet supported. No RFC 9728 PRM (/.well-known/oauth-protected-resource and path-suffixed variant return 404). Not an authorization-code + DCR target for Novu's callback | Render MCP server, HTTP MCP changelog (no OAuth) | Do not add catalog dcr entry; if catalogging later use provider-managed or evaluate user-app with per-org Render API keys until Render ships OAuth + registration_endpoint |
klarity | Klarity | https://architect-v2-api.klarity.ai/mcp | 2026-06-03 | other | Split AS: DCR at signin.klarity.ai/oauth2/register succeeds (incl. Novu/ngrok callbacks), but RFC 8414 authorization_endpoint is architect-v2-api.klarity.ai/mcp/sso/start, which returns redirect_uri not allowed for every DCR client; signin.klarity.ai/oauth2/authorize accepts the same clients | PRM /.well-known/oauth-protected-resource/mcp; AS signin.klarity.ai/.well-known/oauth-authorization-server | Keep provider-managed; ask Klarity to wire MCP SSO start to DCR redirect URIs or point authorize/token at signin.klarity.ai/oauth2/* |
shopify | Shopify | https://setup.shopify.com/mcp | 2026-06-03 | no-registration-endpoint | PRM at root well-known and AS at path-suffixed /.well-known/oauth-authorization-server/auth expose OAuth + S256 PKCE (token_endpoint_auth_method: none) but AS metadata has no registration_endpoint; DCR probes to /oauth/register, /auth/register, and /register return 404. Official Shopify app OAuth requires a pre-registered Dev Dashboard app with manually configured Allowed redirection URLs — not RFC 7591 self-serve DCR | Authorization code grant, Dev Dashboard, AI Toolkit / Dev MCP (local, no auth) | Keep provider-managed; evaluate novu-app with a Novu pre-registered Dev Dashboard app + https://api.novu.co/v1/agents/mcp/oauth/callback in Allowed redirection URLs |
box | Box | https://mcp.box.com | 2026-06-03 | manual-oauth-app | Official remote MCP setup requires Admin Console Integration Credentials (fixed Client ID + Secret + manually entered Redirect URI); Box API does not support RFC 7591 DCR; AS metadata at api.box.com has no registration_endpoint; DCR probes to common paths return 404/401 | Set up the MCP server, Box MCP server, Securing MCP (no native DCR) | Keep provider-managed, or evaluate novu-app with Novu pre-registered Box MCP Integration Credentials + https://api.novu.co/v1/agents/mcp/oauth/callback in Redirect URI |
dropbox | Dropbox | https://mcp.dropbox.com/dash | 2026-06-03 | client-allowlist | Official Dash MCP docs: DCR only for vetted clients (ChatGPT, Claude, Cursor); other clients need manual Dropbox app + token. AS at www.dropbox.com exposes registration_endpoint and S256; DCR for Novu callback returns 403 registration_not_supported ("Only pre-registered MCP trusted partners are allowed"); localhost DCR succeeds | Dash MCP setup | Request DCR/trusted-partner registration for Novu via Dropbox Get Help; keep provider-managed until approved |
clay | Clay | https://api.clay.com/v3/mcp | 2026-06-03 | redirect-whitelist | PRM/AS expose registration_endpoint at api.clay.com/oauth/register and S256; DCR rejects Novu callback (redirect_uri must be from an allowed domain). Catalog URL differs from community mcp.clay.earth/mcp; official npm path uses API key, not OAuth DCR | Clay MCP (npm), Apigene setup | Request https://api.novu.co/v1/agents/mcp/oauth/callback domain be allowlisted; keep provider-managed until approved |
square | Square | https://mcp.squareup.com/sse | 2026-06-03 | redirect-whitelist | AS at mcp.squareup.com has registration_endpoint and S256; DCR POST returns domain not in allowlist for Novu callback. PRM only on path-suffixed well-known (/sse/...) and requires bearer | Square MCP docs | Request Novu callback allowlist with Square; keep provider-managed until approved |
hubspot | HubSpot | https://mcp.hubspot.com/anthropic | 2026-06-03 | manual-oauth-app | Remote MCP requires pre-created MCP Auth App (Client ID + secret + redirect URL) in HubSpot developer portal; path PRM works but AS metadata has no registration_endpoint; Claude Code reports "does not support dynamic client registration" | Remote HubSpot MCP server | Keep provider-managed, or evaluate novu-app with a Novu pre-registered MCP Auth App + https://api.novu.co/v1/agents/mcp/oauth/callback in Redirect URLs |
plaid | Plaid | https://api.dashboard.plaid.com/mcp/sse | 2026-06-03 | manual-oauth-app | Official Dashboard MCP auth is OAuth client_credentials with scope mcp:dashboard using Plaid client_id/secret — not RFC 7591 authorization-code DCR; PRM returns Unauthorized without bearer token | Plaid MCP server | Keep provider-managed; Novu would need per-org Plaid production credentials (likely user-app), not catalog dcr |
intercom | Intercom | https://mcp.intercom.com/mcp | 2026-06-03 | redirect-whitelist | AS exposes registration_endpoint and S256; DCR at mcp.intercom.com/register rejects Novu callback (not in the allowlist). Community confirms redirect URI allowlist via Customer Support | Intercom MCP guide, DCR allowlist thread | Request https://api.novu.co/v1/agents/mcp/oauth/callback allowlist from Intercom Support; keep provider-managed until approved |
docuseal | DocuSeal | https://docuseal.com/mcp | 2026-06-03 | no-registration-endpoint | Official MCP guide documents manual Bearer MCP token auth (Settings > MCP Server) for self-hosted only; cloud MCP exposes OAuth PRM/AS metadata but AS metadata has no registration_endpoint and DCR probes to common paths return 404; REST API uses X-Auth-Token, not DCR | Integrate with AI Agents using MCP, API Reference | Keep provider-managed; ask DocuSeal to publish registration_endpoint and confirm Novu callback support, or evaluate novu-app with a pre-registered OAuth client |
docusign | Docusign | https://mcp.docusign.com/mcp | 2026-06-03 | manual-oauth-app | Official MCP setup requires a pre-registered Integration Key (Client ID) + Secret Key from Apps and Keys; redirect URIs must be manually added to the OAuth app — no self-serve RFC 7591 DCR documented; developer path uses https://mcp-d.docusign.com/mcp with user-supplied credentials | Claude Docusign MCP connector guide, Configure your app | Keep provider-managed, or evaluate novu-app with a Novu pre-registered Docusign Integration Key + https://api.novu.co/v1/agents/mcp/oauth/callback in Redirect URIs |
google-drive | Google Drive | https://drivemcp.googleapis.com/mcp/v1 | 2026-06-03 | manual-oauth-app | Same Google Cloud MCP auth model as other GCP MCP servers: manual OAuth Web/Desktop client ID + secret in Google Cloud Console; VS Code shows "Dynamic client registration not supported"; accounts.google.com AS metadata has no registration_endpoint; DCR probe to oauth2.googleapis.com/register returns 404 | Configure the Drive MCP server, Authenticate to Google Cloud MCP, Configure MCP in an AI application | Keep provider-managed, or evaluate novu-app with a Novu pre-registered Google OAuth Web client + https://api.novu.co/v1/agents/mcp/oauth/callback in Authorized redirect URIs |
asana | Asana | https://mcp.asana.com/v2/mcp | 2026-06-03 | manual-oauth-app | V2 MCP requires pre-registered OAuth app in Asana developer console (MCP app type); official docs state "Dynamic client registration is not supported"; AS metadata has no registration_endpoint; DCR probe to app.asana.com/oauth/register returns 302→login then 400 "No route found" | Integrating with Asana's MCP Server, V2 GA changelog (DCR removed) | Keep provider-managed, or evaluate novu-app with a Novu pre-registered Asana MCP app + https://api.novu.co/v1/agents/mcp/oauth/callback in OAuth redirect URL |
coupler-io | Coupler.io | https://mcp.coupler.io/mcp/ | 2026-06-03 | redirect-whitelist | DCR at auth.coupler.io/oauth2/register succeeds for localhost redirects but rejects Novu's callback (invalid_redirect_uri); PRM/AS expose registration_endpoint and token_endpoint_auth_method: none; official docs describe admin-generated OAuth connection links for Claude, not self-serve DCR for arbitrary MCP clients | AI Integrations (Remote MCP), Custom MCP (token-based) | Request https://api.novu.co/v1/agents/mcp/oauth/callback be added to Coupler.io's DCR redirect allowlist; keep provider-managed until approved |
base44 | Base44 | https://app.base44.com/mcp | 2026-06-03 | redirect-whitelist | DCR at app.base44.com/oauth/register succeeds for localhost redirects but rejects Novu's callback (All redirect_uris must be in the allowlist); PRM/AS expose registration_endpoint and token_endpoint_auth_method: none | Base44 MCP server | Request https://api.novu.co/v1/agents/mcp/oauth/callback be added to Base44's MCP client redirect allowlist; keep provider-managed until approved |
cdata-connect-ai | CData Connect AI | https://mcp.cloud.cdata.com/mcp | 2026-06-03 | manual-oauth-app | Official docs: DCR not supported; MCP clients must create a custom OAuth app in Connect AI (Settings → OAuth Apps) and supply fixed client_id/client_secret; Dify setup explicitly disables "dynamic client registration" (registration_endpoint is misleading) | Custom OAuth apps (JP blog), Agent Bricks MCP setup, MCP API | Keep provider-managed, or evaluate novu-app with a Novu pre-registered Connect AI OAuth app + https://api.novu.co/v1/agents/mcp/oauth/callback in Callback URL |
devrev | DevRev | https://api.devrev.ai/mcp/v1 | 2026-06-03 | redirect-whitelist | Official Cursor setup requires a fixed CLIENT_ID; docs state DevRev MCP does not yet support DCR self-registration. DCR probe at auth.devrev.ai/oidc/register rejects Novu's callback (redirect_uri must be http(s)://localhost[:port][/path]) | Remote MCP server | Keep provider-managed, or evaluate novu-app with a DevRev-issued OAuth client and production callback allowlisted |
google-cloud-bigquery | Google Cloud BigQuery | https://bigquery.googleapis.com/mcp | 2026-06-03 | manual-oauth-app | Same Google Cloud MCP auth model as other GCP MCP servers: manual OAuth Web/Desktop client ID + secret in Google Cloud Console; VS Code shows "Dynamic client registration not supported"; no RFC 7591 self-serve DCR | Authenticate to Google Cloud MCP, Configure MCP in an AI application, Use the BigQuery MCP server | Keep provider-managed, or evaluate novu-app with a Novu pre-registered Google OAuth Web client + https://api.novu.co/v1/agents/mcp/oauth/callback in Authorized redirect URIs |
google-compute-engine | Google Compute Engine | https://compute.googleapis.com/mcp | 2026-06-03 | manual-oauth-app | Google Cloud MCP auth requires manually creating an OAuth Web/Desktop client ID + secret in Google Cloud Console; accounts.google.com AS metadata has no registration_endpoint; DCR probes to oauth2.googleapis.com/register and related paths return 404 | Authenticate to Google Cloud MCP, Use Compute Engine MCP | Keep provider-managed, or evaluate novu-app with a Novu pre-registered Google OAuth client + https://api.novu.co/v1/agents/mcp/oauth/callback in Authorized redirect URIs |
figma | Figma | https://mcp.figma.com/mcp | 2026-06-03 | client-allowlist | Official docs: only MCP clients listed in the Figma MCP Catalog (Cursor, Claude Code, VS Code, etc.) may connect; new clients must apply/waitlist for remote access — not open RFC 7591 DCR for arbitrary redirect URIs | Figma MCP remote setup, MCP catalog | Keep provider-managed; pursue Figma MCP catalog registration for Novu, or evaluate novu-app if Figma issues a fixed OAuth client |
clickup | ClickUp | https://mcp.clickup.com/mcp | 2026-06-03 | redirect-whitelist | Official docs maintain an allowlist of vetted MCP client redirect URIs; off-list clients must submit a review request before OAuth works with Novu's callback | ClickUp MCP server | Request Novu + https://api.novu.co/v1/agents/mcp/oauth/callback be added to ClickUp's vetted redirect allowlist; keep provider-managed until approved (Copilot setup docs reference DCR, but redirect URI is gated) |
aws-marketplace | AWS Marketplace | https://marketplace-mcp.us-east-1.api.aws/mcp | 2026-06-03 | other | Official docs: "Authentication: None required" — no OAuth PRM/DCR; endpoint expects Mcp-Session-Id + MCP-Protocol-Version headers only | AWS Marketplace MCP server | Not a DCR OAuth target; keep provider-managed unless Novu adds header-session MCP auth |
slack | Slack | https://mcp.slack.com/mcp | 2026-06-03 | manual-oauth-app | Official docs: no DCR; MCP clients need a registered Slack app with fixed client_id/client_secret and admin approval; AS metadata has no registration_endpoint | Slack MCP server | Keep provider-managed, or evaluate novu-app with a Novu pre-registered Slack app (Marketplace/internal app + MCP access enabled) |
harness-io | Harness.io | https://mcp.harness.io/mcp | 2026-06-03 | manual-oauth-app | Docs prescribe fixed OAuth client ID mcp-client; DCR probe rejects Novu callback (insufficient_scope / trusted-host policy). OAuth must be enabled per account via Harness Support | Harness MCP Server | Keep provider-managed, or evaluate novu-app if Harness allows a Novu-specific OAuth client + callback allowlist |
vercel | Vercel | https://mcp.vercel.com/ | 2026-06-03 | client-allowlist | Docs require Vercel-reviewed MCP clients only; DCR probe returns invalid_redirect_uri for Novu's callback | Vercel MCP docs | Pursue Vercel partnership to allowlist Novu + https://api.novu.co/v1/agents/mcp/oauth/callback; keep provider-managed until then |
pagerduty | PagerDuty | https://mcp.pagerduty.com/mcp | 2026-06-03 | manual-oauth-app | OAuth apps created manually in App Registration with whitelisted redirect + fixed client_id/client_secret; AS metadata from PRM has no registration_endpoint; OIDC oauth-registration POST returns 404 | PagerDuty MCP support | Keep provider-managed, or evaluate novu-app with a Novu pre-registered PagerDuty OAuth app |
Move rows here when DCR onboarding ships or the entry moves to another OAuth mode.
| ID | Name | Resolved | Resolution |
|---|---|---|---|
udemy-business | Udemy Business | 2026-06-08 | DCR probe succeeded (api.udemy.com/auth/external/oidc/dynamic-client/register, client_secret_post, scopes course:read mcp:read mcp:write lab:read offline); path-suffixed PRM; catalog oauth.mode → dcr |
biorender | BioRender | 2026-06-08 | DCR probe succeeded (mcp.services.biorender.com/oauth/register, client_secret_post, scopes openid email profile offline_access); co-located AS-at-PRM-hint discovery; catalog oauth.mode → dcr |
descript | Descript | 2026-06-08 | DCR probe succeeded (Stytch api.stytch.com/.../oauth2/register, HTTP 201); path-suffixed PRM; catalog oauth.mode → dcr |
fireflies | Fireflies | 2026-06-08 | DCR probe succeeded (api.fireflies.ai/register, client_secret_post, scopes profile email); catalog oauth.mode → dcr |
otter-ai | Otter.ai | 2026-06-08 | DCR probe succeeded (otter.ai/oauth/register, scopes profile:read conversations:read); catalog oauth.mode → dcr |
lucid | Lucid | 2026-06-08 | DCR probe succeeded (mcp.lucid.app/oauth/register, client_secret_post, S256); path-suffixed PRM; catalog oauth.mode → dcr |
windsor-ai | Windsor.ai | 2026-06-08 | DCR probe succeeded (mcp.windsor.ai/register, client_secret_post, scopes create delete); catalog oauth.mode → dcr |
clarify | Clarify | 2026-06-08 | DCR probe succeeded (auth1.clarify.ai/oauth2/register, client_secret_post); path-suffixed PRM; catalog oauth.mode → dcr |
motion-creative-analytics | Motion Creative Analytics | 2026-06-08 | DCR probe succeeded (projects.motionapp.com/api/auth/oauth2/register, token_endpoint_auth_method: none); catalog oauth.mode → dcr |
consensus | Consensus | 2026-06-08 | DCR probe succeeded (consensus.app/oauth/register/, token_endpoint_auth_method: none, scopes search profile); catalog oauth.mode → dcr |
supermetrics-marketing-analytics | Supermetrics Marketing Analytics | 2026-06-08 | DCR probe succeeded (api.supermetrics.com/oauth/register, client_secret_post); catalog oauth.mode → dcr |
three-js-3d-viewer | Three.js 3D Viewer | 2026-06-08 | DCR probe succeeded (example-server.modelcontextprotocol.io/register); MCP reference/example server only — not production SLA; catalog oauth.mode → dcr |
euler | Euler | 2026-06-08 | DCR probe succeeded (mcp.eulerapp.com/oauth/register, client_secret_post, scopes customer partner); catalog oauth.mode → dcr |
polar-analytics | Polar Analytics | 2026-06-08 | DCR probe succeeded (ai-service.polaranalytics.com/oauth/register, token_endpoint_auth_method: none, scope claudeai); catalog oauth.mode → dcr with pinned scopes |
digits | Digits | 2026-06-08 | DCR probe succeeded (api.digits.com/oauth/register, client_secret_post); catalog oauth.mode → dcr |
era-context | Era Context | 2026-06-08 | DCR probe succeeded (forge.era.app/oauth/register, token_endpoint_auth_method: none); catalog oauth.mode → dcr |
wix | Wix | 2026-06-08 | DCR probe succeeded (mcp.wix.com/register, client_secret_post, scope offline_access); catalog oauth.mode → dcr |
scholar-gateway | Scholar Gateway | 2026-06-08 | DCR probe succeeded (connector.scholargateway.ai/register, client_secret_post); catalog oauth.mode → dcr |
todoist | Todoist | 2026-06-08 | DCR probe succeeded (todoist.com/oauth/register, client_secret_post, scope data:read_write); catalog oauth.mode → dcr |
close | Close | 2026-06-08 | DCR probe succeeded (api.close.com/oauth2/register/, client_secret_post, MCP scopes); catalog oauth.mode → dcr |
unthread | Unthread | 2026-06-08 | DCR probe succeeded (app.unthread.io/api/oauth/register, token_endpoint_auth_method: none, scope mcp); catalog oauth.mode → dcr |
cb-insights | CB Insights | 2026-06-03 | DCR probe succeeded (mcp.cbinsights.com/register, token_endpoint_auth_method: client_secret_post or none, scopes openid email profile); PRM/AS at mcp.cbinsights.com; catalog oauth.mode → dcr |
apollo-io | Apollo.io | 2026-06-03 | DCR probe succeeded (mcp.apollo.io/api/v1/oauth/applications/register_oauth_client, token_endpoint_auth_method: client_secret_post, HTTP 201); path-suffixed PRM at mcp.apollo.io/.well-known/oauth-protected-resource/mcp; catalog oauth.mode → dcr |
bitly | Bitly | 2026-06-03 | DCR probe succeeded (api-ssl.bitly.com/oauth/register, token_endpoint_auth_method: client_secret_post, scope mcp.all); PRM at api-ssl.bitly.com/v4/mcp; AS issuer https://bitly.com; catalog oauth.mode → dcr |
pylon | Pylon | 2026-06-03 | DCR probe succeeded (o.auth.usepylon.com/oauth2/register, token_endpoint_auth_method: client_secret_post); PRM at mcp.usepylon.com; catalog oauth.mode → dcr |
omni-analytics | Omni Analytics | 2026-06-03 | DCR probe succeeded (callbacks.omniapp.co/oauth/register, token_endpoint_auth_method: none, scope mcp:access); path-suffixed PRM; catalog oauth.mode → dcr |
sourcegraph | Sourcegraph | 2026-06-03 | DCR probe succeeded (sourcegraph.com/.auth/idp/oauth/register, token_endpoint_auth_method: none, scope mcp); new catalog entry https://sourcegraph.com/.api/mcp |
egnyte | Egnyte | 2026-06-03 | DCR probe succeeded (mcp-oauth.egnyte.com/clients, token_endpoint_auth_method: client_secret_post); path-suffixed PRM at mcp-server.egnyte.com; AS authorization_endpoint is domain-picker; catalog oauth.mode → dcr |
gitlab | GitLab | 2026-06-03 | DCR probe succeeded (gitlab.com/oauth/register, token_endpoint_auth_method: none, require_pkce: true, scope mcp); official URL https://gitlab.com/api/v4/mcp; catalog oauth.mode → dcr |
launchdarkly | LaunchDarkly | 2026-06-03 | DCR probe succeeded (app.launchdarkly.com/trust/oauth/register/dcr, token_endpoint_auth_method: none); path-suffixed PRM/AS at mcp.launchdarkly.com; catalog oauth.mode → dcr |
railway | Railway | 2026-06-03 | DCR probe succeeded (backboard.railway.com/oauth/register, token_endpoint_auth_method: client_secret_post); PRM at mcp.railway.com; catalog oauth.mode → dcr |
airwallex-developer | Airwallex Developer | 2026-06-03 | DCR probe succeeded (mcp-demo.airwallex.com/developer/register, token_endpoint_auth_method: client_secret_post); PRM/AS use path-suffixed well-known; catalog oauth.mode → dcr |
cloudinary | Cloudinary | 2026-06-03 | DCR probe succeeded (asset-management.mcp.cloudinary.com/register, token_endpoint_auth_method: client_secret_post); catalog oauth.mode → dcr |
craft | Craft | 2026-06-03 | DCR probe succeeded (mcp.craft.do/my/auth/register, token_endpoint_auth_method: client_secret_post); catalog oauth.mode → dcr |
webflow | Webflow | 2026-06-03 | DCR probe succeeded (mcp.webflow.com/oauth/register, token_endpoint_auth_method: client_secret_post); catalog oauth.mode → dcr |
monte-carlo | Monte Carlo | 2026-06-03 | DCR probe succeeded (auth.getmontecarlo.com/oauth2/register, token_endpoint_auth_method: client_secret_post); catalog oauth.mode → dcr |
eraser | Eraser | 2026-06-03 | DCR probe succeeded (app.eraser.io/api/oauth/register, public client token_endpoint_auth_method: none); catalog oauth.mode → dcr |
motherduck | MotherDuck | 2026-06-03 | DCR probe succeeded (mcp-auth.motherduck.com/register, token_endpoint_auth_method: none); catalog oauth.mode → dcr |
posthog | PostHog | 2026-06-03 | DCR probe succeeded (oauth.posthog.com/oauth/register/); catalog oauth.mode → dcr |
exa | Exa | 2026-06-03 | DCR probe succeeded (auth.exa.ai/api/oauth/register); catalog oauth.mode → dcr |
magic-patterns | Magic Patterns | 2026-06-03 | DCR probe succeeded (oauth.magicpatterns.com/oauth2/register, token_endpoint_auth_method: client_secret_post); catalog oauth.mode → dcr |
incident-io | incident.io | 2026-06-03 | DCR probe succeeded; catalog oauth.mode → dcr |
jentic | Jentic | 2026-06-03 | DCR probe succeeded (api.jentic.com/oauth2/register); catalog oauth.mode → dcr |
ketryx | Ketryx | 2026-06-03 | DCR probe succeeded via Stytch AS; catalog oauth.mode → dcr |
stytch | Stytch | 2026-06-03 | DCR probe succeeded; catalog oauth.mode → dcr |
Novu DCR callback used in probes:
https://api.novu.co/v1/agents/mcp/oauth/callback
Catalog source of truth: packages/shared/src/consts/providers/mcp-servers.ts