feat(amazonq): align mcp oauth client with mcp sdk auth patterns

[ashishrp-aws]

Problem

The MCP OAuth client did not align with the MCP SDK's authentication patterns. It lacked RFC 9728 Protected Resource Metadata discovery, hardcoded none as the token endpoint auth method during dynamic client registration, ignored scopes from discovery metadata, and used 127.0.0.1 redirect URIs instead of localhost with the /oauth/callback path. The unused child_process import was also still present.

Solution

Aligned the OAuth client with the MCP SDK's auth flow. Added RFC 9728 Protected Resource Metadata discovery as the first step in the discovery chain, with proper fallback through WWW-Authenticate, RFC 8414/OIDC well-known endpoints, and static endpoint synthesis. Introduced selectAuthMethod and applyAuth to negotiate client authentication (client_secret_basic, client_secret_post, none) based on DCR response and server-supported methods. Scopes are now sourced from discovery metadata with OIDC defaults as fallback. Redirect URIs use localhost with /oauth/callback. Added comprehensive test coverage for all new code paths.

Screen.Recording.2026-03-26.at.6.05.08.PM.mov

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[codecov-commenter]

Codecov Report

❌ Patch coverage is 80.30303% with 39 lines in your changes missing coverage. Please review.
✅ Project coverage is 60.49%. Comparing base (d26edb7) to head (db9df49).

Files with missing lines	Patch %	Lines
...age-server/agenticChat/tools/mcp/mcpOauthClient.ts	80.30%	38 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2679      +/-   ##
==========================================
+ Coverage   60.30%   60.49%   +0.19%     
==========================================
  Files         279      279              
  Lines       66177    66263      +86     
  Branches     4204     4251      +47     
==========================================
+ Hits        39906    40086     +180     
+ Misses      26188    26092      -96     
- Partials       83       85       +2     

Flag	Coverage Δ
unittests	60.49% <80.30%> (+0.19%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.