fix: preserve OAuth DCR client info

[mturac]

Summary

Fixes the OAuth DCR callback flow so dynamically registered client information is kept through token exchange and the returned client_id is reflected in the Auth Settings sidebar.

Note: Inspector V2 is under development to address architectural and UX improvements. During this time, V1 contributions should focus on bug fixes and MCP spec compliance. See CONTRIBUTING.md for more details.

Type of Change

• Bug fix (non-breaking change that fixes an issue)
• New feature (non-breaking change that adds functionality)
• Documentation update
• Refactoring (no functional changes)
• Test updates
• Build/CI improvements

Changes Made

• Use OAuth metadata/client information restored with auth debugger state during token_request when provider storage is empty on callback.
• Sync the dynamically registered client_id into the sidebar/localStorage OAuth Client ID field.
• Add regression coverage for token exchange fallback and Client ID field sync.

Related Issues

Fixes #910

Testing

• Tested in UI mode
• Tested in CLI mode
• Tested with STDIO transport
• Tested with SSE transport
• Tested with Streamable HTTP transport
• Added/updated automated tests
• Manual testing performed

Test Results and/or Instructions

• npm test -- --runTestsByPath src/components/__tests__/AuthDebugger.test.tsx src/__tests__/App.routing.test.tsx --runInBand - 2 suites passed, 25 tests passed
• npm run lint - passed
• npm run build-client - passed
• git diff --check HEAD~1 HEAD - passed

Checklist

• Code follows the style guidelines (npm run lint)
• Self-review completed
• Code is commented where necessary
• Documentation updated (not applicable)

Breaking Changes

None.

Additional Context

The issue reports that DCR returns a client_id, but the Auth Settings field stays blank and token exchange can run without the registered client information after callback state restoration.