Discovers the authorization server for an MCP server following
RFC 9728 (OAuth 2.0 Protected
Resource Metadata), with fallback to treating the server URL as the
authorization server.
This function combines two discovery steps into one call:
Probes /.well-known/oauth-protected-resource on the MCP server to find the
authorization server URL (RFC 9728).
Fetches authorization server metadata from that URL (RFC 8414 / OpenID Connect Discovery).
Use this when you need the authorization server metadata for operations outside the
auth orchestrator, such as token refresh or token revocation.
Discovers the authorization server for an MCP server following RFC 9728 (OAuth 2.0 Protected Resource Metadata), with fallback to treating the server URL as the authorization server.
This function combines two discovery steps into one call:
/.well-known/oauth-protected-resourceon the MCP server to find the authorization server URL (RFC 9728).Use this when you need the authorization server metadata for operations outside the
authorchestrator, such as token refresh or token revocation.