Support using ID token for Bearer authentication #219
Description
The current implementation always uses the access token for Bearer authentication when connecting to MCP servers. This doesn't work for servers that expect the ID token instead.
This is a valid use case when the MCP server needs to verify user identity rather than check API authorization scopes. For example, servers using AWS Cognito with Bedrock AgentCore validate the ID token against the OIDC JWKS endpoint and extract identity claims (sub, email, etc.) from it. Sending the access token in these setups breaks authentication.
The NodeOAuthClientProvider already receives both during token exchange, it just always returns the access token and using it as a Bearer.
I can push a PR for this, I have a working version that allows explicit configuration for the id token use, while preserving current expected behavior of using the access token.