rework auth scenario listing

Author: pcarleton

src/scenarios/client/auth/basic-metadata.ts

@@ -5,7 +5,6 @@ import { createServer } from './helpers/createServer.js';
 import { ServerLifecycle } from './helpers/serverLifecycle.js';
 
 export class AuthBasicMetadataVar1Scenario implements Scenario {
-  // TODO: name should match what we put in the scenario map
   name = 'auth/basic-metadata-var1';
   description =
     'Tests Basic OAuth flow with DCR, PRM at root location, OAuth metadata at OpenID discovery path, and no scopes required';
@@ -151,3 +150,65 @@ export class AuthBasicMetadataVar2Scenario implements Scenario {
     return this.checks;
   }
 }
+
+export class AuthBasicMetadataVar3Scenario implements Scenario {
+  name = 'auth/basic-metadata-var3';
+  description =
+    'Tests Basic OAuth flow with DCR, PRM at custom location listed in WWW-Authenticate header, OAuth metadata is at nested OpenID discovery path, and no scopes required';
+  private authServer = new ServerLifecycle();
+  private server = new ServerLifecycle();
+  private checks: ConformanceCheck[] = [];
+
+  async start(): Promise<ScenarioUrls> {
+    this.checks = [];
+
+    const authApp = createAuthServer(this.checks, this.authServer.getUrl, {
+      metadataPath: '/tenant1/.well-known/openid-configuration',
+      isOpenIdConfiguration: true,
+      routePrefix: '/tenant1'
+    });
+    await this.authServer.start(authApp);
+
+    const app = createServer(
+      this.checks,
+      this.server.getUrl,
+      this.authServer.getUrl,
+      {
+        // This is a custom path, so unable to get via probing, it's only available
+        // via following the `resource_metadata_url` in the WWW-Authenticate header.
+        prmPath: '/.well-known/oauth-protected-resource'
+      }
+    );
+    await this.server.start(app);
+
+    return { serverUrl: `${this.server.getUrl()}/mcp` };
+  }
+
+  async stop() {
+    await this.authServer.stop();
+    await this.server.stop();
+  }
+
+  getChecks(): ConformanceCheck[] {
+    const expectedSlugs = [
+      'authorization-server-metadata',
+      'client-registration',
+      'authorization-request',
+      'token-request'
+    ];
+
+    for (const slug of expectedSlugs) {
+      if (!this.checks.find((c) => c.id === slug)) {
+        this.checks.push({
+          id: slug,
+          name: `Expected Check Missing: ${slug}`,
+          description: `Expected Check Missing: ${slug}`,
+          status: 'FAILURE',
+          timestamp: new Date().toISOString()
+        });
+      }
+    }
+
+    return this.checks;
+  }
+}

src/scenarios/client/auth/index.ts

@@ -0,0 +1,20 @@
+import { Scenario } from '../../../types';
+import { AuthBasicDCRScenario } from './basic-dcr.js';
+import {
+  AuthBasicMetadataVar1Scenario,
+  AuthBasicMetadataVar2Scenario,
+  AuthBasicMetadataVar3Scenario
+} from './basic-metadata.js';
+import {
+  Auth20250326OAuthMetadataBackcompatScenario,
+  Auth20250326OEndpointFallbackScenario
+} from './march-spec-backcompat.js';
+
+export const authScenariosList: Scenario[] = [
+  new AuthBasicDCRScenario(),
+  new AuthBasicMetadataVar1Scenario(),
+  new AuthBasicMetadataVar2Scenario(),
+  new AuthBasicMetadataVar3Scenario(),
+  new Auth20250326OAuthMetadataBackcompatScenario(),
+  new Auth20250326OEndpointFallbackScenario()
+];

src/scenarios/index.ts

@@ -1,15 +1,6 @@
 import { Scenario, ClientScenario } from '../types.js';
 import { InitializeScenario } from './client/initialize.js';
 import { ToolsCallScenario } from './client/tools_call.js';
-import { AuthBasicDCRScenario } from './client/auth/basic-dcr.js';
-import {
-  AuthBasicMetadataVar1Scenario,
-  AuthBasicMetadataVar2Scenario
-} from './client/auth/basic-metadata.js';
-import {
-  Auth20250326OAuthMetadataBackcompatScenario,
-  Auth20250326OEndpointFallbackScenario
-} from './client/auth/march-spec-backcompat.js';
 import { ElicitationClientDefaultsScenario } from './client/elicitation-defaults.js';
 
 // Import all new server test scenarios
@@ -54,6 +45,8 @@ import {
   PromptsGetWithImageScenario
 } from './server/prompts.js';
 
+import { authScenariosList } from './client/auth/index.js';
+
 // Pending client scenarios (not yet fully tested/implemented)
 const pendingClientScenariosList: ClientScenario[] = [
   // Elicitation scenarios (SEP-1330)
@@ -122,12 +115,8 @@ export const clientScenarios = new Map<string, ClientScenario>(
 const scenariosList: Scenario[] = [
   new InitializeScenario(),
   new ToolsCallScenario(),
-  new AuthBasicDCRScenario(),
-  new AuthBasicMetadataVar1Scenario(),
-  new AuthBasicMetadataVar2Scenario(),
-  new Auth20250326OAuthMetadataBackcompatScenario(),
-  new Auth20250326OEndpointFallbackScenario(),
-  new ElicitationClientDefaultsScenario()
+  new ElicitationClientDefaultsScenario(),
+  ...authScenariosList
 ];
 
 // Scenarios map - built from list