OAuth: discovery is mandatory #461
Description
Describe the bug
There is not way to use OAuth without going through the discovery phase; however the discovery phase might crash as the AuthorizationMetadata struct does not follow the RFC 8414: registration_endpoint is optionan, its absence meaning that there is no automatic registration available.
It could be possible to go down and use AuthorizationManager manually, but non of the fields on that struct are pub, so it's in effect impossible to use any of the mechanics unless resorting to some kind of mocking of the http client, which isn't a good idea.
To Reproduce
Steps to reproduce the behavior:
- provide a .well-known/oauth-authorization-server endpoint that does not contain the registration_endpoint element, it will then fail here: https://github.com/modelcontextprotocol/rust-sdk/blob/main/crates/rmcp/src/transport/auth.rs#L227
Expected behavior
There should be a way to provide OAuth configuration data without using the discovery.
Logs
Metadata error: Failed to parse metadata: error decoding response body
Additional context
Ideally, it should be possible to have the OAuth module discover the different endpoints at the well known location, but provide the registration via configuration, if the resource does not allow automatic registration.