fix(client): avoid expired OAuth access tokens

[Genmin]

Summary

• have adapted OAuth auth providers return no bearer token when saved tokens are expired or within the 60-second expiry buffer
• track token save time in built-in OAuth extension providers so expires_in reflects remaining lifetime instead of the original token response duration
• add regression coverage for adapter expiry filtering and built-in provider lifetime tracking

Fixes #1954.

Validation

• pnpm --filter @modelcontextprotocol/client exec vitest run test/client/auth.test.ts test/client/authExtensions.test.ts
• pnpm --filter @modelcontextprotocol/client run typecheck
• pnpm --filter @modelcontextprotocol/client run lint
• pnpm --filter @modelcontextprotocol/client test
• pre-push hook: typecheck:all, build:all, lint:all

[changeset-bot]

🦋 Changeset detected

Latest commit: 1cd0e96

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@modelcontextprotocol/client	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[pkg-pr-new]

Open in StackBlitz

@modelcontextprotocol/client

npm i https://pkg.pr.new/@modelcontextprotocol/client@1981

@modelcontextprotocol/server

npm i https://pkg.pr.new/@modelcontextprotocol/server@1981

@modelcontextprotocol/express

npm i https://pkg.pr.new/@modelcontextprotocol/express@1981

@modelcontextprotocol/fastify

npm i https://pkg.pr.new/@modelcontextprotocol/fastify@1981

@modelcontextprotocol/hono

npm i https://pkg.pr.new/@modelcontextprotocol/hono@1981

@modelcontextprotocol/node

npm i https://pkg.pr.new/@modelcontextprotocol/node@1981

commit: 1cd0e96