OAuth refresh token switches to default site rather than user selected site

[craigbloodworth]

Describe the bug

I have an app which makes use of the refresh token in oauth to keep the access token fresh however I've noticed that when a user first logs in to the Tableau Server and selects a site (for instance siteB) their session will then be moved to siteA (the default site where contentUrl is "") after the token refresh occurs.

Expected behavior

I would like the refresh token to have the original site ID embedded in it in order to keep future access tokens locked to that same site (in my example a refresh would keep the user in siteB)

Versions

What version of Tableau does the issue reproduce on?

Tableau Server Version: 2025.3.1

What version of the Tableau MCP server does the issue reproduce on?

1.13.10

Steps to reproduce

1. Authenticate via oauth and select a non-default site
2. Check the correct site is active either by asking the AI agent for the current site or decoding the access token and using the Tableau auth token against the REST API current session endpoint
3. Trigger an access token refresh using the refresh token
4. Check the site info again. Notice you should now be on the default site

[anyoung-tableau]

Thanks Craig, we'll take a look. The changes from #196 might have some impact on this scenario as well. Will let you know.