Fix failure to extract resource metadata url from WWW-authenticate header

[cliffhall]

Summary

Include the authProvider param of transportOptions for sse and streamableHttp transports. This should help the transport code that handles a 401 extract the WWW-Authenticate header information and find the resource_metadata param if present.

Type of Change

• Bug fix (non-breaking change that fixes an issue)
• New feature (non-breaking change that adds functionality)
• Documentation update
• Refactoring (no functional changes)
• Test updates
• Build/CI improvements

Changes Made

• In useConnection.ts
  • in connect()
    • Pass authProvider in transport options

Related Issues

#576

Testing

• Tested in UI mode
• Tested in CLI mode
• Tested with STDIO transport
• Tested with SSE transport
• Tested with Streamable HTTP transport
• Added/updated automated tests
• Manual testing performed

Test Results and/or Instructions

Screenshots are encouraged to share your testing results for this change.

Checklist

• Code follows the style guidelines (ran npm run prettier-fix)
• Self-review completed
• Code is commented where necessary
• Documentation updated (README, comments, etc.)

Breaking Changes

Additional Context

[olaservo]

Tested locally using the following:

Modified src/examples/server/simpleStreamableHttp.ts from the typescript SDK to expose the WWW-Authenticate header:

app.use(cors({
  exposedHeaders: ['WWW-Authenticate']
}));

Built inspector from this branch and tested connecting to the server, here's the server logs:

OAuth Authorization Server listening on port 3001
MCP Streamable HTTP Server listening on port 3000
Request body: {
  method: 'initialize',
  params: {
    protocolVersion: '2025-11-25',
    capabilities: { sampling: {}, elicitation: {}, roots: [Object] },
    clientInfo: { name: 'inspector-client', version: '0.18.0' }
  },
  jsonrpc: '2.0',
  id: 0
}
Authenticated user: {
  token: '[REDACTED]',
  clientId: '[REDACTED]',
  scopes: [ 'mcp:tools' ],
  expiresAt: 1768790456
}
Session initialized with ID: 620463f4-53a8-496c-a1ca-43c2d49d3e16
Request body: { method: 'notifications/initialized', jsonrpc: '2.0' }
Authenticated user: {
  token: '[REDACTED]',
  clientId: '[REDACTED]',
  scopes: [ 'mcp:tools' ],
  expiresAt: 1768790456
}
Request body: {
  method: 'initialize',
  params: {
    protocolVersion: '2025-11-25',
    capabilities: { sampling: {}, elicitation: {}, roots: [Object] },
    clientInfo: { name: 'inspector-client', version: '0.18.0' }
  },
  jsonrpc: '2.0',
  id: 0
}
Authenticated user: {
  token: '[REDACTED]',
  clientId: '[REDACTED]',
  scopes: [ 'mcp:tools' ],
  expiresAt: 1768790456
}
Session initialized with ID: d2af994c-4868-47f0-b8d8-decf32e95169
Request body: { method: 'notifications/initialized', jsonrpc: '2.0' }
Authenticated user: {
  token: '[REDACTED]',
  clientId: '[REDACTED]',
  scopes: [ 'mcp:tools' ],
  expiresAt: 1768790456
}