Add support for v0.1.11 client conformance tests

[Copilot]

Adds SDK support required to pass v0.1.11 MCP conformance tests. Six client tests were failing due to missing OAuth features and SSE reconnection support.

OAuth Provider Changes (ClientOAuthProvider.cs)

• Token endpoint auth methods: Respect token_endpoint_auth_methods_supported from server metadata. Use client_secret_basic (HTTP Basic auth) when supported, fall back to client_secret_post
• Client credentials grant: Support client_credentials flow for machine-to-machine auth when server advertises it and no redirect delegate is configured
• Pre-registered credentials: Skip dynamic client registration when both ClientId and ClientSecret are provided
• Scope step-up retry limit: Track insufficient_scope retries (max 3) to prevent infinite loops on 403 responses

SSE Transport Changes (SseClientSessionTransport.cs)

• Track Last-Event-ID and send it on reconnection attempts
• Honor server-specified retry intervals
• Retry logic with proper cancellation handling

Conformance Server Fixes

• elicitation-sep1330-enums: Test all 5 enum schema variants (untitled/titled single-select, legacy titled, untitled/titled multi-select)
• dns-rebinding-protection: Add middleware validating Host/Origin headers for localhost servers

// Token endpoint auth method selection
private static string GetTokenEndpointAuthMethod(AuthorizationServerMetadata metadata)
{
    if (metadata.TokenEndpointAuthMethodsSupported?.Contains("client_secret_basic") == true)
        return "client_secret_basic";
    return "client_secret_post";
}

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Add support required for v0.1.11 Client Conformance tests</issue_title>
<issue_description>The v0.1.11 release of the Conformance tests was published a few days ago. The C# SDK is required to pass all the tests in this release to be a "Tier 1" SDK.

I've started work on updating the SDK to run these tests. This work is in this branch:

https://github.com/modelcontextprotocol/csharp-sdk/tree/mdk/client-conformance-v0.1.11

I've managed to get some of the tests passing by fixing the test client, and those fixes are already pushed to the branch. But there are six tests still failing. Copilot believes that all these tests require fixes to the SDK itself to get to passing. Here's the summary from Copilot:

Remaining 6 Failing Tests (require SDK changes):

Test	Issue	Why Not Fixable with Test Changes
sse-retry	Client doesn't send Last-Event-ID header on reconnection	Requires SDK transport layer changes
auth/token-endpoint-auth-basic	Client uses client_secret_post but should use client_secret_basic	SDK doesn't respect token_endpoint_auth_methods_supported
auth/pre-registration	Client always tries dynamic registration, ignores pre-registered credentials	SDK doesn't support pre-registered client credentials
auth/scope-retry-limit	Client doesn't retry authorization with different scopes on 401	SDK needs scope step-up retry logic
auth/client-credentials-jwt	Client uses authorization code flow instead of client_credentials	SDK doesn't support client_credentials grant type
auth/client-credentials-basic	Client uses authorization code flow instead of client_credentials	SDK doesn't support client_credentials grant type

The remaining failures all require changes to the SDK's OAuth implementation (in ClientOAuthProvider.cs) to:

1. Support the client_credentials grant type
2. Respect token_endpoint_auth_methods_supported
3. Support pre-registered client credentials
4. Implement scope step-up retry logic
5. Send Last-Event-ID header on SSE reconnection</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes Add support required for v0.1.11 Client Conformance tests #1177

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[mikekistler]

When I rebase onto the mdk/client-conformance-v0.1.11, which adds support to run all the v0.1.11 tests, I still get 5 errors:

@copilot please rebase onto that branch and then fix these and any other errors.

[stephentoub]

@halter73, please pay careful attention to all the auth stuff. That was mostly all copilot.

[stephentoub]

@halter73 is MaxReconnectionAttempts the right name? It seems to actually be maximum number of connection attempts (including the initial one) rather than reconnection attempts (excluding the initial one)?