feat: implement RFC-compliant OAuth discovery with dynamic scope selection for MCP providers (#28294)

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

api/core/mcp/auth_client.py

@@ -90,7 +90,13 @@ class MCPClientWithAuthRetry(MCPClient):
                 mcp_service = MCPToolManageService(session=session)
 
                 # Perform authentication using the service's auth method
-                mcp_service.auth_with_actions(self.provider_entity, self.authorization_code)
+                # Extract OAuth metadata hints from the error
+                mcp_service.auth_with_actions(
+                    self.provider_entity,
+                    self.authorization_code,
+                    resource_metadata_url=error.resource_metadata_url,
+                    scope_hint=error.scope_hint,
+                )
 
                 # Retrieve new tokens
                 self.provider_entity = mcp_service.get_provider_entity(