fix: ProxyOAuthServerProvider: redirect_uri missing in token request

[shubham-lohar]

Fixes #479: a critical issue in ProxyOAuthServerProvider where the redirect_uri parameter was missing from the token exchange request, causing token endpoints (like Amazon Cognito) to return 400/500 errors.

Motivation and Context

Issue: The ProxyOAuthServerProvider did not include the redirect_uri parameter in the /token request, violating the OAuth 2.0 spec.
Impact: This caused token endpoints to fail, preventing successful token exchanges.
Why Fix: The redirect_uri is required by the OAuth 2.0 spec and must match the one used during the /authorize request.

How Has This Been Tested?

Unit Tests: Added tests to verify that the redirect_uri is included in the token request.

Breaking Changes

None: This is a bug fix that does not change the public API or behavior of the ProxyOAuthServerProvider.

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Documentation update

Checklist

• I have read the MCP Documentation
• My code follows the repository's style guidelines
• New and existing tests pass locally
• I have added appropriate error handling
• I have added or updated documentation as needed

Additional context

Implementation Notes: The fix updates the exchangeAuthorizationCode method to include the redirect_uri parameter in the token request.
Design Decisions: Ensured the fix adheres to the OAuth 2.0 spec and maintains backward compatibility.

[benbourdel]

+1 I have the same trouble on my side

[pcarleton]

LGTM thanks for this!