Describe the bug

Based on the document MCP servers should follow the standard to implement oauth-protected-resource endpoint in order to make client to self discover mcp server.

As model context protocol is a standard way to interact with any client it should follow the protocol strictly. It doesn't require to be specific setup from client when standard is followed. Ref for the flow https://modelcontextprotocol.io/specification/2025-06-18/basic/authorization

Affected version

remote mcp server

Steps to reproduce the behavior

1. use mcp client, such as cursor or mcp-remote
2. start oauth flow.

Expected vs actual behavior

Expected:
Client should discover the endpoint and direct user to oauth page from /.well-known/oauth-protected-resource
Actual:
Client can't start oauth flow because /.well-known/oauth-protected-resource endpoint is not implemented but /.well-known/oauth-protected-resource/mcp is implemented.