fix: filter out client_secret when storing OAuth client information

Author: felixweinberger

client/src/lib/auth.ts

@@ -110,10 +110,15 @@ export class InspectorOAuthClientProvider implements OAuthClientProvider {
   }
 
   saveClientInformation(clientInformation: OAuthClientInformation) {
+    // Remove client_secret before storing (not needed after initial OAuth flow)
+    const safeInfo = Object.fromEntries(
+      Object.entries(clientInformation).filter(([key]) => key !== 'client_secret')
+    ) as OAuthClientInformation;
+    
     // Save the dynamically registered client information to session storage
     saveClientInformationToSessionStorage({
       serverUrl: this.serverUrl,
-      clientInformation,
+      clientInformation: safeInfo,
       isPreregistered: false,
     });
   }