Motivation and Context

This PR adds refresh token support to the MCP Inspector's OAuth auth flow. When an access token expires, the inspector will now automatically attempt to refresh it using the stored refresh token before initiating a new OAuth flow. This improves the user experience by reducing unnecessary re-authentication prompts.

It also handles the case where:

1. An access token exists but is expired with no refresh token
2. The access token is invalid and refresh token is expired but exists

OAuth will start automatically upon clicking of "connect" in both cases. It already starts automatically if it receives a 401 and no access token exists.

How Has This Been Tested?

The changes have been tested with an SSE server with OAuth implemented via Descope, specifically testing:

• Token expiration scenarios
• Missing refresh token scenarios
• Expired refresh token scenarios
• Invalid access token handling
• Automatic OAuth flow initiation on connection attempts
• If MCP Server keeps returning 401 after access token refresh we max retries at 1 attempt

Breaking Changes

No breaking changes. Just improves on the existing OAuth flow

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Documentation update

Checklist

• I have read the MCP Documentation
• My code follows the repository's style guidelines
• New and existing tests pass locally
• I have added appropriate error handling
• I have added or updated documentation as needed

Additional context

N/A