fix: use authorization_server_url as issuer when fetching metadata (#763)

Author: JoJoJoJoJoJoJo

src/client/auth.test.ts

@@ -1778,7 +1778,7 @@ describe("OAuth Authorization", () => {
             status: 200,
             json: async () => ({
               resource: "https://my.resource.com/",
-              authorization_servers: ["https://auth.example.com/"],
+              authorization_servers: ["https://auth.example.com/oauth"],
             }),
           });
         } else if (urlString === "https://auth.example.com/.well-known/oauth-authorization-server/path/name") {
@@ -1821,8 +1821,8 @@ describe("OAuth Authorization", () => {
       // First call should be to PRM
       expect(calls[0][0].toString()).toBe("https://my.resource.com/.well-known/oauth-protected-resource/path/name");
 
-      // Second call should be to AS metadata with the path from serverUrl
-      expect(calls[1][0].toString()).toBe("https://auth.example.com/.well-known/oauth-authorization-server/path/name");
+      // Second call should be to AS metadata with the path from authorization server
+      expect(calls[1][0].toString()).toBe("https://auth.example.com/.well-known/oauth-authorization-server/oauth");
     });
   });
 

src/client/auth.ts

@@ -606,7 +606,7 @@ export async function discoverOAuthMetadata(
   protocolVersion ??= LATEST_PROTOCOL_VERSION;
 
   const response = await discoverMetadataWithFallback(
-    issuer,
+    authorizationServerUrl,
     'oauth-authorization-server',
     {
       protocolVersion,