fix: handle OAuth error responses returned with HTTP 200 status

[christso]

Summary

Some OAuth servers (e.g., GitHub) return error responses with HTTP 200 status instead of 4xx. This PR adds a check for the error field in the JSON response before attempting to parse it as tokens.

Problem

When GitHub's OAuth token endpoint returns an error like:

{
  "error": "incorrect_client_credentials",
  "error_description": "The client_id and/or client_secret passed are incorrect."
}

The SDK's executeTokenRequest() only checks response.ok (which is true for HTTP 200), then tries to parse the response as OAuthTokensSchema, resulting in a confusing Zod validation error:

[
  {"expected": "string", "path": ["access_token"], "message": "Invalid input: expected string, received undefined"},
  {"expected": "string", "path": ["token_type"], "message": "Invalid input: expected string, received undefined"}
]

Solution

Check for the error field in the JSON response before attempting to parse as tokens. This surfaces the actual OAuth error message to users:

The client_id and/or client_secret passed are incorrect.

Test plan

• Verify existing OAuth tests pass
• TypeScript type checking passes
• Test with GitHub OAuth endpoint returning error with HTTP 200
• Test normal successful token exchange still works

Closes #1342

🤖 Generated with Claude Code

[changeset-bot]

🦋 Changeset detected

Latest commit: b8fdf10

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@modelcontextprotocol/client	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/client@1343

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/server@1343

commit: b8fdf10