Enhance OAuth metadata endpoints and update authorization server URLs in responses

tests/test_server.py

@@ -90,7 +90,10 @@ def test_oauth_protected_resource_metadata(client: TestClient) -> None:
     assert response.status_code == 200
     data = response.json()
     assert data["resource"] == "https://gitea.example.com"
-    assert data["authorization_servers"] == ["https://gitea.example.com"]
+    assert data["authorization_servers"] == [
+        "http://testserver",
+        "https://gitea.example.com",
+    ]
     assert data["bearer_methods_supported"] == ["header"]
     assert data["scopes_supported"] == ["read:repository", "write:repository"]
     assert "resource_documentation" in data
@@ -106,6 +109,20 @@ def test_oauth_authorization_server_metadata(client: TestClient) -> None:
     assert payload["scopes_supported"] == ["read:repository", "write:repository"]
 
 
+def test_openid_configuration_metadata(client: TestClient) -> None:
+    """OpenID metadata is exposed for clients expecting OIDC discovery."""
+    response = client.get("/.well-known/openid-configuration")
+    assert response.status_code == 200
+    payload = response.json()
+    assert payload["issuer"] == "https://gitea.example.com"
+    assert payload["authorization_endpoint"].endswith("/login/oauth/authorize")
+    assert payload["token_endpoint"].endswith("/oauth/token")
+    assert payload["userinfo_endpoint"].endswith("/login/oauth/userinfo")
+    assert payload["jwks_uri"].endswith("/login/oauth/keys")
+    assert "read:repository" in payload["scopes_supported"]
+    assert "write:repository" in payload["scopes_supported"]
+
+
 def test_oauth_metadata_uses_public_base_url(monkeypatch: pytest.MonkeyPatch) -> None:
     """Public base URL is used for externally advertised OAuth metadata links."""
     monkeypatch.setenv("GITEA_URL", "https://gitea.example.com")
@@ -124,6 +141,19 @@ def test_oauth_metadata_uses_public_base_url(monkeypatch: pytest.MonkeyPatch) ->
     payload = metadata_response.json()
     assert payload["token_endpoint"] == "https://mcp.example.com/oauth/token"
 
+    openid_response = client.get("/.well-known/openid-configuration")
+    assert openid_response.status_code == 200
+    openid_payload = openid_response.json()
+    assert openid_payload["token_endpoint"] == "https://mcp.example.com/oauth/token"
+
+    protected_response = client.get("/.well-known/oauth-protected-resource")
+    assert protected_response.status_code == 200
+    protected_payload = protected_response.json()
+    assert protected_payload["authorization_servers"] == [
+        "https://mcp.example.com",
+        "https://gitea.example.com",
+    ]
+
     challenge_response = client.post(
         "/mcp/tool/call",
         json={"tool": "list_repositories", "arguments": {}},