Generates OAuth 2.0 Protected Resource Metadata (RFC 9728) for MCP servers.

This metadata document tells OAuth clients how to discover the authorization server and what scopes are available for this MCP resource server.

Endpoint

Served at GET /.well-known/oauth-protected-resource

Response Format

{
  "resource": "https://mcp.example.com",
  "authorization_servers": ["https://auth.example.com"],
  "scopes_supported": ["read", "write", "admin"],
  "bearer_methods_supported": ["header"]
}