POST a minimal request to the MCP endpoint (optionally with a bearer token); if it returns 401, return the WWW-Authenticate header value (else empty). Used to trigger discovery and detect step-up challenges.
POST a minimal request to the MCP endpoint (optionally with a bearer token); if it returns 401, return the WWW-Authenticate header value (else empty). Used to trigger discovery and detect step-up challenges.