Describe the bug
Azure Active Directory supports S256 PKCE but doesn't advertise code_challenge_methods_supported in its OIDC discovery metadata. The MCP SDK's strict validation at line 779-783 rejects Azure as incompatible, even though Azure fully supports the required S256 code challenge method.

To Reproduce
Steps to reproduce the behavior:

1. Set up an MCP server that returns Azure AD as the authorization server in protected resource metadata:

{"resource":"http://localhost:3000/","authorization_servers":["https://login.microsoftonline.com/{tenant-id}"]}

2. Configure an MCP client (like mcp-remote) to connect with Azure OAuth credentials.
3. Attempt OAuth authentication flow
4. SDK discovers Azure OIDC metadata at https://login.microsoftonline.com/{tenant-id}/.well-known/openid-configuration
5. SDK validation fails because code_challenge_methods_supported field is missing from Azure's metadata

Expected behavior
Azure should be accepted as a compatible OIDC provider since it supports S256 PKCE (as documented in Microsoft's OAuth 2.0 auth code flow), and the OAuth flow should proceed normally.

Logs

Error: Incompatible OIDC provider at https://login.microsoftonline.com/{tenant-id}/.well-known/openid-configuration: does not support S256 code challenge method required by MCP specification
    at discoverAuthorizationServerMetadata (/path/to/sdk/src/client/auth.ts:780:15)

Additional context

• This affects enterprise adoption where Azure AD is commonly used as the identity provider
• Suggested fix: Change the validation to if (metadata.code_challenge_methods_supported && !metadata.code_challenge_methods_supported.includes('S256'))