fix(client): surface OAuth token persistence failures

[he-yufeng]

Summary

Fixes #2034.

When OAuth refresh succeeds but provider.saveTokens() fails, auth() should surface that persistence failure. The authorization server may already have rotated the refresh token, so silently falling through to a new authorization flow can hide the only useful error and leave the client with stale credentials.

This keeps the existing fallback behavior for refresh request failures, but moves saveTokens() out of that catch block so store/I/O failures propagate normally.

To verify

• pnpm --filter @modelcontextprotocol/client exec vitest run test/client/auth.test.ts -t "does not hide token persistence failures"
• pnpm --filter @modelcontextprotocol/client exec vitest run test/client/auth.test.ts
• pnpm --filter @modelcontextprotocol/client typecheck
• pnpm --filter @modelcontextprotocol/client lint
• git diff --check

The repository pre-push hook also ran workspace typecheck, build, and lint successfully.

[changeset-bot]

🦋 Changeset detected

Latest commit: c35d16f

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@modelcontextprotocol/client	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[pkg-pr-new]

Open in StackBlitz

@modelcontextprotocol/client

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/client@2121

@modelcontextprotocol/codemod

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/codemod@2121

@modelcontextprotocol/server

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/server@2121

@modelcontextprotocol/express

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/express@2121

@modelcontextprotocol/fastify

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/fastify@2121

@modelcontextprotocol/hono

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/hono@2121

@modelcontextprotocol/node

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/node@2121

commit: c35d16f

[he-yufeng]

The red CI job is the existing Cloudflare Workers/Miniflare flaky path ( est/server/cloudflareWorkers.test.ts: Network connection lost). The OAuth test, full client auth test file, typecheck, lint, and pre-push workspace checks pass locally. I don't have repository admin rights to rerun the failed job.

[he-yufeng]

Rebased onto current main, added the client patch changeset, and force-pushed c35d16f. Local validation: changeset status shows @modelcontextprotocol/client patch; client auth.test.ts passed with 168 tests; client typecheck and lint passed; git diff --check passed. Pre-push typecheck, build, and lint also passed.