Our team built an MCP Server that uses Server Metadata Discovery and returns a WWW-Authenticate challenge with resource_metadata when the Authorization header is missing. Some users receive the “DCR not supported” message and are then prompted to manually enter a client_id (see attached image).
What’s the correct way to ensure that VS Code always uses the Microsoft public client ID (aebc6443-996d-45c2-90f0-388ff96faa56) when the authorization server (https://login.microsoftonline.com/common/v2.0) does not support Dynamic Client Registration?