[auth] Rename basic-dcr scenarios to metadata variants

Consolidate auth metadata discovery scenarios with consistent naming:
- AuthBasicDCRScenario → AuthMetadataDefaultScenario (auth/metadata-default)
- AuthBasicMetadataVar1Scenario → AuthMetadataVar1Scenario (auth/metadata-var1)
- AuthBasicMetadataVar2Scenario → AuthMetadataVar2Scenario (auth/metadata-var2)
- AuthBasicMetadataVar3Scenario → AuthMetadataVar3Scenario (auth/metadata-var3)

Also updates descriptions to use consistent markdown formatting with
bold headers for Registration, PRM, and OAuth metadata fields.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Author: pcarleton

src/scenarios/client/auth/discovery-metadata.ts

@@ -1,3 +1,16 @@
+/**
+ * OAuth Metadata Discovery Scenarios
+ *
+ * These scenarios test different combinations of PRM and OAuth metadata locations:
+ *
+ * | Scenario         | PRM Location                              | In WWW-Auth | OAuth Metadata Location                        |
+ * |------------------|-------------------------------------------|-------------|------------------------------------------------|
+ * | metadata-default | /.well-known/oauth-protected-resource/mcp | Yes         | /.well-known/oauth-authorization-server        |
+ * | metadata-var1    | /.well-known/oauth-protected-resource/mcp | No          | /.well-known/openid-configuration              |
+ * | metadata-var2    | /.well-known/oauth-protected-resource     | No          | /.well-known/oauth-authorization-server/tenant1|
+ * | metadata-var3    | /custom/metadata/location.json            | Yes         | /tenant1/.well-known/openid-configuration      |
+ */
+
 import type { Scenario, ConformanceCheck } from '../../../types.js';
 import { ScenarioUrls } from '../../../types.js';
 import { createAuthServer } from './helpers/createAuthServer.js';
@@ -6,10 +19,14 @@ import { ServerLifecycle } from './helpers/serverLifecycle.js';
 import { SpecReferences } from './spec-references.js';
 import { Request, Response } from 'express';
 
-export class AuthBasicDCRScenario implements Scenario {
-  name = 'auth/basic-dcr';
-  description =
-    'Tests Basic OAuth flow with DCR, PRM at path-based location, OAuth metadata at root location, and no scopes required';
+export class AuthMetadataDefaultScenario implements Scenario {
+  name = 'auth/metadata-default';
+  description = `Tests Basic OAuth metadata discovery flow.
+
+**Registration:** via DCR
+**PRM:** at path-based location (root returns 404)
+**OAuth metadata:** at root oauth-authorization-server path
+`;
   private authServer = new ServerLifecycle();
   private server = new ServerLifecycle();
   private checks: ConformanceCheck[] = [];
@@ -92,13 +109,13 @@ export class AuthBasicDCRScenario implements Scenario {
   }
 }
 
-export class AuthBasicMetadataVar1Scenario implements Scenario {
-  name = 'auth/basic-metadata-var1';
-  description = `
-Tests Basic OAuth flow with:
-Registration: via DCR
-PRM: At the path-based location (not in WWW-authenticate)
-OAuth metadata: at OpenID discovery path
+export class AuthMetadataVar1Scenario implements Scenario {
+  name = 'auth/metadata-var1';
+  description = `Tests Basic OAuth metadata discovery flow.
+
+**Registration:** via DCR
+**PRM:** at path-based location (not in WWW-Authenticate)
+**OAuth metadata:** at root openid-configuration path
 `;
   private authServer = new ServerLifecycle();
   private server = new ServerLifecycle();
@@ -118,7 +135,7 @@ OAuth metadata: at OpenID discovery path
       this.server.getUrl,
       this.authServer.getUrl,
       {
-        prmPath: '/.well-known/oauth-protected-resource',
+        // Uses default path-based PRM location
         includePrmInWwwAuth: false
       }
     );
@@ -156,10 +173,14 @@ OAuth metadata: at OpenID discovery path
   }
 }
 
-export class AuthBasicMetadataVar2Scenario implements Scenario {
-  name = 'auth/basic-metadata-var2';
-  description =
-    'Tests Basic OAuth flow with DCR, PRM at root location, OAuth metadata at path-based OAuth discovery path';
+export class AuthMetadataVar2Scenario implements Scenario {
+  name = 'auth/metadata-var2';
+  description = `Tests Basic OAuth metadata discovery flow.
+
+**Registration:** via DCR
+**PRM:** at root location (not in WWW-Authenticate)
+**OAuth metadata:** at path-based oauth-authorization-server path (/tenant1)
+`;
   private authServer = new ServerLifecycle();
   private server = new ServerLifecycle();
   private checks: ConformanceCheck[] = [];
@@ -168,8 +189,7 @@ export class AuthBasicMetadataVar2Scenario implements Scenario {
     this.checks = [];
 
     const authApp = createAuthServer(this.checks, this.authServer.getUrl, {
-      metadataPath: '/tenant1/.well-known/openid-configuration',
-      isOpenIdConfiguration: true,
+      metadataPath: '/.well-known/oauth-authorization-server/tenant1',
       routePrefix: '/tenant1'
     });
 
@@ -199,7 +219,8 @@ export class AuthBasicMetadataVar2Scenario implements Scenario {
       this.server.getUrl,
       () => `${this.authServer.getUrl()}/tenant1`,
       {
-        prmPath: '/.well-known/oauth-protected-resource'
+        prmPath: '/.well-known/oauth-protected-resource',
+        includePrmInWwwAuth: false
       }
     );
     await this.server.start(app);
@@ -236,10 +257,14 @@ export class AuthBasicMetadataVar2Scenario implements Scenario {
   }
 }
 
-export class AuthBasicMetadataVar3Scenario implements Scenario {
-  name = 'auth/basic-metadata-var3';
-  description =
-    'Tests Basic OAuth flow with DCR, PRM at custom location listed in WWW-Authenticate header, OAuth metadata is at nested OpenID discovery path, and no scopes required';
+export class AuthMetadataVar3Scenario implements Scenario {
+  name = 'auth/metadata-var3';
+  description = `Tests Basic OAuth metadata discovery flow.
+
+**Registration:** via DCR
+**PRM:** at custom path (via resource_metadata in WWW-Authenticate)
+**OAuth metadata:** at path-based openid-configuration path (/tenant1)
+`;
   private authServer = new ServerLifecycle();
   private server = new ServerLifecycle();
   private checks: ConformanceCheck[] = [];

src/scenarios/client/auth/index.test.ts

@@ -42,7 +42,7 @@ describe('Client Auth Scenarios', () => {
 describe('Negative tests', () => {
   test('bad client requests root PRM location', async () => {
     const runner = new InlineClientRunner(badPrmClient);
-    await runClientAgainstScenario(runner, 'auth/basic-dcr', [
+    await runClientAgainstScenario(runner, 'auth/metadata-default', [
       'prm-priority-order'
     ]);
   });

src/scenarios/client/auth/index.ts

@@ -1,9 +1,9 @@
 import { Scenario } from '../../../types';
-import { AuthBasicDCRScenario } from './basic-dcr.js';
 import {
-  AuthBasicMetadataVar1Scenario,
-  AuthBasicMetadataVar2Scenario,
-  AuthBasicMetadataVar3Scenario
+  AuthMetadataDefaultScenario,
+  AuthMetadataVar1Scenario,
+  AuthMetadataVar2Scenario,
+  AuthMetadataVar3Scenario
 } from './discovery-metadata.js';
 import {
   Auth20250326OAuthMetadataBackcompatScenario,
@@ -17,10 +17,10 @@ import {
 } from './scope-handling.js';
 
 export const authScenariosList: Scenario[] = [
-  new AuthBasicDCRScenario(),
-  new AuthBasicMetadataVar1Scenario(),
-  new AuthBasicMetadataVar2Scenario(),
-  new AuthBasicMetadataVar3Scenario(),
+  new AuthMetadataDefaultScenario(),
+  new AuthMetadataVar1Scenario(),
+  new AuthMetadataVar2Scenario(),
+  new AuthMetadataVar3Scenario(),
   new Auth20250326OAuthMetadataBackcompatScenario(),
   new Auth20250326OEndpointFallbackScenario(),
   new ScopeFromWwwAuthenticateScenario(),