Fix IPv6 loopback detection and avoid exposing internal test type publicly

Agent-Logs-Url: https://github.com/modelcontextprotocol/csharp-sdk/sessions/8a200407-8cc6-4c69-97e0-c9a6ad509b93

Co-authored-by: stephentoub <2642209+stephentoub@users.noreply.github.com>

Author: Copilot

src/ModelContextProtocol.Core/Authentication/ClientOAuthProvider.cs

@@ -718,7 +718,7 @@ private async Task PerformDynamicClientRegistrationAsync(
     private static bool IsLocalhostRedirectUri(Uri redirectUri)
         => redirectUri.Host.Equals("localhost", StringComparison.OrdinalIgnoreCase)
         || redirectUri.Host.Equals("127.0.0.1", StringComparison.Ordinal)
-        || redirectUri.Host.Equals("[::1]", StringComparison.Ordinal);
+        || redirectUri.Host.Equals("::1", StringComparison.Ordinal);
 
     private string? GetScopeParameter(ProtectedResourceMetadata protectedResourceMetadata)
     {

tests/ModelContextProtocol.AspNetCore.Tests/OAuth/AuthTests.cs

@@ -1284,7 +1284,7 @@ public async Task DynamicClientRegistration_SendsNativeApplicationType_ForLocalh
         await using var client = await McpClient.CreateAsync(
             transport, loggerFactory: LoggerFactory, cancellationToken: TestContext.Current.CancellationToken);
 
-        Assert.Equal("native", TestOAuthServer.LastRegistrationRequest?.ApplicationType);
+        Assert.Equal("native", TestOAuthServer.LastRegistrationApplicationType);
     }
 
     [Fact]
@@ -1309,7 +1309,7 @@ public async Task DynamicClientRegistration_SendsWebApplicationType_ForNonLocalh
         await using var client = await McpClient.CreateAsync(
             transport, loggerFactory: LoggerFactory, cancellationToken: TestContext.Current.CancellationToken);
 
-        Assert.Equal("web", TestOAuthServer.LastRegistrationRequest?.ApplicationType);
+        Assert.Equal("web", TestOAuthServer.LastRegistrationApplicationType);
     }
 
     [Fact]
@@ -1337,6 +1337,6 @@ public async Task DynamicClientRegistration_UsesExplicitApplicationType_WhenConf
         await using var client = await McpClient.CreateAsync(
             transport, loggerFactory: LoggerFactory, cancellationToken: TestContext.Current.CancellationToken);
 
-        Assert.Equal("web", TestOAuthServer.LastRegistrationRequest?.ApplicationType);
+        Assert.Equal("web", TestOAuthServer.LastRegistrationApplicationType);
     }
 }

tests/ModelContextProtocol.TestOAuthServer/ClientRegistrationRequest.cs

@@ -5,7 +5,7 @@ namespace ModelContextProtocol.TestOAuthServer;
 /// <summary>
 /// Represents a client registration request as defined in RFC 7591.
 /// </summary>
-public sealed class ClientRegistrationRequest
+internal sealed class ClientRegistrationRequest
 {
     /// <summary>
     /// Gets or sets the redirect URIs for the client.

tests/ModelContextProtocol.TestOAuthServer/Program.cs

@@ -82,9 +82,9 @@ public Program(ILoggerProvider? loggerProvider = null, IConnectionListenerFactor
     public IReadOnlyCollection<string> MetadataRequests => _metadataRequests.ToArray();
 
     /// <summary>
-    /// Gets the most recent dynamic client registration request received by the server.
+    /// Gets the application type from the most recent dynamic client registration request received by the server.
     /// </summary>
-    public ClientRegistrationRequest? LastRegistrationRequest { get; private set; }
+    public string? LastRegistrationApplicationType { get; private set; }
 
     /// <summary>
     /// Entry point for the application.
@@ -506,7 +506,7 @@ IResult HandleMetadataRequest(HttpContext context, string? issuerPath = null)
                 });
             }
 
-            LastRegistrationRequest = registrationRequest;
+            LastRegistrationApplicationType = registrationRequest.ApplicationType;
 
             // Validate redirect URIs are provided
             if (registrationRequest.RedirectUris.Count == 0)