Fix silent token refresh to respect IncludeResourceIndicator and add doc warning

- GetAccessTokenSilentAsync now omits the resource parameter from token
  refresh requests when IncludeResourceIndicator is false, matching the
  behavior of the 401 handler and authorization URL paths.
- Added warning comment in getting-started.md about .GetAwaiter().GetResult()
  deadlock risk in SynchronizationContext environments.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: Varun Sharma

docs/concepts/getting-started.md

@@ -154,6 +154,9 @@ builder.Services.AddSingleton(sp =>
         Command = "dotnet",
         Arguments = ["run", "--project", "path/to/server"],
     });
+    // Note: .GetAwaiter().GetResult() is used here for simplicity in console apps.
+    // In ASP.NET Core or other environments with a SynchronizationContext,
+    // use an IHostedService to initialize async resources instead.
     return McpClient.CreateAsync(transport, loggerFactory: loggerFactory)
         .GetAwaiter().GetResult();
 });

src/ModelContextProtocol.Core/Authentication/ClientOAuthProvider.cs

@@ -156,7 +156,7 @@ internal override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage r
         // Try to refresh the access token if it is invalid and we have a refresh token.
         if (_authServerMetadata is not null && tokens?.RefreshToken is { Length: > 0 } refreshToken)
         {
-            var accessToken = await RefreshTokensAsync(refreshToken, resourceUri.ToString(), _authServerMetadata, cancellationToken).ConfigureAwait(false);
+            var accessToken = await RefreshTokensAsync(refreshToken, _includeResourceIndicator ? resourceUri.ToString() : null, _authServerMetadata, cancellationToken).ConfigureAwait(false);
             return (accessToken, true);
         }