Address code review feedback: add error handling and remove redundant assertion

Co-authored-by: halter73 <54385+halter73@users.noreply.github.com>

Author: Copilot

src/ModelContextProtocol.Core/Authentication/ClientOAuthProvider.cs

@@ -244,7 +244,15 @@ private async Task<string> GetAccessTokenAsync(HttpResponseMessage response, boo
         }
 
         // Convert string URIs to Uri objects for the selector
-        var authServerUris = availableAuthorizationServers.Select(s => new Uri(s)).ToList();
+        List<Uri> authServerUris = new();
+        foreach (var serverUriString in availableAuthorizationServers)
+        {
+            if (!Uri.TryCreate(serverUriString, UriKind.Absolute, out var serverUri))
+            {
+                ThrowFailedToHandleUnauthorizedResponse($"Invalid authorization server URI: '{serverUriString}'. Available servers: {string.Join(", ", availableAuthorizationServers)}");
+            }
+            authServerUris.Add(serverUri);
+        }
 
         // Select authorization server using configured strategy
         var selectedAuthServer = _authServerSelector(authServerUris);

tests/ModelContextProtocol.AspNetCore.Tests/OAuth/AuthTests.cs

@@ -788,6 +788,5 @@ public async Task ResourceMetadata_DoesNotAddTrailingSlash()
 
         // Verify that the Resource property does NOT have a trailing slash added
         Assert.Equal(resourceWithoutTrailingSlash, metadata.Resource);
-        Assert.DoesNotContain(resourceWithoutTrailingSlash + "/", metadata.Resource);
     }
 }