feat(cmid-server): Implement Server-Side Support for Client ID Metadata Documents (CIMD)

[punitmahes]

Implement Server-Side Support for Client ID Metadata Documents (CIMD)

Motivation and Context

This PR addresses issue #1801 by implementing server-side support for Client ID Metadata Documents (CIMD), as defined in SEP-991 and the MCP authorization specification.
Previously, the Authorization Server logic in the Python SDK could not resolve or validate clients that identify themselves via a URL (CIMD). This change enables the server to:

• Advertise Support: Tells clients the server supports CIMD by adding client_id_metadata_document_supported: True to the server metadata.
• Dynamic Resolution: Detects when a client_id is an HTTPS URL during the authorization flow.
• Fetch & Validate: Fetches the metadata document from the provided URL and validates that the client_id inside the document matches the request.
• Fallback Mechanism: If a client is not found in the static provider registry, it attempts to resolve it as a CIMD before returning an error.

How Has This Been Tested?

Added Unit Test Cases for the CIMD Server authorization flow -

• test_cimd_authorization_flow
• test_cimd_authorization_invalid_cimd_url
• test_cimd_authorization_invalid_client_id
• test_cimd_authorization_metadata_fetch_error

Breaking Changes

No

Types of changes

• New feature (non-breaking change which adds functionality)

Checklist

• I have read the MCP Documentation
• My code follows the repository's style guidelines
• New and existing tests pass locally
• I have added appropriate error handling
• I have added or updated documentation as needed