fix(mcp): generate OAuth state on-the-fly during initial connection

[jonahsnider]

Issue for this PR

Closes #16247

Type of change

• Bug fix
• New feature
• Refactor / code improvement
• Documentation

What does this PR do?

When connecting to a remote MCP server requiring OAuth, the SDK's auth flow calls provider.state() to get the state parameter.
This method was throwing when no state had been pre-generated, causing a non-UnauthorizedError that prevented the server from being recognized as needing auth.
The error fell through to the SSE transport fallback, which also failed, resulting in a generic "Non-200 status code" status instead of needs_auth.

How did you verify your code works?

Following the reproduction steps in #16247, you'll see that the TUI properly marks the server as needing authentication, rather than having an SSE transport error:

Screenshots / recordings

N/A - not a UI change

Checklist

• I have tested my changes locally
• I have not included unrelated changes in this PR

[github-actions]

The following comment was made by an LLM, it may be inaccurate:

Based on the search results, I found a potentially related PR:

Related PR:

• fix(mcp): fix OAuth auto-connect failing on first connection #15547 - fix(mcp): fix OAuth auto-connect failing on first connection
  • fix(mcp): fix OAuth auto-connect failing on first connection #15547
  • This PR also addresses MCP OAuth connection issues on initial connection, which is closely related to PR fix(mcp): generate OAuth state on-the-fly during initial connection #16248's fix for generating OAuth state on-the-fly during initial connection. These may be complementary fixes or addressing similar root causes.

The search also returned several other OAuth-related PRs (#11477, #11925, #13085, #9034) but these appear to be feature additions rather than duplicate fixes for the same issue.