pub(crate) async fn handle_protected_resource_metadata(
__arg0: Extension<Shared<Receiver<Client>>>,
__arg1: Extension<McpOAuthConfig>,
__arg2: Extension<OauthMetadataMetrics>,
req: Request,
) -> ResponseExpand description
HTTP handler for PROTECTED_RESOURCE_METADATA_PATH.
Always public: no authentication is performed, by design. RFC 9728 places no auth requirements on this endpoint; clients must be able to fetch it before they have a token.
Returns 404 when this listener does not advertise OAuth (see
McpOAuthDiscovery) or has no issuer configured, 503 if the adapter
client is not yet available (a brief window at startup), 400 if the
request has no host information to construct a URL with, and 200 with
the JSON document otherwise.