fix: conditionally include client_id for client_secret_post

When client_id is None, omit it from the request body instead of
raising an error. This supports edge cases where client_secret_post
authentication is used without a registered client_id.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: g97iulio1609

src/mcp/client/auth/oauth2.py

@@ -207,9 +207,8 @@ def prepare_token_auth(
             data = {k: v for k, v in data.items() if k != "client_secret"}
         elif auth_method == "client_secret_post" and self.client_info.client_secret:
             # Include client_id and client_secret in request body (RFC 6749 §2.3.1)
-            if not self.client_info.client_id:
-                raise OAuthFlowError("client_id is required for client_secret_post authentication")
-            data["client_id"] = self.client_info.client_id
+            if self.client_info.client_id:
+                data["client_id"] = self.client_info.client_id
             data["client_secret"] = self.client_info.client_secret
         # For auth_method == "none", don't add any client_secret