Include client_id in client_credentials token request body

ClientCredentialsOAuthProvider._exchange_token_client_credentials() was
missing client_id in the token_data dict. Per RFC 6749 Section 2.3.1,
when using client_secret_post authentication, both client_id and
client_secret must be in the request body. The prepare_token_auth()
method only adds client_secret, so client_id was never sent.

This caused authentication failures when using client_secret_post
with OAuth providers that require client_id in the body.

Fixes #2128

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: rameshreddy-adutla

src/mcp/client/auth/extensions/client_credentials.py

@@ -90,6 +90,7 @@ async def _exchange_token_client_credentials(self) -> httpx.Request:
         """Build token exchange request for client_credentials grant."""
         token_data: dict[str, Any] = {
             "grant_type": "client_credentials",
+            "client_id": self._fixed_client_info.client_id,
         }
 
         headers: dict[str, str] = {"Content-Type": "application/x-www-form-urlencoded"}

tests/client/auth/extensions/test_client_credentials.py

@@ -249,6 +249,7 @@ async def test_exchange_token_client_credentials(self, mock_storage: MockTokenSt
 
         content = urllib.parse.unquote_plus(request.content.decode())
         assert "grant_type=client_credentials" in content
+        assert "client_id=test-client-id" in content
         assert "scope=read write" in content
         assert "resource=https://api.example.com/v1/mcp" in content
 
@@ -272,6 +273,7 @@ async def test_exchange_token_without_scopes(self, mock_storage: MockTokenStorag
 
         content = urllib.parse.unquote_plus(request.content.decode())
         assert "grant_type=client_credentials" in content
+        assert "client_id=test-client-id" in content
         assert "scope=" not in content
         assert "resource=" not in content