Does this issue occur when all extensions are disabled?: Yes/No

• VS Code Version: Version: 1.104.0-insider (Universal)
• OS Version: 15.6 (24G84) MAC

Problem
VS Code's external authorization code request includes a resource indicator which allows AuthZ server to construct the token narrowly targeted for the protected resource (MCP server). However, VSCode doesn't include the same resource indicator into subsequent token request (exchange code for tokens) as mandated by rfc8707 (https://datatracker.ietf.org/doc/html/rfc8707#token-endpoint-example-ac). When resource indicator is present on the authorize request but is missing from the token request, some implementations of IDPs will fail to create an audience claim on the resulting token resulting in token validation failures on the protected resource (MCP server).

Root Cause
Missing check for the resource indicator leading to a missing resource indicator parameter in the exchange code for token request.

Impact
Token validation failures on the protected resource due to missing audience.

Code Reference
This code perhaps may be the cause