oauth-approved-client session token needs a strict check at callback

Current implementation allows for refresh token theft. We use a static client ID but don't enforce consent for dynamically registered clients 

https://modelcontextprotocol.io/specification/draft/basic/authorization#confused-deputy-problem 