Add a note to the Secure MCP server about GitHub secret

Author: sberyozkin

_posts/2025-04-28-secure-mcp-sse-server.adoc

@@ -287,6 +287,21 @@ Access `http://localhost:8080/login`, login to GitHub, and copy the returned acc
 
 image::github_access_token.png[GitHub access token,align="center"]
 
+[NOTE]
+====
+By default, Quarkus GitHub provider submits the client id and secret in the HTTP Authorization header.
+However, GitHub may require that both client id and secret are submitted as form parameters instead.
+
+When you get HTTP 401 error after logging in to GitHub and being redirected back to Quarkus MCP server,
+try to replace `%prod.quarkus.oidc.login.credentials.secret=${github.client.secret}` property
+with the following two properties instead:
+
+[source,properties]
+----
+%prod.quarkus.oidc.login.credentials.client-secret.method=post
+%prod.quarkus.oidc.login.credentials.client-secret.value=${github.client.secret}
+----
+
 [[mcp-inspector]]
 === Use MCP Inspector to access the MCP server