docs: update QUICKSTART.md for simple plugin architecture

[omercnet]

Summary

• Update docs/QUICKSTART.md to reflect the new simple plugin architecture
• Release-please with PyPI trusted publishing is already configured

Changes

QUICKSTART.md Updates

• Updated Python version requirement from 3.8+ to 3.9+
• Replaced old server-wrapper instructions (--app-name descope-auth) with client-side plugin usage
• Added token acquisition instructions using Descope SDK
• Updated environment variables to use MLFLOW_TRACKING_AUTH=descope
• Updated troubleshooting section for the new architecture
• Removed references to Flow-based web component login (old architecture)

Release-Please + PyPI Trusted Publishing

Already configured in .github/workflows/release-please.yml:

• Uses pypa/gh-action-pypi-publish@release/v1 with trusted publishing
• Requires pypi environment with id-token: write permission
• Builds with uv build before publishing

Note: To complete trusted publishing setup, ensure the PyPI project has the GitHub repository configured as a trusted publisher at https://pypi.org/manage/project/mlflow-descope-auth/settings/publishing/

[Copilot]

Pull request overview

This PR updates the Quickstart documentation to reflect the new simple, client-side MLflow plugin architecture using Descope, replacing the previous server-wrapper/Flow-based approach. It aligns QUICKSTART with the existing README and ARCHITECTURE docs, including Python 3.9+ support and the MLFLOW_TRACKING_AUTH=descope activation model.

Changes:

• Updated prerequisites and installation instructions to require Python 3.9+ and emphasize mlflow-descope-auth as a client-side plugin.
• Replaced server --app-name descope-auth and Flow configuration steps with token-based authentication instructions using the Descope SDK and environment variables (DESCOPE_SESSION_TOKEN, DESCOPE_REFRESH_TOKEN, MLFLOW_TRACKING_AUTH, etc.).
• Expanded “What’s Next” and troubleshooting sections to cover plugin verification, automatic tagging, request headers, and debugging entry points and token validity.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

In this environment setup block, DESCOPE_REFRESH_TOKEN is listed under # Required, but in the rest of the codebase and README it is treated as optional (the plugin uses os.environ.get("DESCOPE_REFRESH_TOKEN") and the configuration reference marks it as not required). To avoid confusing users, please update this section so that only DESCOPE_PROJECT_ID and DESCOPE_SESSION_TOKEN are marked as required and DESCOPE_REFRESH_TOKEN is clearly described as optional for automatic token refresh.

Suggested change

	export DESCOPE_REFRESH_TOKEN="<your-refresh-token>"
	# Enable the plugin
	export MLFLOW_TRACKING_AUTH=descope
	# Optional (with defaults)
	# Enable the plugin
	export MLFLOW_TRACKING_AUTH=descope
	# Optional
	export DESCOPE_REFRESH_TOKEN="<your-refresh-token>" # Enables automatic token refresh if set

[omercnet]

Fixed in 71ac75d - moved DESCOPE_REFRESH_TOKEN to the optional section with a comment explaining it's for automatic token renewal.

[omercnet]

Updated in fbed538 - removed all DESCOPE_REFRESH_TOKEN references from docs. Token refresh is handled server-side (like django-descope) or client-side (browser JS), not via user-provided environment variables.