Add Authentication Options for MCP Client Connections (#341)

Author: MikeAlhayek

Directory.Build.props

@@ -24,6 +24,7 @@
     <Authors>Mike Alhayek</Authors>
     <Company>CrestApps</Company>
     <PackageIcon>CrestAppsLogo.png</PackageIcon>
+    <PackageReadmeFile>README.md</PackageReadmeFile>
     <IsPackable>true</IsPackable>
     <PackageLicenseExpression>MIT</PackageLicenseExpression>
     <RepositoryUrl>https://github.com/CrestApps/CrestApps.OrchardCore</RepositoryUrl>
@@ -37,6 +38,10 @@
       <Pack>True</Pack>
       <PackagePath>CrestAppsLogo.png</PackagePath>
     </None>
+    <None Include="$(MSBuildThisFileDirectory)/src/README.md">
+      <Pack>True</Pack>
+      <PackagePath>README.md</PackagePath>
+    </None>
   </ItemGroup>
 
   <PropertyGroup>

src/Core/CrestApps.OrchardCore.AI.Chat.Interactions.Core/README.md

@@ -10,11 +10,6 @@
     <PackageTags>$(PackageTags) AI MCP ModelContextProtocol</PackageTags>
   </PropertyGroup>
 
-  <ItemGroup>
-    <Compile Remove="Handlers\**" />
-    <EmbeddedResource Remove="Handlers\**" />
-    <None Remove="Handlers\**" />
-  </ItemGroup>
 
   <ItemGroup>
     <PackageReference Include="OrchardCore.Infrastructure.Abstractions" />

src/Core/CrestApps.OrchardCore.AI.Mcp.Core/CrestApps.OrchardCore.AI.Mcp.Core.csproj

@@ -19,5 +19,5 @@ public interface IMcpClientTransportProvider
     /// </summary>
     /// <param name="connection">The MCP connection for which to obtain a transport.</param>
     /// <returns>An <see cref="IClientTransport"/> that can be used with the given connection.</returns>
-    IClientTransport Get(McpConnection connection);
+    Task<IClientTransport> GetAsync(McpConnection connection);
 }

src/Core/CrestApps.OrchardCore.AI.Mcp.Core/IMcpClientTransportProvider.cs

@@ -2,6 +2,8 @@ namespace CrestApps.OrchardCore.AI.Mcp.Core;
 
 public static class McpConstants
 {
+    public const string DataProtectionPurpose = "McpClientConnection";
+
     public static class Feature
     {
         public const string Area = "CrestApps.OrchardCore.AI.Mcp";

src/Core/CrestApps.OrchardCore.AI.Mcp.Core/McpConstants.cs

@@ -17,7 +17,7 @@ public McpService(
         _logger = logger;
     }
 
-    public Task<McpClient> GetOrCreateClientAsync(McpConnection connection)
+    public async Task<McpClient> GetOrCreateClientAsync(McpConnection connection)
     {
         ArgumentNullException.ThrowIfNull(connection);
 
@@ -30,7 +30,7 @@ public Task<McpClient> GetOrCreateClientAsync(McpConnection connection)
                 continue;
             }
 
-            transport = provider.Get(connection);
+            transport = await provider.GetAsync(connection);
         }
 
         if (transport is null)
@@ -40,6 +40,6 @@ public Task<McpClient> GetOrCreateClientAsync(McpConnection connection)
             return null;
         }
 
-        return McpClient.CreateAsync(transport);
+        return await McpClient.CreateAsync(transport);
     }
 }

src/Core/CrestApps.OrchardCore.AI.Mcp.Core/McpService.cs

@@ -0,0 +1,12 @@
+namespace CrestApps.OrchardCore.AI.Mcp.Core.Models;
+
+public enum McpClientAuthenticationType
+{
+    Anonymous,
+    ApiKey,
+    Basic,
+    OAuth2ClientCredentials,
+    OAuth2PrivateKeyJwt,
+    OAuth2Mtls,
+    CustomHeaders,
+}

src/Core/CrestApps.OrchardCore.AI.Mcp.Core/Models/McpClientAuthenticationType.cs

@@ -4,5 +4,39 @@ public sealed class SseMcpConnectionMetadata
 {
     public Uri Endpoint { get; set; }
 
+    public McpClientAuthenticationType AuthenticationType { get; set; }
+
+    // API Key authentication.
+    public string ApiKeyHeaderName { get; set; }
+
+    public string ApiKeyPrefix { get; set; }
+
+    public string ApiKey { get; set; }
+
+    // Basic authentication.
+    public string BasicUsername { get; set; }
+
+    public string BasicPassword { get; set; }
+
+    // OAuth 2.0 Client Credentials.
+    public string OAuth2TokenEndpoint { get; set; }
+
+    public string OAuth2ClientId { get; set; }
+
+    public string OAuth2ClientSecret { get; set; }
+
+    public string OAuth2Scopes { get; set; }
+
+    // OAuth 2.0 Private Key JWT.
+    public string OAuth2PrivateKey { get; set; }
+
+    public string OAuth2KeyId { get; set; }
+
+    // OAuth 2.0 Mutual TLS (mTLS).
+    public string OAuth2ClientCertificate { get; set; }
+
+    public string OAuth2ClientCertificatePassword { get; set; }
+
+    // Custom headers (advanced / legacy).
     public Dictionary<string, string> AdditionalHeaders { get; set; }
 }

src/Core/CrestApps.OrchardCore.AI.Mcp.Core/Models/SseMcpConnectionMetadata.cs

@@ -0,0 +1,19 @@
+namespace CrestApps.OrchardCore.AI.Mcp.Core.Services;
+
+public interface IOAuth2TokenService
+{
+    /// <summary>
+    /// Acquires an access token using the OAuth 2.0 client credentials grant.
+    /// </summary>
+    Task<string> AcquireTokenAsync(string tokenEndpoint, string clientId, string clientSecret, string scopes = null, CancellationToken cancellationToken = default);
+
+    /// <summary>
+    /// Acquires an access token using the OAuth 2.0 client credentials grant with a private key JWT client assertion.
+    /// </summary>
+    Task<string> AcquireTokenWithPrivateKeyJwtAsync(string tokenEndpoint, string clientId, string privateKeyPem, string keyId = null, string scopes = null, CancellationToken cancellationToken = default);
+
+    /// <summary>
+    /// Acquires an access token using the OAuth 2.0 client credentials grant with mutual TLS (mTLS) client authentication.
+    /// </summary>
+    Task<string> AcquireTokenWithMtlsAsync(string tokenEndpoint, string clientId, byte[] clientCertificateBytes, string certificatePassword = null, string scopes = null, CancellationToken cancellationToken = default);
+}