Update with better DevEx

Author: localden

samples/ProtectedMCPClient/BasicOAuthAuthorizationProvider.cs

@@ -35,6 +35,8 @@ public class BasicOAuthAuthorizationProvider(
     // Store auth server metadata separately so token only stores token data
     private AuthorizationServerMetadata? _authServerMetadata;
 
+    public string AuthorizationScheme => "Bearer";
+
     /// <inheritdoc />
     public async Task<string?> GetCredentialAsync(Uri resourceUri, CancellationToken cancellationToken = default)
     {

samples/ProtectedMCPClient/Program.cs

@@ -18,14 +18,7 @@ static async Task Main(string[] args)
             clientId: "6ad97b5f-7a7b-413f-8603-7a3517d4adb8",
             redirectUri: new Uri("http://localhost:1179/callback"),
             scopes: new List<string> { "api://167b4284-3f92-4436-92ed-38b38f83ae08/weather.read" }
-            );
-
-        var authHandler = new AuthorizationDelegatingHandler(tokenProvider, "Bearer")
-        {
-            InnerHandler = new HttpClientHandler() 
-        };
-
-        var httpClient = new HttpClient(authHandler);
+        );
 
         Console.WriteLine();
         Console.WriteLine($"Connecting to weather server at {serverUrl}...");
@@ -38,7 +31,7 @@ static async Task Main(string[] args)
                 Name = "Secure Weather Client"
             };
 
-            var transport = new SseClientTransport(transportOptions, httpClient);
+            var transport = new SseClientTransport(transportOptions, tokenProvider);
 
             var client = await McpClientFactory.CreateAsync(transport);
 

src/ModelContextProtocol/Authentication/AuthorizationDelegatingHandler.cs

@@ -7,18 +7,15 @@ namespace ModelContextProtocol.Authentication;
 /// </summary>
 public class AuthorizationDelegatingHandler : DelegatingHandler
 {
-    private readonly IMcpAuthorizationProvider _tokenProvider;
-    private readonly string _scheme;
+    private readonly IMcpAuthorizationProvider _authorizationProvider;
 
     /// <summary>
     /// Initializes a new instance of the <see cref="AuthorizationDelegatingHandler"/> class.
     /// </summary>
-    /// <param name="tokenProvider">The provider that supplies authentication tokens.</param>
-    /// <param name="scheme">The authentication scheme to use, e.g., "Bearer".</param>
-    public AuthorizationDelegatingHandler(IMcpAuthorizationProvider tokenProvider, string scheme)
+    /// <param name="authorizationProvider">The provider that supplies authentication tokens.</param>
+    public AuthorizationDelegatingHandler(IMcpAuthorizationProvider authorizationProvider)
     {
-        _tokenProvider = tokenProvider ?? throw new ArgumentNullException(nameof(tokenProvider));
-        _scheme = scheme ?? throw new ArgumentNullException(nameof(scheme));
+        _authorizationProvider = authorizationProvider ?? throw new ArgumentNullException(nameof(authorizationProvider));
     }
 
     /// <summary>
@@ -39,7 +36,7 @@ protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage
         if (response.StatusCode == System.Net.HttpStatusCode.Unauthorized)
         {
             // Try to handle the unauthorized response
-            var handled = await _tokenProvider.HandleUnauthorizedResponseAsync(
+            var handled = await _authorizationProvider.HandleUnauthorizedResponseAsync(
                 response,
                 cancellationToken);
 
@@ -66,10 +63,10 @@ private async Task AddAuthorizationHeaderAsync(HttpRequestMessage request, Cance
     {
         if (request.RequestUri != null)
         {
-            var token = await _tokenProvider.GetCredentialAsync(request.RequestUri, cancellationToken);
+            var token = await _authorizationProvider.GetCredentialAsync(request.RequestUri, cancellationToken);
             if (!string.IsNullOrEmpty(token))
             {
-                request.Headers.Authorization = new AuthenticationHeaderValue(_scheme, token);
+                request.Headers.Authorization = new AuthenticationHeaderValue(_authorizationProvider.AuthorizationScheme, token);
             }
         }
     }

src/ModelContextProtocol/Authentication/ITokenProvider.cs

@@ -6,6 +6,16 @@ namespace ModelContextProtocol.Authentication;
 /// </summary>
 public interface IMcpAuthorizationProvider
 {
+    /// <summary>
+    /// Gets the authentication scheme to use with credentials from this provider.
+    /// </summary>
+    /// <remarks>
+    /// <para>
+    /// Common values include "Bearer" for JWT tokens and "Basic" for username/password authentication.
+    /// </para>
+    /// </remarks>
+    string AuthorizationScheme { get; }
+
     /// <summary>
     /// Gets an authentication token or credential for authenticating requests to a resource.
     /// </summary>

src/ModelContextProtocol/Protocol/Transport/SseClientTransport.cs

@@ -1,4 +1,5 @@
 using Microsoft.Extensions.Logging;
+using ModelContextProtocol.Authentication;
 using ModelContextProtocol.Utils;
 
 namespace ModelContextProtocol.Protocol.Transport;
@@ -51,6 +52,32 @@ public SseClientTransport(SseClientTransportOptions transportOptions, HttpClient
         Name = transportOptions.Name ?? transportOptions.Endpoint.ToString();
     }
 
+    /// <summary>
+    /// Initializes a new instance of the <see cref="SseClientTransport"/> class with authentication support.
+    /// </summary>
+    /// <param name="transportOptions">Configuration options for the transport.</param>
+    /// <param name="authorizationProvider">The authorization provider to use for authentication.</param>
+    /// <param name="loggerFactory">Logger factory for creating loggers used for diagnostic output during transport operations.</param>
+    public SseClientTransport(SseClientTransportOptions transportOptions, IMcpAuthorizationProvider authorizationProvider, ILoggerFactory? loggerFactory = null)
+    {
+        Throw.IfNull(transportOptions);
+        Throw.IfNull(authorizationProvider);
+
+        _options = transportOptions;
+        _loggerFactory = loggerFactory;
+        Name = transportOptions.Name ?? transportOptions.Endpoint.ToString();
+
+        // Create an auth handler with the authorization provider
+        var authHandler = new AuthorizationDelegatingHandler(authorizationProvider)
+        {
+            InnerHandler = new HttpClientHandler()
+        };
+        
+        // Create an HttpClient with the auth handler
+        _httpClient = new HttpClient(authHandler);
+        _ownsHttpClient = true;
+    }
+
     /// <inheritdoc />
     public string Name { get; }
 

src/ModelContextProtocol/Protocol/Transport/SseClientTransportOptions.cs

@@ -1,5 +1,7 @@
 namespace ModelContextProtocol.Protocol.Transport;
 
+using ModelContextProtocol.Authentication;
+
 /// <summary>
 /// Provides options for configuring <see cref="SseClientTransport"/> instances.
 /// </summary>