modelcontextprotocol
diff --git a/‎samples/ProtectedMCPClient/Program.cs‎
Lines changed: 4 additions & 10 deletions b/‎samples/ProtectedMCPClient/Program.cs‎
Lines changed: 4 additions & 10 deletions
diff --git a/‎…cation/AuthorizationDelegatingHandler.cs‎ ‎…ntication/AuthenticatingMcpHttpClient.cs‎src/ModelContextProtocol.Core/Authentication/AuthorizationDelegatingHandler.cs renamed to src/ModelContextProtocol.Core/Authentication/AuthenticatingMcpHttpClient.cs
Lines changed: 19 additions & 49 deletions b/‎…cation/AuthorizationDelegatingHandler.cs‎ ‎…ntication/AuthenticatingMcpHttpClient.cs‎src/ModelContextProtocol.Core/Authentication/AuthorizationDelegatingHandler.cs renamed to src/ModelContextProtocol.Core/Authentication/AuthenticatingMcpHttpClient.cs
Lines changed: 19 additions & 49 deletions
diff --git a/‎src/ModelContextProtocol.Core/Client/AutoDetectingClientSessionTransport.cs‎
Lines changed: 2 additions & 2 deletions b/‎src/ModelContextProtocol.Core/Client/AutoDetectingClientSessionTransport.cs‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/ModelContextProtocol.Core/Client/McpHttpClient.cs‎
Lines changed: 42 additions & 0 deletions b/‎src/ModelContextProtocol.Core/Client/McpHttpClient.cs‎
Lines changed: 42 additions & 0 deletions
diff --git a/‎src/ModelContextProtocol.Core/Client/SseClientSessionTransport.cs‎
Lines changed: 5 additions & 18 deletions b/‎src/ModelContextProtocol.Core/Client/SseClientSessionTransport.cs‎
Lines changed: 5 additions & 18 deletions
@@ -5,7 +5,6 @@
 using System.Net;
 using System.Text;
 using System.Web;
-using static System.Runtime.InteropServices.JavaScript.JSType;
 
 Console.WriteLine("Protected MCP Weather Server");
 Console.WriteLine();
@@ -39,17 +38,12 @@
 
 try
 {
-    var transportOptions = new SseClientTransportOptions
+    var transport = new SseClientTransport(new()
     {
         Endpoint = new Uri(serverUrl),
-        Name = "Secure Weather Client"
-    };
-
-    // Create a transport with authentication support using the correct constructor parameters
-    var transport = new SseClientTransport(
-        transportOptions,
-        tokenProvider
-    );
+        Name = "Secure Weather Client",
+        CredentialProvider = tokenProvider,
+    });
 
     var client = await McpClientFactory.CreateAsync(transport);
 
 
@@ -1,46 +1,35 @@
+using ModelContextProtocol.Client;
+using ModelContextProtocol.Protocol;
 using System.Net.Http.Headers;
 
 namespace ModelContextProtocol.Authentication;
 
 /// <summary>
 /// A delegating handler that adds authentication tokens to requests and handles 401 responses.
 /// </summary>
-public class AuthorizationDelegatingHandler : DelegatingHandler
+internal sealed class AuthenticatingMcpHttpClient(HttpClient httpClient, IMcpCredentialProvider credentialProvider) : McpHttpClient(httpClient)
 {
-    private readonly IMcpCredentialProvider _credentialProvider;
-    private string _currentScheme;
-    private static readonly char[] SchemeSplitDelimiters = { ' ', ',' };
+    private static readonly char[] SchemeSplitDelimiters = [' ', ','];
 
-    /// <summary>
-    /// Initializes a new instance of the <see cref="AuthorizationDelegatingHandler"/> class.
-    /// </summary>
-    /// <param name="credentialProvider">The provider that supplies authentication tokens.</param>
-    public AuthorizationDelegatingHandler(IMcpCredentialProvider credentialProvider)
-    {
-        Throw.IfNull(credentialProvider);
-
-        _credentialProvider = credentialProvider;
-
-        // Select first supported scheme as the default
-        _currentScheme = _credentialProvider.SupportedSchemes.FirstOrDefault() ??
-            throw new ArgumentException("Authorization provider must support at least one authentication scheme.", nameof(credentialProvider));
-    }
+    // Select first supported scheme as the default
+    private string _currentScheme = credentialProvider.SupportedSchemes.FirstOrDefault() ??
+        throw new ArgumentException("Authorization provider must support at least one authentication scheme.", nameof(credentialProvider));
 
     /// <summary>
     /// Sends an HTTP request with authentication handling.
     /// </summary>
-    protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
+    internal override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, JsonRpcMessage? message, CancellationToken cancellationToken)
     {
         if (request.Headers.Authorization == null)
         {
             await AddAuthorizationHeaderAsync(request, _currentScheme, cancellationToken).ConfigureAwait(false);
         }
 
-        var response = await base.SendAsync(request, cancellationToken).ConfigureAwait(false);
+        var response = await base.SendAsync(request, message, cancellationToken).ConfigureAwait(false);
 
         if (response.StatusCode == System.Net.HttpStatusCode.Unauthorized)
         {
-            return await HandleUnauthorizedResponseAsync(request, response, cancellationToken).ConfigureAwait(false);
+            return await HandleUnauthorizedResponseAsync(request, message, response, cancellationToken).ConfigureAwait(false);
         }
 
         return response;
@@ -51,6 +40,7 @@ protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage
     /// </summary>
     private async Task<HttpResponseMessage> HandleUnauthorizedResponseAsync(
         HttpRequestMessage originalRequest,
+        JsonRpcMessage? originalJsonRpcMessage,
         HttpResponseMessage response,
         CancellationToken cancellationToken)
     {
@@ -64,14 +54,14 @@ private async Task<HttpResponseMessage> HandleUnauthorizedResponseAsync(
         string schemeUsed = originalRequest.Headers.Authorization?.Scheme ?? _currentScheme ?? string.Empty;
         if (!string.IsNullOrEmpty(schemeUsed) &&
             serverSchemes.Contains(schemeUsed) &&
-            _credentialProvider.SupportedSchemes.Contains(schemeUsed))
+            credentialProvider.SupportedSchemes.Contains(schemeUsed))
         {
             bestSchemeMatch = schemeUsed;
         }
         else
         {
             // Find the first server scheme that's in our supported set
-            bestSchemeMatch = serverSchemes.Intersect(_credentialProvider.SupportedSchemes, StringComparer.OrdinalIgnoreCase).FirstOrDefault();
+            bestSchemeMatch = serverSchemes.Intersect(credentialProvider.SupportedSchemes, StringComparer.OrdinalIgnoreCase).FirstOrDefault();
 
             // If no match was found, either throw an exception or use default
             if (bestSchemeMatch is null)
@@ -81,20 +71,20 @@ private async Task<HttpResponseMessage> HandleUnauthorizedResponseAsync(
                     throw new IOException(
                         $"The server does not support any of the provided authentication schemes." +
                         $"Server supports: [{string.Join(", ", serverSchemes)}], " +
-                        $"Provider supports: [{string.Join(", ", _credentialProvider.SupportedSchemes)}].");
+                        $"Provider supports: [{string.Join(", ", credentialProvider.SupportedSchemes)}].");
                 }
 
                 // If the server didn't specify any schemes, use the provider's default
-                bestSchemeMatch = _credentialProvider.SupportedSchemes.FirstOrDefault();
+                bestSchemeMatch = credentialProvider.SupportedSchemes.FirstOrDefault();
             }
         }
-        // If we have a scheme to try, use it
+
         if (bestSchemeMatch != null)
         {
             try
             {
                 // Try to handle the 401 response with the selected scheme
-                var (handled, recommendedScheme) = await _credentialProvider.HandleUnauthorizedResponseAsync(
+                var (handled, recommendedScheme) = await credentialProvider.HandleUnauthorizedResponseAsync(
                     response,
                     bestSchemeMatch,
                     cancellationToken).ConfigureAwait(false);
@@ -108,14 +98,8 @@ private async Task<HttpResponseMessage> HandleUnauthorizedResponseAsync(
 
                 _currentScheme = recommendedScheme ?? bestSchemeMatch;
             }
-            catch (McpException)
-            {
-                // Re-throw McpExceptions as-is to preserve the original error information
-                throw;
-            }
             catch (Exception ex)
             {
-                // Wrap other exceptions with additional context while preserving the original exception
                 throw new McpException(
                     $"Failed to handle unauthorized response with scheme '{bestSchemeMatch}'. " +
                     "The authentication provider encountered an error while processing the authentication challenge.",
@@ -128,7 +112,6 @@ private async Task<HttpResponseMessage> HandleUnauthorizedResponseAsync(
 #if NET
                 VersionPolicy = originalRequest.VersionPolicy,
 #endif
-                Content = originalRequest.Content
             };
 
             // Copy headers except Authorization which we'll set separately
@@ -139,23 +122,10 @@ private async Task<HttpResponseMessage> HandleUnauthorizedResponseAsync(
                     retryRequest.Headers.TryAddWithoutValidation(header.Key, header.Value);
                 }
             }
-#if NET
-            foreach (var property in originalRequest.Options)
-            {
-                retryRequest.Options.Set(new HttpRequestOptionsKey<object?>(property.Key), property.Value);
-            }
-#else
-            foreach (var property in originalRequest.Properties)
-            {
-                retryRequest.Properties.Add(property);
-            }
-#endif
 
-            // Add the new authorization header
             await AddAuthorizationHeaderAsync(retryRequest, _currentScheme, cancellationToken).ConfigureAwait(false);
 
-            // Send the retry request
-            return await base.SendAsync(retryRequest, cancellationToken).ConfigureAwait(false);
+            return await base.SendAsync(retryRequest, originalJsonRpcMessage, cancellationToken).ConfigureAwait(false);
         }
 
         return response; // Return the original response if we couldn't handle it
@@ -189,7 +159,7 @@ private async Task AddAuthorizationHeaderAsync(HttpRequestMessage request, strin
     {
         if (request.RequestUri != null)
         {
-            var token = await _credentialProvider.GetCredentialAsync(scheme, request.RequestUri, cancellationToken).ConfigureAwait(false);
+            var token = await credentialProvider.GetCredentialAsync(scheme, request.RequestUri, cancellationToken).ConfigureAwait(false);
             if (!string.IsNullOrEmpty(token))
             {
                 request.Headers.Authorization = new AuthenticationHeaderValue(scheme, token);
 
@@ -13,13 +13,13 @@ namespace ModelContextProtocol.Client;
 internal sealed partial class AutoDetectingClientSessionTransport : ITransport
 {
     private readonly SseClientTransportOptions _options;
-    private readonly HttpClient _httpClient;
+    private readonly McpHttpClient _httpClient;
     private readonly ILoggerFactory? _loggerFactory;
     private readonly ILogger _logger;
     private readonly string _name;
     private readonly Channel<JsonRpcMessage> _messageChannel;
 
-    public AutoDetectingClientSessionTransport(SseClientTransportOptions transportOptions, HttpClient httpClient, ILoggerFactory? loggerFactory, string endpointName)
+    public AutoDetectingClientSessionTransport(string endpointName, SseClientTransportOptions transportOptions, McpHttpClient httpClient, ILoggerFactory? loggerFactory)
     {
         Throw.IfNull(transportOptions);
         Throw.IfNull(httpClient);
 
@@ -0,0 +1,42 @@
+using ModelContextProtocol.Protocol;
+using System.Diagnostics;
+
+#if NET
+using System.Net.Http.Json;
+#else
+using System.Text;
+using System.Text.Json;
+#endif
+
+namespace ModelContextProtocol.Client;
+
+internal class McpHttpClient(HttpClient httpClient)
+{
+    internal virtual async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, JsonRpcMessage? message, CancellationToken cancellationToken)
+    {
+        Debug.Assert(request.Content is null, "The request body should only be supplied as a JsonRpcMessage");
+        Debug.Assert(message is null || request.Method == HttpMethod.Post, "All messages should be sent in POST requests.");
+
+        using var content = CreatePostBodyContent(message);
+        request.Content = content;
+        return await httpClient.SendAsync(request, HttpCompletionOption.ResponseHeadersRead, cancellationToken);
+    }
+
+    private HttpContent? CreatePostBodyContent(JsonRpcMessage? message)
+    {
+        if (message is null)
+        {
+            return null;
+        }
+
+#if NET
+        return JsonContent.Create(message, McpJsonUtilities.JsonContext.Default.JsonRpcMessage);
+#else
+        return new StringContent(
+            JsonSerializer.Serialize(message, McpJsonUtilities.JsonContext.Default.JsonRpcMessage),
+            Encoding.UTF8,
+            "application/json; charset=utf-8"
+        );
+#endif
+    }
+}
@@ -15,7 +15,7 @@ namespace ModelContextProtocol.Client;
 /// </summary>
 internal sealed partial class SseClientSessionTransport : TransportBase
 {
-    private readonly HttpClient _httpClient;
+    private readonly McpHttpClient _httpClient;
     private readonly SseClientTransportOptions _options;
     private readonly Uri _sseEndpoint;
     private Uri? _messageEndpoint;
@@ -31,7 +31,7 @@ internal sealed partial class SseClientSessionTransport : TransportBase
     public SseClientSessionTransport(
         string endpointName,
         SseClientTransportOptions transportOptions,
-        HttpClient httpClient,
+        McpHttpClient httpClient,
         Channel<JsonRpcMessage>? messageChannel,
         ILoggerFactory? loggerFactory)
         : base(endpointName, messageChannel, loggerFactory)
@@ -74,25 +74,16 @@ public override async Task SendMessageAsync(
         if (_messageEndpoint == null)
             throw new InvalidOperationException("Transport not connected");
 
-        using var content = new StringContent(
-            JsonSerializer.Serialize(message, McpJsonUtilities.JsonContext.Default.JsonRpcMessage),
-            Encoding.UTF8,
-            "application/json"
-        );
-
         string messageId = "(no id)";
 
         if (message is JsonRpcMessageWithId messageWithId)
         {
             messageId = messageWithId.Id.ToString();
         }
 
-        using var httpRequestMessage = new HttpRequestMessage(HttpMethod.Post, _messageEndpoint)
-        {
-            Content = content,
-        };
+        using var httpRequestMessage = new HttpRequestMessage(HttpMethod.Post, _messageEndpoint);
         StreamableHttpClientSessionTransport.CopyAdditionalHeaders(httpRequestMessage.Headers, _options.AdditionalHeaders, sessionId: null, protocolVersion: null);
-        var response = await _httpClient.SendAsync(httpRequestMessage, cancellationToken).ConfigureAwait(false);
+        var response = await _httpClient.SendAsync(httpRequestMessage, message, cancellationToken).ConfigureAwait(false);
 
         if (!response.IsSuccessStatusCode)
         {
@@ -154,11 +145,7 @@ private async Task ReceiveMessagesAsync(CancellationToken cancellationToken)
             request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("text/event-stream"));
             StreamableHttpClientSessionTransport.CopyAdditionalHeaders(request.Headers, _options.AdditionalHeaders, sessionId: null, protocolVersion: null);
 
-            using var response = await _httpClient.SendAsync(
-                request,
-                HttpCompletionOption.ResponseHeadersRead,
-                cancellationToken
-            ).ConfigureAwait(false);
+            using var response = await _httpClient.SendAsync(request, message: null, cancellationToken).ConfigureAwait(false);
 
             response.EnsureSuccessStatusCode();