Minor optimizations to the delegating handler

localden · localden · commit 22962cf070dc · 2025-05-07T21:35:31.000-07:00
diff --git a/src/ModelContextProtocol/Authentication/AuthorizationDelegatingHandler.cs b/src/ModelContextProtocol/Authentication/AuthorizationDelegatingHandler.cs
@@ -59,19 +59,20 @@ private async Task<HttpResponseMessage> HandleUnauthorizedResponseAsync(
         var serverSchemes = ExtractServerSupportedSchemes(response);
 
         // Find the intersection between what the server supports and what our provider supports
-        var supportedSchemes = _authorizationProvider.SupportedSchemes.ToList();
         string? bestSchemeMatch = null;
 
         // First try to find a direct match with the current scheme if it's still valid
         string schemeUsed = originalRequest.Headers.Authorization?.Scheme ?? _currentScheme ?? string.Empty;
-        if (serverSchemes.Contains(schemeUsed) && supportedSchemes.Contains(schemeUsed))
+        if (!string.IsNullOrEmpty(schemeUsed) && 
+            serverSchemes.Contains(schemeUsed) && 
+            _authorizationProvider.SupportedSchemes.Contains(schemeUsed))
         {
             bestSchemeMatch = schemeUsed;
         }
         else
         {
             // Find the first server scheme that's in our supported set
-            bestSchemeMatch = serverSchemes.Intersect(supportedSchemes, StringComparer.OrdinalIgnoreCase).FirstOrDefault();
+            bestSchemeMatch = serverSchemes.Intersect(_authorizationProvider.SupportedSchemes, StringComparer.OrdinalIgnoreCase).FirstOrDefault();
 
             // If no match was found, either throw an exception or use default
             if (bestSchemeMatch is null)
@@ -80,11 +81,11 @@ private async Task<HttpResponseMessage> HandleUnauthorizedResponseAsync(
                 {
                     throw new InvalidOperationException(
                         $"No matching authentication scheme found. Server supports: [{string.Join(", ", serverSchemes)}], " +
-                        $"Provider supports: [{string.Join(", ", supportedSchemes)}].");
+                        $"Provider supports: [{string.Join(", ", _authorizationProvider.SupportedSchemes)}].");
                 }
 
                 // If the server didn't specify any schemes, use the provider's default
-                bestSchemeMatch = supportedSchemes.FirstOrDefault();
+                bestSchemeMatch = _authorizationProvider.SupportedSchemes.FirstOrDefault();
             }
         }
 
@@ -148,9 +149,9 @@ private async Task<HttpResponseMessage> HandleUnauthorizedResponseAsync(
     /// <summary>
     /// Extracts the authentication schemes that the server supports from the WWW-Authenticate headers.
     /// </summary>
-    private static List<string> ExtractServerSupportedSchemes(HttpResponseMessage response)
+    private static HashSet<string> ExtractServerSupportedSchemes(HttpResponseMessage response)
     {
-        var serverSchemes = new List<string>();
+        var serverSchemes = new HashSet<string>(StringComparer.OrdinalIgnoreCase);
         
         if (response.Headers.Contains("WWW-Authenticate"))
         {

Original file line number	Diff line number	Diff line change
`@@ -59,19 +59,20 @@ private async Task<HttpResponseMessage> HandleUnauthorizedResponseAsync(`
`59`	`59`	`var serverSchemes = ExtractServerSupportedSchemes(response);`
`60`	`60`
`61`	`61`	`// Find the intersection between what the server supports and what our provider supports`
`62`		`- var supportedSchemes = _authorizationProvider.SupportedSchemes.ToList();`
`63`	`62`	`string? bestSchemeMatch = null;`
`64`	`63`
`65`	`64`	`// First try to find a direct match with the current scheme if it's still valid`
`66`	`65`	`string schemeUsed = originalRequest.Headers.Authorization?.Scheme ?? _currentScheme ?? string.Empty;`
`67`		`- if (serverSchemes.Contains(schemeUsed) && supportedSchemes.Contains(schemeUsed))`
	`66`	`+ if (!string.IsNullOrEmpty(schemeUsed) &&`
	`67`	`+ serverSchemes.Contains(schemeUsed) &&`
	`68`	`+ _authorizationProvider.SupportedSchemes.Contains(schemeUsed))`
`68`	`69`	`{`
`69`	`70`	`bestSchemeMatch = schemeUsed;`
`70`	`71`	`}`
`71`	`72`	`else`
`72`	`73`	`{`
`73`	`74`	`// Find the first server scheme that's in our supported set`
`74`		`- bestSchemeMatch = serverSchemes.Intersect(supportedSchemes, StringComparer.OrdinalIgnoreCase).FirstOrDefault();`
	`75`	`+ bestSchemeMatch = serverSchemes.Intersect(_authorizationProvider.SupportedSchemes, StringComparer.OrdinalIgnoreCase).FirstOrDefault();`
`75`	`76`
`76`	`77`	`// If no match was found, either throw an exception or use default`
`77`	`78`	`if (bestSchemeMatch is null)`
`@@ -80,11 +81,11 @@ private async Task<HttpResponseMessage> HandleUnauthorizedResponseAsync(`
`80`	`81`	`{`
`81`	`82`	`throw new InvalidOperationException(`
`82`	`83`	`$"No matching authentication scheme found. Server supports: [{string.Join(", ", serverSchemes)}], " +`
`83`		`- $"Provider supports: [{string.Join(", ", supportedSchemes)}].");`
	`84`	`+ $"Provider supports: [{string.Join(", ", _authorizationProvider.SupportedSchemes)}].");`
`84`	`85`	`}`
`85`	`86`
`86`	`87`	`// If the server didn't specify any schemes, use the provider's default`
`87`		`- bestSchemeMatch = supportedSchemes.FirstOrDefault();`
	`88`	`+ bestSchemeMatch = _authorizationProvider.SupportedSchemes.FirstOrDefault();`
`88`	`89`	`}`
`89`	`90`	`}`
`90`	`91`
`@@ -148,9 +149,9 @@ private async Task<HttpResponseMessage> HandleUnauthorizedResponseAsync(`
`148`	`149`	`/// <summary>`
`149`	`150`	`/// Extracts the authentication schemes that the server supports from the WWW-Authenticate headers.`
`150`	`151`	`/// </summary>`
`151`		`- private static List<string> ExtractServerSupportedSchemes(HttpResponseMessage response)`
	`152`	`+ private static HashSet<string> ExtractServerSupportedSchemes(HttpResponseMessage response)`
`152`	`153`	`{`
`153`		`- var serverSchemes = new List<string>();`
	`154`	`+ var serverSchemes = new HashSet<string>(StringComparer.OrdinalIgnoreCase);`
`154`	`155`
`155`	`156`	`if (response.Headers.Contains("WWW-Authenticate"))`
`156`	`157`	`{`