Fix JSON reference issues

localden · localden · commit 389fb3d028f6 · 2025-04-23T14:42:07.000-07:00
diff --git a/src/ModelContextProtocol/Protocol/Auth/AuthorizationService.cs b/src/ModelContextProtocol/Protocol/Auth/AuthorizationService.cs
@@ -4,6 +4,7 @@
 using System.Text;
 using System.Text.Json;
 using ModelContextProtocol.Utils;
+using ModelContextProtocol.Utils.Json;
 
 namespace ModelContextProtocol.Protocol.Auth;
 
@@ -65,12 +66,12 @@ internal class AuthorizationService
             using var metadataResponse = await s_httpClient.GetAsync(resourceMetadataUrl);
             metadataResponse.EnsureSuccessStatusCode();
             
-            return await JsonSerializer.DeserializeAsync<ResourceMetadata>(
-                await metadataResponse.Content.ReadAsStreamAsync(),
-                new JsonSerializerOptions
-                {
-                    PropertyNameCaseInsensitive = true
-                });
+            var contentStream = await metadataResponse.Content.ReadAsStreamAsync();
+            
+            // Read as string first, then deserialize using source-generated serializer
+            using var reader = new StreamReader(contentStream);
+            var json = await reader.ReadToEndAsync();
+            return JsonSerializer.Deserialize(json, McpJsonUtilities.JsonContext.Default.ResourceMetadata);
         }
         catch (Exception)
         {
@@ -102,12 +103,19 @@ public static async Task<AuthorizationServerMetadata> DiscoverAuthorizationServe
             using var openIdResponse = await s_httpClient.GetAsync(openIdConfigUrl);
             if (openIdResponse.IsSuccessStatusCode)
             {
-                return await JsonSerializer.DeserializeAsync<AuthorizationServerMetadata>(
-                    await openIdResponse.Content.ReadAsStreamAsync(),
-                    new JsonSerializerOptions
-                    {
-                        PropertyNameCaseInsensitive = true
-                    }) ?? throw new InvalidOperationException("Failed to parse authorization server metadata");
+                var contentStream = await openIdResponse.Content.ReadAsStreamAsync();
+                
+                // Use source-generated serialization instead of dynamic deserialization
+                using var reader = new StreamReader(contentStream);
+                var json = await reader.ReadToEndAsync();
+                var result = JsonSerializer.Deserialize(json, McpJsonUtilities.JsonContext.Default.AuthorizationServerMetadata);
+                
+                if (result == null)
+                {
+                    throw new InvalidOperationException("Failed to parse authorization server metadata");
+                }
+                
+                return result;
             }
         }
         catch (Exception ex) when (ex is not InvalidOperationException)
@@ -122,12 +130,19 @@ await openIdResponse.Content.ReadAsStreamAsync(),
             using var oauthResponse = await s_httpClient.GetAsync(oauthConfigUrl);
             if (oauthResponse.IsSuccessStatusCode)
             {
-                return await JsonSerializer.DeserializeAsync<AuthorizationServerMetadata>(
-                    await oauthResponse.Content.ReadAsStreamAsync(),
-                    new JsonSerializerOptions
-                    {
-                        PropertyNameCaseInsensitive = true
-                    }) ?? throw new InvalidOperationException("Failed to parse authorization server metadata");
+                var contentStream = await oauthResponse.Content.ReadAsStreamAsync();
+                
+                // Use source-generated serialization instead of dynamic deserialization
+                using var reader = new StreamReader(contentStream);
+                var json = await reader.ReadToEndAsync();
+                var result = JsonSerializer.Deserialize(json, McpJsonUtilities.JsonContext.Default.AuthorizationServerMetadata);
+                
+                if (result == null)
+                {
+                    throw new InvalidOperationException("Failed to parse authorization server metadata");
+                }
+                
+                return result;
             }
         }
         catch (Exception ex) when (ex is not InvalidOperationException)
@@ -160,19 +175,25 @@ public static async Task<ClientRegistrationResponse> RegisterClientAsync(
         }
 
         var content = new StringContent(
-            JsonSerializer.Serialize(clientMetadata),
+            JsonSerializer.Serialize(clientMetadata, McpJsonUtilities.JsonContext.Default.ClientMetadata),
             Encoding.UTF8,
             "application/json");
 
         using var response = await s_httpClient.PostAsync(metadata.RegistrationEndpoint, content);
         response.EnsureSuccessStatusCode();
 
-        return await JsonSerializer.DeserializeAsync<ClientRegistrationResponse>(
-            await response.Content.ReadAsStreamAsync(),
-            new JsonSerializerOptions
-            {
-                PropertyNameCaseInsensitive = true
-            }) ?? throw new InvalidOperationException("Failed to parse client registration response");
+        // Use source-generated serialization instead of dynamic deserialization
+        var contentStream = await response.Content.ReadAsStreamAsync();
+        using var reader = new StreamReader(contentStream);
+        var json = await reader.ReadToEndAsync();
+        var result = JsonSerializer.Deserialize(json, McpJsonUtilities.JsonContext.Default.ClientRegistrationResponse);
+        
+        if (result == null)
+        {
+            throw new InvalidOperationException("Failed to parse client registration response");
+        }
+        
+        return result;
     }
 
     /// <summary>
@@ -293,12 +314,18 @@ public static async Task<TokenResponse> ExchangeCodeForTokensAsync(
         using var response = await s_httpClient.SendAsync(request);
         response.EnsureSuccessStatusCode();
 
-        return await JsonSerializer.DeserializeAsync<TokenResponse>(
-            await response.Content.ReadAsStreamAsync(),
-            new JsonSerializerOptions
-            {
-                PropertyNameCaseInsensitive = true
-            }) ?? throw new InvalidOperationException("Failed to parse token response");
+        // Use source-generated serialization instead of dynamic deserialization
+        var contentStream = await response.Content.ReadAsStreamAsync();
+        using var reader = new StreamReader(contentStream);
+        var json = await reader.ReadToEndAsync();
+        var result = JsonSerializer.Deserialize(json, McpJsonUtilities.JsonContext.Default.TokenResponse);
+        
+        if (result == null)
+        {
+            throw new InvalidOperationException("Failed to parse token response");
+        }
+        
+        return result;
     }
 
     /// <summary>
@@ -341,12 +368,18 @@ public static async Task<TokenResponse> RefreshTokenAsync(
         using var response = await s_httpClient.SendAsync(request);
         response.EnsureSuccessStatusCode();
 
-        return await JsonSerializer.DeserializeAsync<TokenResponse>(
-            await response.Content.ReadAsStreamAsync(),
-            new JsonSerializerOptions
-            {
-                PropertyNameCaseInsensitive = true
-            }) ?? throw new InvalidOperationException("Failed to parse token response");
+        // Use source-generated serialization instead of dynamic deserialization
+        var contentStream = await response.Content.ReadAsStreamAsync();
+        using var reader = new StreamReader(contentStream);
+        var json = await reader.ReadToEndAsync();
+        var result = JsonSerializer.Deserialize(json, McpJsonUtilities.JsonContext.Default.TokenResponse);
+        
+        if (result == null)
+        {
+            throw new InvalidOperationException("Failed to parse token response");
+        }
+        
+        return result;
     }
 
     private static Dictionary<string, string> ParseAuthHeaderParameters(string parameters)
diff --git a/src/ModelContextProtocol/Protocol/Transport/SseClientTransport.cs b/src/ModelContextProtocol/Protocol/Transport/SseClientTransport.cs
@@ -16,7 +16,7 @@ namespace ModelContextProtocol.Protocol.Transport;
 /// </para>
 /// <para>
 /// The SSE transport can handle OAuth 2.0 authorization flows when connecting to servers that require authentication.
-/// You can provide an <see cref="AuthorizeCallback"/> in the transport options to handle the user authentication part
+/// You can provide an <see cref="SseClientTransportOptions.AuthorizeCallback"/> in the transport options to handle the user authentication part
 /// of the OAuth flow.
 /// </para>
 /// </remarks>
diff --git a/src/ModelContextProtocol/Utils/Json/McpJsonUtilities.cs b/src/ModelContextProtocol/Utils/Json/McpJsonUtilities.cs
@@ -122,6 +122,13 @@ internal static bool IsValidMcpToolSchema(JsonElement element)
     [JsonSerializable(typeof(SubscribeRequestParams))]
     [JsonSerializable(typeof(UnsubscribeRequestParams))]
     [JsonSerializable(typeof(IReadOnlyDictionary<string, object>))]
+    
+    // Authorization-related types
+    [JsonSerializable(typeof(Protocol.Auth.ResourceMetadata))]
+    [JsonSerializable(typeof(Protocol.Auth.AuthorizationServerMetadata))]
+    [JsonSerializable(typeof(Protocol.Auth.ClientMetadata))]
+    [JsonSerializable(typeof(Protocol.Auth.ClientRegistrationResponse))]
+    [JsonSerializable(typeof(Protocol.Auth.TokenResponse))]
 
     [ExcludeFromCodeCoverage]
     internal sealed partial class JsonContext : JsonSerializerContext;
