Remove handler from transport definition

Author: localden

samples/AuthorizationExample/Program.cs

@@ -36,10 +36,8 @@ public static async Task Main(string[] args)
                 RedirectUris = new[] 
                 { 
                     $"http://{hostname}:{port}{callbackPath}" 
-                },
-
-                // Configure the authorize callback with the same hostname, port, and path
-                AuthorizeCallback = SseClientTransport.CreateHttpListenerAuthorizeCallback(
+                },                // Configure the authorize callback with the same hostname, port, and path
+                AuthorizeCallback = AuthorizationService.CreateHttpListenerAuthorizeCallback(
                     openBrowser: async (url) =>
                     {
                         Console.WriteLine($"Opening browser to authorize at: {url}");

src/ModelContextProtocol/Protocol/Auth/AuthorizationServerMetadata.cs

@@ -5,7 +5,7 @@ namespace ModelContextProtocol.Protocol.Auth;
 /// <summary>
 /// Represents OAuth 2.0 authorization server metadata as defined in RFC 8414.
 /// </summary>
-internal class AuthorizationServerMetadata
+public class AuthorizationServerMetadata
 {
     /// <summary>
     /// Gets or sets the authorization endpoint URL.

src/ModelContextProtocol/Protocol/Auth/AuthorizationService.cs

@@ -11,7 +11,7 @@ namespace ModelContextProtocol.Protocol.Auth;
 /// <summary>
 /// Provides OAuth 2.0 authorization services for MCP clients.
 /// </summary>
-internal class AuthorizationService
+public class AuthorizationService
 {
     private static readonly HttpClient s_httpClient = new()
     {
@@ -448,9 +448,166 @@ private static Dictionary<string, string> ParseAuthHeaderParameters(string param
                     break;
 
                 start = commaPos + 1;
-            }
-        }
+            }        }
 
         return result;
     }
+
+    /// <summary>
+    /// Creates an HTTP listener callback for handling OAuth 2.0 authorization code flow.
+    /// </summary>
+    /// <param name="openBrowser">A function that opens a browser with the given URL.</param>
+    /// <param name="hostname">The hostname to listen on. Defaults to "localhost".</param>
+    /// <param name="listenPort">The port to listen on. Defaults to 8888.</param>
+    /// <param name="redirectPath">The redirect path for the HTTP listener. Defaults to "/callback".</param>
+    /// <returns>
+    /// A function that takes <see cref="ClientMetadata"/> and returns a task that resolves to a tuple containing
+    /// the redirect URI and the authorization code.
+    /// </returns>
+    public static Func<ClientMetadata, Task<(string RedirectUri, string Code)>> CreateHttpListenerAuthorizeCallback(
+        Func<string, Task> openBrowser,
+        string hostname = "localhost",
+        int listenPort = 8888,
+        string redirectPath = "/callback")
+    {
+        return async (ClientMetadata clientMetadata) =>
+        {
+            string redirectUri = $"http://{hostname}:{listenPort}{redirectPath}";
+
+            foreach (var uri in clientMetadata.RedirectUris)
+            {
+                if (uri.StartsWith($"http://{hostname}", StringComparison.OrdinalIgnoreCase) &&
+                    Uri.TryCreate(uri, UriKind.Absolute, out var parsedUri))
+                {
+                    redirectUri = uri;
+                    listenPort = parsedUri.IsDefaultPort ? 80 : parsedUri.Port;
+                    redirectPath = parsedUri.AbsolutePath;
+                    break;
+                }
+            }
+
+            var authCodeTcs = new TaskCompletionSource<string>();
+            // Ensure the path has a trailing slash for the HttpListener prefix
+            string listenerPrefix = $"http://{hostname}:{listenPort}{redirectPath}";
+            if (!listenerPrefix.EndsWith("/"))
+            {
+                listenerPrefix += "/";
+            }
+
+            using var listener = new HttpListener();
+            listener.Prefixes.Add(listenerPrefix);
+            
+            // Start the listener BEFORE opening the browser
+            try
+            {
+                listener.Start();
+            }
+            catch (HttpListenerException ex)
+            {
+                throw new McpException($"Failed to start HTTP listener on {listenerPrefix}: {ex.Message}", McpErrorCode.InvalidRequest);
+            }
+
+            // Create a cancellation token source with a timeout
+            using var cts = new CancellationTokenSource(TimeSpan.FromMinutes(5));
+            
+            _ = Task.Run(async () =>
+            {
+                try
+                {
+                    // GetContextAsync doesn't accept a cancellation token, so we need to handle cancellation manually
+                    var contextTask = listener.GetContextAsync();
+                    var completedTask = await Task.WhenAny(contextTask, Task.Delay(Timeout.Infinite, cts.Token));
+                    
+                    if (completedTask == contextTask)
+                    {
+                        var context = await contextTask;
+                        var request = context.Request;
+                        var response = context.Response;
+
+                        string? code = request.QueryString["code"];
+                        string? error = request.QueryString["error"];
+                        string html;
+                        string? resultCode = null;
+
+                        if (!string.IsNullOrEmpty(error))
+                        {
+                            html = $"<html><body><h1>Authorization Failed</h1><p>Error: {WebUtility.HtmlEncode(error)}</p></body></html>";
+                        }
+                        else if (string.IsNullOrEmpty(code))
+                        {
+                            html = "<html><body><h1>Authorization Failed</h1><p>No authorization code received.</p></body></html>";
+                        }
+                        else
+                        {
+                            html = "<html><body><h1>Authorization Successful</h1><p>You may now close this window.</p></body></html>";
+                            resultCode = code;
+                        }
+
+                        try
+                        {
+                            // Send response to browser
+                            byte[] buffer = Encoding.UTF8.GetBytes(html);
+                            response.ContentType = "text/html";
+                            response.ContentLength64 = buffer.Length;
+                            response.OutputStream.Write(buffer, 0, buffer.Length);
+                            
+                            // IMPORTANT: Explicitly close the response to ensure it's fully sent
+                            response.Close();
+                            
+                            // Now that we've finished processing the browser response,
+                            // we can safely signal completion or failure with the auth code
+                            if (resultCode != null)
+                            {
+                                authCodeTcs.TrySetResult(resultCode);
+                            }
+                            else if (!string.IsNullOrEmpty(error))
+                            {
+                                authCodeTcs.TrySetException(new McpException($"Authorization failed: {error}", McpErrorCode.InvalidRequest));
+                            }
+                            else
+                            {
+                                authCodeTcs.TrySetException(new McpException("No authorization code received", McpErrorCode.InvalidRequest));
+                            }
+                        }
+                        catch (Exception ex)
+                        {
+                            authCodeTcs.TrySetException(new McpException($"Error processing browser response: {ex.Message}", McpErrorCode.InvalidRequest));
+                        }
+                    }
+                }
+                catch (Exception ex)
+                {
+                    authCodeTcs.TrySetException(ex);
+                }
+            });
+
+            // Now open the browser AFTER the listener is started
+            if (!string.IsNullOrEmpty(clientMetadata.ClientUri))
+            {
+                await openBrowser(clientMetadata.ClientUri!);
+            }
+            else
+            {
+                // Stop the listener before throwing
+                listener.Stop();
+                throw new McpException("Client URI is missing in metadata.", McpErrorCode.InvalidRequest);
+            }
+
+            try
+            {
+                // Use a timeout to avoid hanging indefinitely
+                string authCode = await authCodeTcs.Task.WaitAsync(cts.Token);
+                return (redirectUri, authCode);
+            }
+            catch (OperationCanceledException)
+            {
+                throw new McpException("Authorization timed out after 5 minutes.", McpErrorCode.InvalidRequest);
+            }
+            finally
+            {
+                // Ensure the listener is stopped when we're done
+                listener.Stop();
+            }
+        };
+    }
 }

src/ModelContextProtocol/Protocol/Auth/ClientRegistrationResponse.cs

@@ -5,7 +5,7 @@ namespace ModelContextProtocol.Protocol.Auth;
 /// <summary>
 /// Represents the OAuth 2.0 client registration response as defined in RFC 7591.
 /// </summary>
-internal class ClientRegistrationResponse
+public class ClientRegistrationResponse
 {
     /// <summary>
     /// Gets or sets the OAuth 2.0 client identifier string.

src/ModelContextProtocol/Protocol/Auth/ResourceMetadata.cs

@@ -5,7 +5,7 @@ namespace ModelContextProtocol.Protocol.Auth;
 /// <summary>
 /// Represents the resource metadata from the WWW-Authenticate header in a 401 Unauthorized response.
 /// </summary>
-internal class ResourceMetadata
+public class ResourceMetadata
 {
     /// <summary>
     /// Gets or sets the resource identifier URI.

src/ModelContextProtocol/Protocol/Auth/TokenResponse.cs

@@ -5,7 +5,7 @@ namespace ModelContextProtocol.Protocol.Auth;
 /// <summary>
 /// Represents the OAuth 2.0 token response as defined in RFC 6749.
 /// </summary>
-internal class TokenResponse
+public class TokenResponse
 {
     /// <summary>
     /// Gets or sets the access token issued by the authorization server.