Organize things better

Author: localden

src/ModelContextProtocol.AspNetCore/Auth/ResourceMetadataService.cs

@@ -1,5 +1,5 @@
 using Microsoft.AspNetCore.Http;
-using ModelContextProtocol.Auth;
+using ModelContextProtocol.Auth.Types;
 using ModelContextProtocol.Utils.Json;
 
 namespace ModelContextProtocol.AspNetCore.Auth;

src/ModelContextProtocol.AspNetCore/HttpMcpServerBuilderExtensions.cs

@@ -1,7 +1,7 @@
 using Microsoft.Extensions.DependencyInjection.Extensions;
 using ModelContextProtocol.AspNetCore;
 using ModelContextProtocol.AspNetCore.Auth;
-using ModelContextProtocol.Auth;
+using ModelContextProtocol.Auth.Types;
 using ModelContextProtocol.Server;
 
 namespace Microsoft.Extensions.DependencyInjection;

src/ModelContextProtocol/Auth/McpClientExtensions.cs

@@ -1,5 +1,6 @@
 using System.Net.Http.Headers;
 using System.Collections.Concurrent;
+using ModelContextProtocol.Auth.Types;
 
 namespace ModelContextProtocol.Auth;
 

src/ModelContextProtocol/Auth/OAuthAuthenticationService.cs

@@ -3,6 +3,7 @@
 using System.Security.Cryptography;
 using System.Text;
 using System.Text.Json;
+using ModelContextProtocol.Auth.Types;
 using ModelContextProtocol.Utils.Json;
 
 namespace ModelContextProtocol.Auth;
@@ -116,37 +117,6 @@ public async Task<OAuthToken> HandleAuthenticationAsync(
         return tokenResponse;
     }
 
-    /// <summary>
-    /// Handles the exchange of an authorization code for an OAuth token.
-    /// </summary>
-    /// <param name="tokenEndpoint">The token endpoint URI.</param>
-    /// <param name="clientId">The client ID.</param>
-    /// <param name="clientSecret">The client secret, if any.</param>
-    /// <param name="redirectUri">The redirect URI used in the authorization request.</param>
-    /// <param name="authorizationCode">The authorization code received from the authorization server.</param>
-    /// <param name="codeVerifier">The PKCE code verifier.</param>
-    /// <param name="cancellationToken">A cancellation token to cancel the operation.</param>
-    /// <returns>The OAuth token response.</returns>
-    public async Task<OAuthToken> HandleAuthorizationCodeAsync(
-        Uri tokenEndpoint,
-        string clientId,
-        string? clientSecret,
-        Uri redirectUri,
-        string authorizationCode,
-        string codeVerifier,
-        CancellationToken cancellationToken = default)
-    {
-        // Simply call our private implementation
-        return await ExchangeAuthorizationCodeForTokenAsync(
-            tokenEndpoint,
-            clientId,
-            clientSecret,
-            redirectUri,
-            authorizationCode,
-            codeVerifier,
-            cancellationToken);
-    }
-    
     private Uri? ExtractResourceMetadataUri(string wwwAuthenticateHeader)
     {
         if (string.IsNullOrEmpty(wwwAuthenticateHeader))
@@ -387,25 +357,14 @@ private string GenerateRandomString(int length)
             .Substring(0, length);
     }
 
-    /// <summary>
-    /// Exchanges an authorization code for an OAuth token.
-    /// </summary>
-    /// <param name="tokenEndpoint">The token endpoint URI.</param>
-    /// <param name="clientId">The client ID.</param>
-    /// <param name="clientSecret">The client secret, if any.</param>
-    /// <param name="redirectUri">The redirect URI used in the authorization request.</param>
-    /// <param name="authorizationCode">The authorization code received from the authorization server.</param>
-    /// <param name="codeVerifier">The PKCE code verifier.</param>
-    /// <param name="cancellationToken">A cancellation token to cancel the operation.</param>
-    /// <returns>The OAuth token response.</returns>
+    // This method would be used in a real implementation after receiving the authorization code
     private async Task<OAuthToken> ExchangeAuthorizationCodeForTokenAsync(
         Uri tokenEndpoint,
         string clientId,
         string? clientSecret,
         Uri redirectUri,
         string authorizationCode,
-        string codeVerifier,
-        CancellationToken cancellationToken = default)
+        string codeVerifier)
     {
         var tokenRequest = new Dictionary<string, string>
         {
@@ -423,21 +382,18 @@ private async Task<OAuthToken> ExchangeAuthorizationCodeForTokenAsync(
         {
             // Add client authentication if secret is available
             var authValue = Convert.ToBase64String(Encoding.UTF8.GetBytes($"{clientId}:{clientSecret}"));
-            using var request = new HttpRequestMessage(HttpMethod.Post, tokenEndpoint)
-            {
-                Content = requestContent
-            };
-            request.Headers.Authorization = new AuthenticationHeaderValue("Basic", authValue);
-            response = await _httpClient.SendAsync(request, cancellationToken);
+            _httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", authValue);
+            response = await _httpClient.PostAsync(tokenEndpoint, requestContent);
+            _httpClient.DefaultRequestHeaders.Authorization = null;
         }
         else
         {
-            response = await _httpClient.PostAsync(tokenEndpoint, requestContent, cancellationToken);
+            response = await _httpClient.PostAsync(tokenEndpoint, requestContent);
         }
 
         response.EnsureSuccessStatusCode();
 
-        var json = await response.Content.ReadAsStringAsync(cancellationToken);
+        var json = await response.Content.ReadAsStringAsync();
         var tokenResponse = JsonSerializer.Deserialize(json, McpJsonUtilities.DefaultOptions.GetTypeInfo<OAuthToken>());
         if (tokenResponse == null)
         {

src/ModelContextProtocol/Auth/OAuthAuthorizationHelpers.cs

@@ -7,6 +7,7 @@
 using System.Text.Json;
 using System.Threading;
 using System.Threading.Tasks;
+using ModelContextProtocol.Auth.Types;
 using ModelContextProtocol.Utils.Json;
 
 namespace ModelContextProtocol.Auth;
@@ -163,6 +164,66 @@ public static Func<Uri, Task<string>> CreateHttpListenerCallback(
         };
     }
 
+    /// <summary>
+    /// Exchanges an authorization code for an OAuth token.
+    /// </summary>
+    /// <param name="tokenEndpoint">The token endpoint URI.</param>
+    /// <param name="clientId">The client ID.</param>
+    /// <param name="clientSecret">The client secret, if any.</param>
+    /// <param name="redirectUri">The redirect URI used in the authorization request.</param>
+    /// <param name="authorizationCode">The authorization code received from the authorization server.</param>
+    /// <param name="codeVerifier">The PKCE code verifier.</param>
+    /// <param name="cancellationToken">A cancellation token to cancel the operation.</param>
+    /// <returns>The OAuth token response.</returns>
+    public static async Task<OAuthToken> ExchangeAuthorizationCodeForTokenAsync(
+        Uri tokenEndpoint,
+        string clientId,
+        string? clientSecret,
+        Uri redirectUri,
+        string authorizationCode,
+        string codeVerifier,
+        CancellationToken cancellationToken = default)
+    {
+        var tokenRequest = new Dictionary<string, string>
+        {
+            ["grant_type"] = "authorization_code",
+            ["code"] = authorizationCode,
+            ["redirect_uri"] = redirectUri.ToString(),
+            ["client_id"] = clientId,
+            ["code_verifier"] = codeVerifier
+        };
+        
+        var requestContent = new FormUrlEncodedContent(tokenRequest);
+        
+        HttpResponseMessage response;
+        if (!string.IsNullOrEmpty(clientSecret))
+        {
+            // Add client authentication if secret is available
+            var authValue = Convert.ToBase64String(Encoding.UTF8.GetBytes($"{clientId}:{clientSecret}"));
+            using var request = new HttpRequestMessage(HttpMethod.Post, tokenEndpoint)
+            {
+                Content = requestContent
+            };
+            request.Headers.Authorization = new AuthenticationHeaderValue("Basic", authValue);
+            response = await _httpClient.SendAsync(request, cancellationToken);
+        }
+        else
+        {
+            response = await _httpClient.PostAsync(tokenEndpoint, requestContent, cancellationToken);
+        }
+        
+        response.EnsureSuccessStatusCode();
+        
+        var json = await response.Content.ReadAsStringAsync(cancellationToken);
+        var tokenResponse = JsonSerializer.Deserialize(json, McpJsonUtilities.DefaultOptions.GetTypeInfo<OAuthToken>());
+        if (tokenResponse == null)
+        {
+            throw new InvalidOperationException("Failed to parse token response.");
+        }
+        
+        return tokenResponse;
+    }
+    
     /// <summary>
     /// Creates a complete OAuth authorization code flow handler that automatically exchanges the code for a token.
     /// </summary>
@@ -189,16 +250,13 @@ public static Func<Uri, Task<OAuthToken>> CreateCompleteOAuthFlowHandler(
     {
         var codeHandler = CreateHttpListenerCallback(openBrowser, hostname, listenPort, redirectPath);
 
-        // Create an OAuth authentication service to handle token exchange
-        var authService = new OAuthAuthenticationService();
-        
         return async (authorizationUri) =>
         {
             // First get the authorization code
             string authorizationCode = await codeHandler(authorizationUri);
 
-            // Let the authentication service handle the token exchange
-            return await authService.HandleAuthorizationCodeAsync(
+            // Then exchange it for a token
+            return await ExchangeAuthorizationCodeForTokenAsync(
                 tokenEndpoint,
                 clientId,
                 clientSecret,

src/ModelContextProtocol/Auth/OAuthDelegatingHandler.cs

@@ -1,3 +1,4 @@
+using ModelContextProtocol.Auth.Types;
 using System.Net;
 using System.Net.Http.Headers;
 

…rotocol/Auth/AuthorizationCodeOptions.cs …l/Auth/Types/AuthorizationCodeOptions.cssrc/ModelContextProtocol/Auth/AuthorizationCodeOptions.cs renamed to src/ModelContextProtocol/Auth/Types/AuthorizationCodeOptions.cs src/ModelContextProtocol/Auth/AuthorizationCodeOptions.cs renamed to src/ModelContextProtocol/Auth/Types/AuthorizationCodeOptions.cs

@@ -1,4 +1,4 @@
-namespace ModelContextProtocol.Auth;
+namespace ModelContextProtocol.Auth.Types;
 
 /// <summary>
 /// Configuration options for the authorization code flow.

…textProtocol/Auth/AuthorizationConfig.cs …otocol/Auth/Types/AuthorizationConfig.cssrc/ModelContextProtocol/Auth/AuthorizationConfig.cs renamed to src/ModelContextProtocol/Auth/Types/AuthorizationConfig.cs src/ModelContextProtocol/Auth/AuthorizationConfig.cs renamed to src/ModelContextProtocol/Auth/Types/AuthorizationConfig.cs

@@ -1,6 +1,6 @@
 using System.Text.Json.Serialization;
 
-namespace ModelContextProtocol.Auth;
+namespace ModelContextProtocol.Auth.Types;
 
 /// <summary>
 /// Represents the client registration request metadata.