Update McpAuthenticationOptions.cs

Author: localden

src/ModelContextProtocol.AspNetCore/Authentication/McpAuthenticationOptions.cs

@@ -9,18 +9,21 @@ namespace ModelContextProtocol.AspNetCore.Authentication;
 /// </summary>
 public class McpAuthenticationOptions : AuthenticationSchemeOptions
 {
-    private static readonly Uri DefaultResourceMetadataUri = new("/.well-known/oauth-protected-resource", UriKind.Relative);
+    private static readonly Uri DefaultResourceMetadataUri = new("/.well-known/oauth-protected-resource", UriKind.Relative);   
+   
     private Func<HttpContext, ProtectedResourceMetadata>? _resourceMetadataProvider;
-    private ProtectedResourceMetadata _resourceMetadata;
 
-    /// <summary>
+    private ProtectedResourceMetadata? _resourceMetadata;    /// <summary>
     /// Initializes a new instance of the <see cref="McpAuthenticationOptions"/> class.
     /// </summary>
+    /// <remarks>
+    /// After creating an instance, you must set the ResourceMetadata property or use the 
+    /// UseStaticResourceMetadata method to provide a valid resource URI before using this options instance.
+    /// </remarks>
     public McpAuthenticationOptions()
     {
         base.ForwardAuthenticate = "Bearer";
         ResourceMetadataUri = DefaultResourceMetadataUri;
-        _resourceMetadata = new ProtectedResourceMetadata() { Resource = new Uri("http://localhost") };
         Events = new McpAuthenticationEvents();
     }
 
@@ -39,8 +42,8 @@ public McpAuthenticationOptions()
     /// <remarks>
     /// This URI will be included in the WWW-Authenticate header when a 401 response is returned.
     /// </remarks>
-    public Uri ResourceMetadataUri { get; set; }
-
+    public Uri ResourceMetadataUri { get; set; }    
+    
     /// <summary>
     /// Gets or sets the static protected resource metadata.
     /// </summary>
@@ -50,17 +53,26 @@ public McpAuthenticationOptions()
     /// Setting this property will automatically update the <see cref="ProtectedResourceMetadataProvider"/> 
     /// to return this static instance.
     /// </remarks>
+    /// <exception cref="ArgumentNullException">Thrown when trying to set a null value.</exception>
+    /// <exception cref="ArgumentException">Thrown when the Resource property of the metadata is null.</exception>
     public ProtectedResourceMetadata ResourceMetadata
     {
-        get => _resourceMetadata;
+        get => _resourceMetadata ?? throw new InvalidOperationException(
+            "ResourceMetadata has not been configured. Use ResourceMetadata property setter or UseStaticResourceMetadata method to provide a valid resource URI.");
         set
         {
-            _resourceMetadata = value ?? new ProtectedResourceMetadata() { Resource = new Uri("http://localhost") };
+            ArgumentNullException.ThrowIfNull(value);
+            if (value.Resource == null)
+            {
+                throw new ArgumentException("The Resource property of the metadata cannot be null. A valid resource URI is required.", nameof(value));
+            }
+            
+            _resourceMetadata = value;
             // When static metadata is set, update the provider to use it
             _resourceMetadataProvider = _ => _resourceMetadata;
         }
-    }
-
+    }    
+    
     /// <summary>
     /// Gets or sets a delegate that dynamically provides resource metadata based on the HTTP context.
     /// </summary>
@@ -72,9 +84,9 @@ public ProtectedResourceMetadata ResourceMetadata
     public Func<HttpContext, ProtectedResourceMetadata>? ProtectedResourceMetadataProvider
     {
         get => _resourceMetadataProvider;
-        set => _resourceMetadataProvider = value ?? (_ => _resourceMetadata);
-    }
-
+        set => _resourceMetadataProvider = value;
+    }    
+    
     /// <summary>
     /// Sets a static resource metadata instance that will be returned for all requests.
     /// </summary>
@@ -83,9 +95,17 @@ public Func<HttpContext, ProtectedResourceMetadata>? ProtectedResourceMetadataPr
     /// <remarks>
     /// This is a convenience method equivalent to setting the <see cref="ResourceMetadata"/> property.
     /// </remarks>
+    /// <exception cref="ArgumentNullException">Thrown when metadata is null.</exception>
+    /// <exception cref="ArgumentException">Thrown when the Resource property of the metadata is null.</exception>
     public McpAuthenticationOptions UseStaticResourceMetadata(ProtectedResourceMetadata metadata)
     {
-        ResourceMetadata = metadata ?? new ProtectedResourceMetadata() { Resource = new Uri("http://localhost") };
+        ArgumentNullException.ThrowIfNull(metadata);
+        if (metadata.Resource == null)
+        {
+            throw new ArgumentException("The Resource property of the metadata cannot be null. A valid resource URI is required.", nameof(metadata));
+        }
+        
+        ResourceMetadata = metadata;
         return this;
     }
 
@@ -101,19 +121,21 @@ public McpAuthenticationOptions UseDynamicResourceMetadata(Func<HttpContext, Pro
     {
         ProtectedResourceMetadataProvider = provider ?? throw new ArgumentNullException(nameof(provider));
         return this;
-    }
-
+    }    
+    
     /// <summary>
     /// Gets the resource metadata for the current request.
     /// </summary>
     /// <param name="context">The HTTP context for the current request.</param>
     /// <returns>The resource metadata to use for the current request.</returns>
+    /// <exception cref="InvalidOperationException">Thrown when no resource metadata has been configured.</exception>
     internal ProtectedResourceMetadata GetResourceMetadata(HttpContext context)
     {
         var provider = _resourceMetadataProvider;
 
         return provider != null
             ? provider(context)
-            : _resourceMetadata;
+            : _resourceMetadata ?? throw new InvalidOperationException(
+                "ResourceMetadata has not been configured. Use ResourceMetadata property setter or UseStaticResourceMetadata method to provide a valid resource URI.");
     }
 }