URL check

Author: localden

samples/ProtectedMCPClient/BasicOAuthAuthorizationProvider.cs

@@ -239,6 +239,12 @@ public BasicOAuthAuthorizationProvider(
 
     private Uri BuildAuthorizationUrl(AuthorizationServerMetadata authServerMetadata, string codeChallenge)
     {
+        if (authServerMetadata.AuthorizationEndpoint.Scheme != Uri.UriSchemeHttp &&
+            authServerMetadata.AuthorizationEndpoint.Scheme != Uri.UriSchemeHttps)
+        {
+            throw new ArgumentException("AuthorizationEndpoint must use HTTP or HTTPS.", nameof(authServerMetadata));
+        }
+
         var queryParams = HttpUtility.ParseQueryString(string.Empty);
         queryParams["client_id"] = _clientId;
         queryParams["redirect_uri"] = _redirectUri.ToString();