Pop the browser open - implement that in the SDK

localden · localden · commit 8b89c2d3f187 · 2025-05-01T23:54:19.000-07:00
diff --git a/samples/SecureWeatherClient/Program.cs b/samples/SecureWeatherClient/Program.cs
@@ -8,22 +8,26 @@ namespace SecureWeatherClient;
 
 class Program
 {
-    // The URI for our OAuth redirect - in a real app, this would be a registered URI or a local server
-    private static readonly Uri RedirectUri = new("http://localhost:1170/oauth-callback");
-
     static async Task Main(string[] args)
     {
         Console.WriteLine("MCP Secure Weather Client with OAuth Authentication");
         Console.WriteLine("==================================================");
         Console.WriteLine();
 
+        // Create the authorization config with HTTP listener
+        var authConfig = new AuthorizationConfig
+        {
+            ClientId = "04f79824-ab56-4511-a7cb-d7deaea92dc0",
+            Scopes = ["User.Read"]
+        }.UseHttpListener(hostname: "localhost", listenPort: 1170);
+
         // Create an HTTP client with OAuth handling
         var oauthHandler = new OAuthDelegatingHandler(
-            clientId: "04f79824-ab56-4511-a7cb-d7deaea92dc0",
-            redirectUri: RedirectUri,
-            clientName: "SecureWeatherClient",
-            scopes: ["weather.read"],
-            authorizationHandler: HandleAuthorizationRequestAsync)
+            redirectUri: authConfig.RedirectUri,
+            clientId: authConfig.ClientId,
+            clientName: authConfig.ClientName,
+            scopes: authConfig.Scopes,
+            authorizationHandler: authConfig.AuthorizationHandler)
         {
             // The OAuth handler needs an inner handler
             InnerHandler = new HttpClientHandler()
@@ -42,6 +46,9 @@ static async Task Main(string[] args)
 
         Console.WriteLine();
         Console.WriteLine($"Connecting to weather server at {serverUrl}...");
+        Console.WriteLine("When prompted for authorization, a browser window will open automatically.");
+        Console.WriteLine("Complete the authentication in the browser, and this application will continue automatically.");
+        Console.WriteLine();
 
         try
         {
@@ -68,6 +75,15 @@ static async Task Main(string[] args)
 
             Console.WriteLine($"Found {tools.Count} tools on the server.");
             Console.WriteLine();
+
+            // Call the protected-data tool which requires authentication
+            if (tools.Any(t => t.Name == "protected-data"))
+            {
+                Console.WriteLine("Calling protected-data tool...");
+                var result = await client.CallToolAsync("protected-data");
+                Console.WriteLine("Result: " + result.Content[0].Text);
+                Console.WriteLine();
+            }
         }
         catch (Exception ex)
         {
@@ -81,29 +97,4 @@ static async Task Main(string[] args)
         Console.WriteLine("Press any key to exit...");
         Console.ReadKey();
     }
-
-    /// <summary>
-    /// Handles the OAuth authorization request by showing the URL to the user and getting the authorization code.
-    /// In a real application, this would launch a browser and listen for the callback.
-    /// </summary>
-    private static Task<string> HandleAuthorizationRequestAsync(Uri authorizationUri)
-    {
-        Console.WriteLine();
-        Console.WriteLine("Authentication Required");
-        Console.WriteLine("======================");
-        Console.WriteLine();
-        Console.WriteLine("Please open the following URL in your browser to authenticate:");
-        Console.WriteLine(authorizationUri);
-        Console.WriteLine();
-        Console.WriteLine("After authentication, you will be redirected to a page with a code.");
-        Console.WriteLine("Please enter the code parameter from the URL:");
-
-        var authorizationCode = Console.ReadLine();
-        if (string.IsNullOrWhiteSpace(authorizationCode))
-        {
-            throw new InvalidOperationException("Authorization code is required.");
-        }
-
-        return Task.FromResult(authorizationCode);
-    }
 }
diff --git a/src/ModelContextProtocol/Auth/AuthorizationConfigExtensions.cs b/src/ModelContextProtocol/Auth/AuthorizationConfigExtensions.cs
@@ -0,0 +1,100 @@
+using System;
+using System.Diagnostics;
+using System.Runtime.InteropServices;
+using System.Threading.Tasks;
+
+namespace ModelContextProtocol.Auth;
+
+/// <summary>
+/// Extension methods for <see cref="AuthorizationConfig"/>.
+/// </summary>
+public static class AuthorizationConfigExtensions
+{
+    /// <summary>
+    /// Configures the authorization config to use an HTTP listener for the OAuth authorization code flow.
+    /// </summary>
+    /// <param name="config">The authorization configuration to modify.</param>
+    /// <param name="openBrowser">Optional function to open a browser. If not provided, a default implementation will be used.</param>
+    /// <param name="hostname">The hostname to listen on. Defaults to "localhost".</param>
+    /// <param name="listenPort">The port to listen on. Defaults to 8888.</param>
+    /// <param name="redirectPath">The redirect path for the HTTP listener. Defaults to "/callback".</param>
+    /// <returns>The modified authorization configuration for chaining.</returns>
+    /// <remarks>
+    /// <para>
+    /// This method configures the authorization configuration to use an HTTP listener for the OAuth
+    /// authorization code flow. When authorization is required, the listener will automatically:
+    /// </para>
+    /// <list type="bullet">
+    ///   <item>Start an HTTP listener on the specified hostname and port</item>
+    ///   <item>Open the user's browser to the authorization URL</item>
+    ///   <item>Wait for the authorization code to be received via the redirect URI</item>
+    ///   <item>Return the authorization code to the SDK to complete the flow</item>
+    /// </list>
+    /// <para>
+    /// This provides a seamless authorization experience without requiring manual user intervention
+    /// to copy/paste authorization codes.
+    /// </para>
+    /// </remarks>
+    public static AuthorizationConfig UseHttpListener(
+        this AuthorizationConfig config,
+        Func<string, Task>? openBrowser = null,
+        string hostname = "localhost",
+        int listenPort = 8888,
+        string redirectPath = "/callback")
+    {
+        // Set the redirect URI
+        config.RedirectUri = new Uri($"http://{hostname}:{listenPort}{redirectPath}");
+        
+        // Use default browser-opening implementation if none provided
+        openBrowser ??= DefaultOpenBrowser;
+        
+        // Configure the handler
+        config.AuthorizationHandler = OAuthAuthorizationHelpers.CreateHttpListenerCallback(
+            openBrowser,
+            hostname,
+            listenPort,
+            redirectPath);
+        
+        return config;
+    }
+    
+    /// <summary>
+    /// Default implementation to open a URL in the default browser.
+    /// </summary>
+    private static Task DefaultOpenBrowser(string url)
+    {
+        try
+        {
+            if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+            {
+                // On Windows, use the built-in Process.Start for URLs
+                Process.Start(new ProcessStartInfo
+                {
+                    FileName = url,
+                    UseShellExecute = true
+                });
+            }
+            else if (RuntimeInformation.IsOSPlatform(OSPlatform.Linux))
+            {
+                // On Linux, use xdg-open
+                Process.Start("xdg-open", url);
+            }
+            else if (RuntimeInformation.IsOSPlatform(OSPlatform.OSX))
+            {
+                // On macOS, use open
+                Process.Start("open", url);
+            }
+            else
+            {
+                // Fallback for other platforms
+                throw new NotSupportedException("Automatic browser opening is not supported on this platform.");
+            }
+            
+            return Task.CompletedTask;
+        }
+        catch (Exception ex)
+        {
+            return Task.FromException(new InvalidOperationException($"Failed to open browser: {ex.Message}", ex));
+        }
+    }
+}
diff --git a/src/ModelContextProtocol/Auth/OAuthAuthorizationHelpers.cs b/src/ModelContextProtocol/Auth/OAuthAuthorizationHelpers.cs
@@ -0,0 +1,158 @@
+using System;
+using System.Net;
+using System.Text;
+using System.Threading;
+using System.Threading.Tasks;
+
+namespace ModelContextProtocol.Auth;
+
+/// <summary>
+/// Provides helper methods for handling OAuth authorization.
+/// </summary>
+public static class OAuthAuthorizationHelpers
+{
+    /// <summary>
+    /// Creates an HTTP listener callback for handling OAuth 2.0 authorization code flow.
+    /// </summary>
+    /// <param name="openBrowser">A function that opens a browser with the given URL.</param>
+    /// <param name="hostname">The hostname to listen on. Defaults to "localhost".</param>
+    /// <param name="listenPort">The port to listen on. Defaults to 8888.</param>
+    /// <param name="redirectPath">The redirect path for the HTTP listener. Defaults to "/callback".</param>
+    /// <returns>
+    /// A function that takes an authorization URI and returns a task that resolves to the authorization code.
+    /// </returns>
+    public static Func<Uri, Task<string>> CreateHttpListenerCallback(
+        Func<string, Task> openBrowser,
+        string hostname = "localhost",
+        int listenPort = 8888,
+        string redirectPath = "/callback")
+    {
+        return async (Uri authorizationUri) =>
+        {
+            string redirectUri = $"http://{hostname}:{listenPort}{redirectPath}";
+            
+            // Add the redirect_uri parameter to the authorization URI if it's not already present
+            string authUrl = authorizationUri.ToString();
+            if (!authUrl.Contains("redirect_uri="))
+            {
+                var separator = authUrl.Contains("?") ? "&" : "?";
+                authUrl = $"{authUrl}{separator}redirect_uri={WebUtility.UrlEncode(redirectUri)}";
+            }
+            
+            var authCodeTcs = new TaskCompletionSource<string>();
+            
+            // Ensure the path has a trailing slash for the HttpListener prefix
+            string listenerPrefix = $"http://{hostname}:{listenPort}{redirectPath}";
+            if (!listenerPrefix.EndsWith("/"))
+            {
+                listenerPrefix += "/";
+            }
+
+            using var listener = new HttpListener();
+            listener.Prefixes.Add(listenerPrefix);
+            
+            // Start the listener BEFORE opening the browser
+            try
+            {
+                listener.Start();
+            }
+            catch (HttpListenerException ex)
+            {
+                throw new InvalidOperationException($"Failed to start HTTP listener on {listenerPrefix}: {ex.Message}");
+            }
+
+            // Create a cancellation token source with a timeout
+            using var cts = new CancellationTokenSource(TimeSpan.FromMinutes(5));
+            
+            _ = Task.Run(async () =>
+            {
+                try
+                {
+                    // GetContextAsync doesn't accept a cancellation token, so we need to handle cancellation manually
+                    var contextTask = listener.GetContextAsync();
+                    var completedTask = await Task.WhenAny(contextTask, Task.Delay(Timeout.Infinite, cts.Token));
+                    
+                    if (completedTask == contextTask)
+                    {
+                        var context = await contextTask;
+                        var request = context.Request;
+                        var response = context.Response;
+
+                        string? code = request.QueryString["code"];
+                        string? error = request.QueryString["error"];
+                        string html;
+                        string? resultCode = null;
+
+                        if (!string.IsNullOrEmpty(error))
+                        {
+                            html = $"<html><body><h1>Authorization Failed</h1><p>Error: {WebUtility.HtmlEncode(error)}</p></body></html>";
+                        }
+                        else if (string.IsNullOrEmpty(code))
+                        {
+                            html = "<html><body><h1>Authorization Failed</h1><p>No authorization code received.</p></body></html>";
+                        }
+                        else
+                        {
+                            html = "<html><body><h1>Authorization Successful</h1><p>You may now close this window.</p></body></html>";
+                            resultCode = code;
+                        }
+
+                        try
+                        {
+                            // Send response to browser
+                            byte[] buffer = Encoding.UTF8.GetBytes(html);
+                            response.ContentType = "text/html";
+                            response.ContentLength64 = buffer.Length;
+                            response.OutputStream.Write(buffer, 0, buffer.Length);
+                            
+                            // IMPORTANT: Explicitly close the response to ensure it's fully sent
+                            response.Close();
+                            
+                            // Now that we've finished processing the browser response,
+                            // we can safely signal completion or failure with the auth code
+                            if (resultCode != null)
+                            {
+                                authCodeTcs.TrySetResult(resultCode);
+                            }
+                            else if (!string.IsNullOrEmpty(error))
+                            {
+                                authCodeTcs.TrySetException(new InvalidOperationException($"Authorization failed: {error}"));
+                            }
+                            else
+                            {
+                                authCodeTcs.TrySetException(new InvalidOperationException("No authorization code received"));
+                            }
+                        }
+                        catch (Exception ex)
+                        {
+                            authCodeTcs.TrySetException(new InvalidOperationException($"Error processing browser response: {ex.Message}"));
+                        }
+                    }
+                }
+                catch (Exception ex)
+                {
+                    authCodeTcs.TrySetException(ex);
+                }
+            });
+
+            // Now open the browser AFTER the listener is started
+            await openBrowser(authUrl);
+
+            try
+            {
+                // Use a timeout to avoid hanging indefinitely
+                string authCode = await authCodeTcs.Task.WaitAsync(cts.Token);
+                return authCode;
+            }
+            catch (OperationCanceledException)
+            {
+                throw new InvalidOperationException("Authorization timed out after 5 minutes.");
+            }
+            finally
+            {
+                // Ensure the listener is stopped when we're done
+                listener.Stop();
+            }
+        };
+    }
+}
