Tweaks to logic

Author: localden

samples/SecureWeatherClient/Program.cs

@@ -10,7 +10,7 @@ namespace SecureWeatherClient;
 class Program
 {
     // The URI for our OAuth redirect - in a real app, this would be a registered URI or a local server
-    private static readonly Uri RedirectUri = new("http://localhost:8888/oauth-callback");
+    private static readonly Uri RedirectUri = new("http://localhost:1170/oauth-callback");
 
     static async Task Main(string[] args)
     {
@@ -20,32 +20,47 @@ static async Task Main(string[] args)
 
         // Create an HTTP client with OAuth handling
         var oauthHandler = new OAuthDelegatingHandler(
+            clientId: "04f79824-ab56-4511-a7cb-d7deaea92dc0",
             redirectUri: RedirectUri,
-            clientName: "SecureWeatherClient", 
-            scopes: new[] { "weather.read" },
-            authorizationHandler: HandleAuthorizationRequestAsync);
+            clientName: "SecureWeatherClient",
+            scopes: ["weather.read"],
+            authorizationHandler: HandleAuthorizationRequestAsync)
+        {
+            // The OAuth handler needs an inner handler
+            InnerHandler = new HttpClientHandler()
+        };
 
         var httpClient = new HttpClient(oauthHandler);
-        var serverUrl = "http://localhost:5000"; // Default server URL
-        
+        var serverUrl = "http://localhost:55598/sse"; // Default server URL
+
         // Allow the user to specify a different server URL
         Console.WriteLine($"Server URL (press Enter for default: {serverUrl}):");
         var userInput = Console.ReadLine();
         if (!string.IsNullOrWhiteSpace(userInput))
         {
             serverUrl = userInput;
         }
-        
+
         Console.WriteLine();
         Console.WriteLine($"Connecting to weather server at {serverUrl}...");
-        
-        // Create an MCP client with the server URL
-        var client = new McpClient(new Uri(serverUrl), httpClient);
 
         try
         {
+            // Create SseClientTransportOptions with the server URL
+            var transportOptions = new SseClientTransportOptions
+            {
+                Endpoint = new Uri(serverUrl),
+                Name = "Secure Weather Client"
+            };
+
+            // Create SseClientTransport with our authenticated HTTP client
+            var transport = new SseClientTransport(transportOptions, httpClient);
+
+            // Create an MCP client using the factory method with our transport
+            var client = await McpClientFactory.CreateAsync(transport);
+
             // Get the list of available tools
-            var tools = await client.GetToolsAsync();
+            var tools = await client.ListToolsAsync();
             if (tools.Count == 0)
             {
                 Console.WriteLine("No tools available on the server.");
@@ -54,55 +69,14 @@ static async Task Main(string[] args)
 
             Console.WriteLine($"Found {tools.Count} tools on the server.");
             Console.WriteLine();
-
-            // Find the weather tool
-            var weatherTool = tools.FirstOrDefault(t => t.Name == "get_weather");
-            if (weatherTool == null)
-            {
-                Console.WriteLine("The server does not provide a weather tool.");
-                return;
-            }
-
-            // Get the weather for different locations
-            string[] locations = { "New York", "London", "Tokyo", "Sydney", "Moscow" };
-
-            foreach (var location in locations)
-            {
-                try
-                {
-                    Console.WriteLine($"Getting weather for {location}...");
-                    var result = await client.InvokeToolAsync(weatherTool.Name, new Dictionary<string, object>
-                    {
-                        ["location"] = location
-                    });
-
-                    if (result.TryGetValue("temperature", out var temperature) &&
-                        result.TryGetValue("conditions", out var conditions) &&
-                        result.TryGetValue("humidity", out var humidity) &&
-                        result.TryGetValue("windSpeed", out var windSpeed))
-                    {
-                        Console.WriteLine($"Weather in {location}:");
-                        Console.WriteLine($"  Temperature: {temperature}°C");
-                        Console.WriteLine($"  Conditions: {conditions}");
-                        Console.WriteLine($"  Humidity: {humidity}%");
-                        Console.WriteLine($"  Wind speed: {windSpeed} km/h");
-                    }
-                    else
-                    {
-                        Console.WriteLine($"Invalid response format for {location}");
-                    }
-                }
-                catch (Exception ex)
-                {
-                    Console.WriteLine($"Error getting weather for {location}: {ex.Message}");
-                }
-
-                Console.WriteLine();
-            }
         }
         catch (Exception ex)
         {
             Console.WriteLine($"Error: {ex.Message}");
+            if (ex.InnerException != null)
+            {
+                Console.WriteLine($"Inner error: {ex.InnerException.Message}");
+            }
         }
 
         Console.WriteLine("Press any key to exit...");
@@ -124,13 +98,13 @@ private static Task<string> HandleAuthorizationRequestAsync(Uri authorizationUri
         Console.WriteLine();
         Console.WriteLine("After authentication, you will be redirected to a page with a code.");
         Console.WriteLine("Please enter the code parameter from the URL:");
-        
+
         var authorizationCode = Console.ReadLine();
         if (string.IsNullOrWhiteSpace(authorizationCode))
         {
             throw new InvalidOperationException("Authorization code is required.");
         }
-        
+
         return Task.FromResult(authorizationCode);
     }
 }

samples/SecureWeatherServer/Program.cs

@@ -1,33 +1,132 @@
-using SecureWeatherServer.Tools;
-using System.Net.Http.Headers;
+using ModelContextProtocol.AspNetCore;
+using ModelContextProtocol.Protocol.Types;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
 
 var builder = WebApplication.CreateBuilder(args);
 
-builder.Services.AddMcpServer()
-    .WithHttpTransport()
-    .WithTools<WeatherTools>()
-    .WithAuthorization(metadata =>
+// Configure MCP Server
+builder.Services.AddMcpServer(options =>
+{
+    options.ServerInstructions = "This is an MCP server with OAuth authorization enabled.";
+
+    // Configure regular server capabilities like tools, prompts, resources
+    options.Capabilities = new()
+    {
+        Tools = new()
+        {
+            // Simple Echo tool
+            CallToolHandler = (request, cancellationToken) =>
+            {
+                if (request.Params?.Name == "echo")
+                {
+                    if (request.Params.Arguments?.TryGetValue("message", out var message) is not true)
+                    {
+                        throw new Exception("It happens.");
+                    }
+
+                    return new ValueTask<CallToolResponse>(new CallToolResponse()
+                    {
+                        Content = [new Content() { Text = $"Echo: {message}", Type = "text" }]
+                    });
+                }
+
+                // Protected tool that requires authorization
+                if (request.Params?.Name == "protected-data")
+                {
+                    // This tool will only be accessible to authenticated clients
+                    return new ValueTask<CallToolResponse>(new CallToolResponse()
+                    {
+                        Content = [new Content() { Text = "This is protected data that only authorized clients can access" }]
+                    });
+                }
+
+                throw new Exception("It happens.");
+            },
+
+            ListToolsHandler = async (_, _) => new()
+            {
+                Tools =
+                [
+                    new()
+                    {
+                        Name = "echo",
+                        Description = "Echoes back the message you send"
+                    },
+                    new()
+                    {
+                        Name = "protected-data",
+                        Description = "Returns protected data that requires authorization"
+                    }
+                ]
+            }
+        }
+    };
+})
+.WithHttpTransport()
+.WithAuthorization(metadata => 
+{
+    // Configure the OAuth metadata for this server
+    metadata.AuthorizationServers.Add(new Uri("https://auth.example.com"));
+
+    // Define the scopes this server supports
+    metadata.ScopesSupported.AddRange(["weather.read", "weather.write"]);
+    
+    // Add optional documentation
+    metadata.ResourceDocumentation = new Uri("https://docs.example.com/api/weather");
+});
+
+// Configure authentication
+builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
+    .AddJwtBearer(options =>
     {
-        metadata.AuthorizationServers.Add(new Uri("https://auth.example.com"));
-        metadata.ScopesSupported.AddRange(["weather.read", "weather.write"]);
-        metadata.ResourceDocumentation = new Uri("https://docs.example.com/api/weather");
+        // In a real app, you would configure proper JWT validation
+        options.Events = new JwtBearerEvents
+        {
+            OnMessageReceived = context =>
+            {
+                // Simple demo authentication - in a real app, use proper JWT validation
+                var token = context.Request.Headers.Authorization.ToString().Replace("Bearer ", "");
+                if (token == "valid_token")
+                {
+                    // For demo purposes, simulate successful auth with a valid token
+                    context.Success();
+                }
+                return Task.CompletedTask;
+            }
+        };
     });
 
-builder.Services.AddSingleton(_ =>
+// Add authorization policy for MCP
+builder.Services.AddAuthorization(options =>
 {
-    var client = new HttpClient() { BaseAddress = new Uri("https://api.weather.gov") };
-    client.DefaultRequestHeaders.UserAgent.Add(new ProductInfoHeaderValue("weather-tool", "1.0"));
-    return client;
+    options.AddPolicy("McpAuth", policy =>
+    {
+        policy.RequireAuthenticatedUser();
+        policy.RequireClaim("scope", "weather.read");
+    });
 });
 
 var app = builder.Build();
 
-app.UseCors(policy => policy
-    .AllowAnyOrigin()
-    .AllowAnyMethod()
-    .AllowAnyHeader());
-
+// Set up the middleware pipeline
 app.UseAuthentication();
 app.UseAuthorization();
 
-app.Run();
+// Map MCP endpoints with authorization
+app.MapMcp();
+
+// Configure the server URL
+app.Urls.Add("http://localhost:7071");
+
+Console.WriteLine("Starting MCP server with authorization at http://localhost:7071");
+Console.WriteLine("PRM Document URL: http://localhost:7071/.well-known/oauth-protected-resource");
+
+Console.WriteLine();
+Console.WriteLine("To test the server:");
+Console.WriteLine("1. Use an MCP client that supports authorization");
+Console.WriteLine("2. When prompted for authorization, enter 'valid_token' to gain access");
+Console.WriteLine("3. Any other token value will be rejected with a 401 Unauthorized");
+Console.WriteLine();
+Console.WriteLine("Press Ctrl+C to stop the server");
+
+await app.RunAsync();

samples/SecureWeatherServer/SecureWeatherServer.csproj

@@ -2,7 +2,7 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
-    <TargetFramework>net8.0</TargetFramework>
+    <TargetFramework>net9.0</TargetFramework>
     <Nullable>enable</Nullable>
     <ImplicitUsings>enable</ImplicitUsings>
   </PropertyGroup>

src/ModelContextProtocol/Auth/AuthorizationCodeOptions.cs

@@ -0,0 +1,47 @@
+namespace ModelContextProtocol.Auth;
+
+/// <summary>
+/// Configuration options for the authorization code flow.
+/// </summary>
+public class AuthorizationCodeOptions
+{
+    /// <summary>
+    /// The client ID.
+    /// </summary>
+    public string ClientId { get; set; } = string.Empty;
+    
+    /// <summary>
+    /// The client secret.
+    /// </summary>
+    public string? ClientSecret { get; set; }
+    
+    /// <summary>
+    /// The redirect URI.
+    /// </summary>
+    public Uri RedirectUri { get; set; } = null!;
+    
+    /// <summary>
+    /// The authorization endpoint.
+    /// </summary>
+    public Uri AuthorizationEndpoint { get; set; } = null!;
+    
+    /// <summary>
+    /// The token endpoint.
+    /// </summary>
+    public Uri TokenEndpoint { get; set; } = null!;
+    
+    /// <summary>
+    /// The scope to request.
+    /// </summary>
+    public string? Scope { get; set; }
+    
+    /// <summary>
+    /// PKCE values for the authorization flow.
+    /// </summary>
+    public PkceUtility.PkceValues PkceValues { get; set; } = null!;
+    
+    /// <summary>
+    /// A state value to protect against CSRF attacks.
+    /// </summary>
+    public string State { get; set; } = string.Empty;
+}

src/ModelContextProtocol/Auth/AuthorizationConfig.cs

@@ -0,0 +1,32 @@
+namespace ModelContextProtocol.Auth;
+
+/// <summary>
+/// Configuration for OAuth authorization.
+/// </summary>
+public class AuthorizationConfig
+{
+    /// <summary>
+    /// The URI to redirect to after authentication.
+    /// </summary>
+    public Uri RedirectUri { get; set; } = null!;
+    
+    /// <summary>
+    /// The client ID to use for authentication, or null to register a new client.
+    /// </summary>
+    public string? ClientId { get; set; }
+    
+    /// <summary>
+    /// The client name to use for registration.
+    /// </summary>
+    public string? ClientName { get; set; }
+    
+    /// <summary>
+    /// The requested scopes.
+    /// </summary>
+    public IEnumerable<string>? Scopes { get; set; }
+    
+    /// <summary>
+    /// The handler to invoke when authorization is required.
+    /// </summary>
+    public Func<Uri, Task<string>>? AuthorizationHandler { get; set; }
+}