Add TestOAuthServer

Author: halter73

ModelContextProtocol.slnx

@@ -35,6 +35,7 @@
   </Folder>
   <Folder Name="/tests/">
     <Project Path="tests/ModelContextProtocol.AspNetCore.Tests/ModelContextProtocol.AspNetCore.Tests.csproj" />
+    <Project Path="tests/ModelContextProtocol.TestOAuthServer/ModelContextProtocol.TestOAuthServer.csproj" />
     <Project Path="tests/ModelContextProtocol.Tests/ModelContextProtocol.Tests.csproj" />
     <Project Path="tests/ModelContextProtocol.TestServer/ModelContextProtocol.TestServer.csproj" />
     <Project Path="tests/ModelContextProtocol.TestSseServer/ModelContextProtocol.TestSseServer.csproj" />

samples/ProtectedMCPClient/Program.cs

@@ -7,7 +7,7 @@
 using System.Text;
 using System.Web;
 
-Console.WriteLine("Protected MCP Weather Server");
+Console.WriteLine("Protected MCP Client");
 Console.WriteLine();
 
 var serverUrl = "http://localhost:7071/";
@@ -30,7 +30,9 @@
 var tokenProvider = new GenericOAuthProvider(
     new Uri(serverUrl),
     httpClient,
-    clientId: clientId,
+    //clientId: clientId,
+    clientId: "demo-client",
+    clientSecret: "demo-secret",
     redirectUri: new Uri("http://localhost:1179/callback"),
     authorizationRedirectDelegate: HandleAuthorizationUrlAsync,
     loggerFactory: consoleLoggerFactory);
@@ -169,5 +171,6 @@ static void OpenBrowser(Uri url)
     catch (Exception ex)
     {
         Console.WriteLine($"Error opening browser. {ex.Message}");
+        Console.WriteLine($"Please manually open this URL: {url}");
     }
 }

samples/ProtectedMCPServer/Program.cs

@@ -8,10 +8,9 @@
 
 var builder = WebApplication.CreateBuilder(args);
 
-var serverUrl = "http://localhost:7071/";
-var tenantId = builder.Configuration["TenantId"];
-var clientId = builder.Configuration["ClientId"];
-var instance = "https://login.microsoftonline.com/";
+var serverUrl = "http://localhost:7071";
+var inMemoryOAuthServerUrl = "https://localhost:7029";
+var demoClientId = "demo-client";
 
 builder.Services.AddAuthentication(options =>
 {
@@ -20,21 +19,20 @@
 })
 .AddJwtBearer(options =>
 {
-    options.Authority = $"{instance}{tenantId}/v2.0";
+    // Configure to validate tokens from our in-memory OAuth server
+    options.Authority = inMemoryOAuthServerUrl;
     options.TokenValidationParameters = new TokenValidationParameters
     {
         ValidateIssuer = true,
         ValidateAudience = true,
         ValidateLifetime = true,
         ValidateIssuerSigningKey = true,
-        ValidAudience = clientId,
-        ValidIssuer = $"{instance}{tenantId}/v2.0",
+        ValidAudience = demoClientId,
+        ValidIssuer = inMemoryOAuthServerUrl,
         NameClaimType = "name",
         RoleClaimType = "roles"
     };
 
-    options.MetadataAddress = $"{instance}{tenantId}/v2.0/.well-known/openid-configuration";
-
     options.Events = new JwtBearerEvents
     {
         OnTokenValidated = context =>
@@ -62,14 +60,14 @@
     {
         var metadata = new ProtectedResourceMetadata
         {
-            Resource = new Uri("http://localhost:7071/"),
+            Resource = new Uri(serverUrl),
             BearerMethodsSupported = { "header" },
             ResourceDocumentation = new Uri("https://docs.example.com/api/weather"),
-            AuthorizationServers = { new Uri($"{instance}{tenantId}/v2.0") }
+            AuthorizationServers = { new Uri(inMemoryOAuthServerUrl) }
         };
 
         metadata.ScopesSupported.AddRange([
-            $"api://{clientId}/weather.read"
+            "mcp:tools"
         ]);
 
         return metadata;
@@ -99,7 +97,9 @@
 app.MapMcp().RequireAuthorization();
 
 Console.WriteLine($"Starting MCP server with authorization at {serverUrl}");
-Console.WriteLine($"PRM Document URL: {serverUrl}.well-known/oauth-protected-resource");
+Console.WriteLine($"Using in-memory OAuth server at {inMemoryOAuthServerUrl}");
+Console.WriteLine($"Protected Resource Metadata URL: {serverUrl}.well-known/oauth-protected-resource");
+Console.WriteLine($"Demo Client ID: {demoClientId}");
 Console.WriteLine("Press Ctrl+C to stop the server");
 
 app.Run(serverUrl);

samples/ProtectedMCPServer/Properties/launchSettings.json

@@ -6,7 +6,7 @@
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development"
       },
-      "applicationUrl": "https://localhost:55598;http://localhost:55599"
+      "applicationUrl": "http://localhost:7029"
     }
   }
 }

tests/ModelContextProtocol.AspNetCore.Tests/AuthTests.cs

@@ -0,0 +1,134 @@
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.WebUtilities;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.IdentityModel.Tokens;
+using ModelContextProtocol.AspNetCore.Authentication;
+using ModelContextProtocol.AspNetCore.Tests.Utils;
+using ModelContextProtocol.Authentication;
+using ModelContextProtocol.Client;
+using System.Net;
+
+namespace ModelContextProtocol.AspNetCore.Tests;
+
+public class AuthTests : KestrelInMemoryTest, IAsyncDisposable
+{
+    private const string McpServerUrl = "http://localhost:5000";
+    private const string OAuthServerUrl = "https://localhost:7029";
+    private const string ClientId = "demo-client";
+
+    private readonly CancellationTokenSource _testCts = new();
+    private readonly Task _oAuthRunTask;
+
+    public AuthTests(ITestOutputHelper outputHelper)
+        : base(outputHelper)
+    {
+        SocketsHttpHandler.AllowAutoRedirect = false;
+
+        var oAuthServerProgram = new TestOAuthServer.Program(XunitLoggerProvider, KestrelInMemoryTransport);
+        _oAuthRunTask = oAuthServerProgram.RunServerAsync(cancellationToken: _testCts.Token);
+
+        Builder.Services.AddAuthentication(options =>
+        {
+            options.DefaultChallengeScheme = McpAuthenticationDefaults.AuthenticationScheme;
+            options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
+        })
+        .AddJwtBearer(options =>
+        {
+            options.Backchannel = HttpClient;
+            options.Authority = OAuthServerUrl;
+            options.TokenValidationParameters = new TokenValidationParameters
+            {
+                ValidateIssuer = true,
+                ValidateAudience = true,
+                ValidateLifetime = true,
+                ValidateIssuerSigningKey = true,
+                ValidAudience = ClientId,
+                ValidIssuer = OAuthServerUrl,
+                NameClaimType = "name",
+                RoleClaimType = "roles"
+            };
+        })
+        .AddMcp(options =>
+        {
+            options.ProtectedResourceMetadataProvider = context =>
+            {
+                var metadata = new ProtectedResourceMetadata
+                {
+                    Resource = new Uri(McpServerUrl),
+                    BearerMethodsSupported = { "header" },
+                    AuthorizationServers = { new Uri(OAuthServerUrl) }
+                };
+
+                metadata.ScopesSupported.AddRange([
+                    "mcp:tools"
+                ]);
+
+                return metadata;
+            };
+        });
+
+        Builder.Services.AddAuthorization();
+    }
+
+    public async ValueTask DisposeAsync()
+    {
+        _testCts.Cancel();
+        try
+        {
+            await _oAuthRunTask;
+        }
+        catch (OperationCanceledException)
+        {
+        }
+        finally
+        {
+            _testCts.Dispose();
+        }
+    }
+
+    [Fact]
+    public async Task CanAuthenticate()
+    {
+        Builder.Services.AddMcpServer().WithHttpTransport();
+
+        await using var app = Builder.Build();
+
+        app.MapMcp().RequireAuthorization();
+
+        await app.StartAsync(TestContext.Current.CancellationToken);
+
+        var tokenProvider = new GenericOAuthProvider(
+            new Uri(McpServerUrl),
+            HttpClient,
+            clientId: "demo-client",
+            clientSecret: "demo-secret",
+            redirectUri: new Uri("http://localhost:1179/callback"),
+            authorizationRedirectDelegate: HandleAuthorizationUrlAsync,
+            loggerFactory: LoggerFactory);
+
+        await using var transport = new SseClientTransport(new SseClientTransportOptions()
+        {
+            Endpoint = new("http://localhost:5000"),
+            CredentialProvider = tokenProvider,
+        }, HttpClient, LoggerFactory);
+
+        await using var client = await McpClientFactory.CreateAsync(
+            transport,  loggerFactory: LoggerFactory, cancellationToken: TestContext.Current.CancellationToken);
+    }
+
+    private async Task<string?> HandleAuthorizationUrlAsync(Uri authorizationUrl, Uri redirectUri, CancellationToken cancellationToken)
+    {
+        var redirectResponse = await HttpClient.GetAsync(authorizationUrl, cancellationToken);
+        Assert.Equal(HttpStatusCode.Redirect, redirectResponse.StatusCode);
+        var location = redirectResponse.Headers.Location;
+
+        if (location is not null && !string.IsNullOrEmpty(location.Query))
+        {
+            var queryParams = QueryHelpers.ParseQuery(location.Query);
+            return queryParams["code"];
+        }
+
+        return null;
+    }
+}

tests/ModelContextProtocol.AspNetCore.Tests/HttpServerIntegrationTests.cs

@@ -118,7 +118,7 @@ public async Task CallTool_EchoSessionId_ReturnsTheSameSessionId()
         Assert.False(result1.IsError);
         Assert.False(result2.IsError);
         Assert.False(result3.IsError);
-        
+
         var textContent1 = Assert.Single(result1.Content.OfType<TextContentBlock>());
         var textContent2 = Assert.Single(result2.Content.OfType<TextContentBlock>());
         var textContent3 = Assert.Single(result3.Content.OfType<TextContentBlock>());
@@ -267,10 +267,10 @@ public async Task Sampling_Sse_TestServer()
 
         // Call the server's sampleLLM tool which should trigger our sampling handler
         var result = await client.CallToolAsync("sampleLLM", new Dictionary<string, object?>
-            {
-                ["prompt"] = "Test prompt",
-                ["maxTokens"] = 100
-            },
+        {
+            ["prompt"] = "Test prompt",
+            ["maxTokens"] = 100
+        },
             cancellationToken: TestContext.Current.CancellationToken);
 
         // assert
@@ -288,7 +288,7 @@ public async Task CallTool_Sse_EchoServer_Concurrently()
         for (int i = 0; i < 4; i++)
         {
             var client = (i % 2 == 0) ? client1 : client2;
-            var result =  await client.CallToolAsync(
+            var result = await client.CallToolAsync(
                 "echo",
                 new Dictionary<string, object?>
                 {

tests/ModelContextProtocol.AspNetCore.Tests/MapMcpSseTests.cs

@@ -20,7 +20,7 @@ public async Task Allows_Customizing_Route(string pattern)
 
         await app.StartAsync(TestContext.Current.CancellationToken);
 
-        using var response = await HttpClient.GetAsync($"http://localhost{pattern}/sse", HttpCompletionOption.ResponseHeadersRead, TestContext.Current.CancellationToken);
+        using var response = await HttpClient.GetAsync($"http://localhost:5000{pattern}/sse", HttpCompletionOption.ResponseHeadersRead, TestContext.Current.CancellationToken);
         response.EnsureSuccessStatusCode();
         using var sseStream = await response.Content.ReadAsStreamAsync(TestContext.Current.CancellationToken);
         using var sseStreamReader = new StreamReader(sseStream, System.Text.Encoding.UTF8);

tests/ModelContextProtocol.AspNetCore.Tests/MapMcpStreamableHttpTests.cs

@@ -56,7 +56,7 @@ public async Task StreamableHttpMode_Works_WithRootEndpoint()
 
         await using var mcpClient = await ConnectAsync("/", new()
         {
-            Endpoint = new Uri("http://localhost/"),
+            Endpoint = new("http://localhost:5000/"),
             TransportMode = HttpTransportMode.AutoDetect
         });
 
@@ -82,7 +82,7 @@ public async Task AutoDetectMode_Works_WithRootEndpoint()
 
         await using var mcpClient = await ConnectAsync("/", new()
         {
-            Endpoint = new Uri("http://localhost/"),
+            Endpoint = new("http://localhost:5000/"),
             TransportMode = HttpTransportMode.AutoDetect
         });
 
@@ -110,7 +110,7 @@ public async Task AutoDetectMode_Works_WithSseEndpoint()
 
         await using var mcpClient = await ConnectAsync("/sse", new()
         {
-            Endpoint = new Uri("http://localhost/sse"),
+            Endpoint = new("http://localhost:5000/sse"),
             TransportMode = HttpTransportMode.AutoDetect
         });
 
@@ -138,7 +138,7 @@ public async Task SseMode_Works_WithSseEndpoint()
 
         await using var mcpClient = await ConnectAsync(transportOptions: new()
         {
-            Endpoint = new Uri("http://localhost/sse"),
+            Endpoint = new("http://localhost:5000/sse"),
             TransportMode = HttpTransportMode.Sse
         });
 

tests/ModelContextProtocol.AspNetCore.Tests/MapMcpTests.cs

@@ -33,7 +33,7 @@ protected async Task<IMcpClient> ConnectAsync(
 
         await using var transport = new SseClientTransport(transportOptions ?? new SseClientTransportOptions()
         {
-            Endpoint = new Uri($"http://localhost{path}"),
+            Endpoint = new Uri($"http://localhost:5000{path}"),
             TransportMode = UseStreamableHttp ? HttpTransportMode.StreamableHttp : HttpTransportMode.Sse,
         }, HttpClient, LoggerFactory);
 

tests/ModelContextProtocol.AspNetCore.Tests/ModelContextProtocol.AspNetCore.Tests.csproj

@@ -34,6 +34,7 @@
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" />
     <PackageReference Include="Microsoft.Extensions.AI" />
     <PackageReference Include="Microsoft.Extensions.AI.OpenAI" />
     <PackageReference Include="Microsoft.Extensions.Logging" />
@@ -56,6 +57,7 @@
     <ProjectReference Include="..\..\src\ModelContextProtocol.Core\ModelContextProtocol.Core.csproj" />
     <ProjectReference Include="..\..\src\ModelContextProtocol.AspNetCore\ModelContextProtocol.AspNetCore.csproj" />
     <ProjectReference Include="..\ModelContextProtocol.TestSseServer\ModelContextProtocol.TestSseServer.csproj" />
+    <ProjectReference Include="..\ModelContextProtocol.TestOAuthServer\ModelContextProtocol.TestOAuthServer.csproj" />
   </ItemGroup>
 
 </Project>