Tinkering with test logic

localden · localden · commit ecc40ab87980 · 2025-04-23T16:57:05.000-07:00
diff --git a/samples/AuthorizationExample/Program.cs b/samples/AuthorizationExample/Program.cs
@@ -12,7 +12,7 @@ public class Program
     public static async Task Main(string[] args)
     {
         // Define the MCP server endpoint that requires OAuth authentication
-        var serverEndpoint = new Uri("https://example.com/mcp");
+        var serverEndpoint = new Uri("http://localhost:7071/sse");
 
         // Set up the SSE transport with authorization support
         var transportOptions = new SseClientTransportOptions
@@ -21,7 +21,6 @@ public static async Task Main(string[] args)
             AuthorizeCallback = SseClientTransport.CreateLocalServerAuthorizeCallback(
                  openBrowser: async (url) =>
                  {
-                     // Open the URL in the user's default browser
                      Process.Start(new ProcessStartInfo(url) { UseShellExecute = true });
                  }
              )
diff --git a/samples/AuthorizationServerExample/Program.cs b/samples/AuthorizationServerExample/Program.cs
@@ -24,7 +24,7 @@ public static async Task Main(string[] args)
         var prm = new ProtectedResourceMetadata
         {
             Resource = "http://localhost:7071", // Changed from HTTPS to HTTP for local development
-            AuthorizationServers = ["https://auth.example.com"], // Auth servers that can issue tokens for this resource
+            AuthorizationServers = ["https://login.microsoftonline.com/a2213e1c-e51e-4304-9a0d-effe57f31655/v2.0"], // Let's use a dummy Entra ID tenant here
             BearerMethodsSupported = ["header"], // We support the Authorization header
             ScopesSupported = ["mcp.tools", "mcp.prompts", "mcp.resources"], // Scopes supported by this resource
             ResourceDocumentation = "https://example.com/docs/mcp-server-auth" // Optional documentation URL
diff --git a/src/ModelContextProtocol/Protocol/Auth/AuthorizationContext.cs b/src/ModelContextProtocol/Protocol/Auth/AuthorizationContext.cs
@@ -85,7 +85,15 @@ public bool ValidateResourceUrl(string resourceUrl)
             return false;
         }
 
-        // Resource URL must match exactly
+        // Compare the host part (FQDN) rather than the full URL
+        if (Uri.TryCreate(resourceUrl, UriKind.Absolute, out Uri? resourceUri) && 
+            Uri.TryCreate(ResourceMetadata.Resource, UriKind.Absolute, out Uri? metadataUri))
+        {
+            // Compare only the host (domain name)
+            return string.Equals(resourceUri.Host, metadataUri.Host, StringComparison.OrdinalIgnoreCase);
+        }
+
+        // If we can't parse both URLs, fall back to exact string comparison
         return string.Equals(resourceUrl, ResourceMetadata.Resource, StringComparison.OrdinalIgnoreCase);
     }
 }
diff --git a/src/ModelContextProtocol/Protocol/Auth/DefaultAuthorizationHandler.cs b/src/ModelContextProtocol/Protocol/Auth/DefaultAuthorizationHandler.cs
@@ -75,9 +75,11 @@ public async Task<bool> HandleUnauthorizedResponseAsync(HttpResponseMessage resp
             throw exception;
         }
 
+        // Store the resource metadata in the context before validating the resource URL
+        authContext.Value.ResourceMetadata = resourceMetadata;
+
         // Validate that the resource matches the server FQDN
-        if (!authContext.Value.ValidateResourceUrl(serverUri.ToString()) && 
-            !string.Equals(resourceMetadata.Resource, serverUri.ToString(), StringComparison.OrdinalIgnoreCase))
+        if (!authContext.Value.ValidateResourceUrl(serverUri.ToString()))
         {
             _logger.LogWarning("Resource URL mismatch: expected {Expected}, got {Actual}", 
                 serverUri, resourceMetadata.Resource);
@@ -87,8 +89,6 @@ public async Task<bool> HandleUnauthorizedResponseAsync(HttpResponseMessage resp
             throw exception;
         }
 
-        authContext.Value.ResourceMetadata = resourceMetadata;
-
         // Get the first authorization server from the metadata
         if (resourceMetadata.AuthorizationServers == null || resourceMetadata.AuthorizationServers.Length == 0)
         {

Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,7 @@ public class Program`
`12`	`12`	`public static async Task Main(string[] args)`
`13`	`13`	`{`
`14`	`14`	`// Define the MCP server endpoint that requires OAuth authentication`
`15`		`- var serverEndpoint = new Uri("https://example.com/mcp");`
	`15`	`+ var serverEndpoint = new Uri("http://localhost:7071/sse");`
`16`	`16`
`17`	`17`	`// Set up the SSE transport with authorization support`
`18`	`18`	`var transportOptions = new SseClientTransportOptions`
`@@ -21,7 +21,6 @@ public static async Task Main(string[] args)`
`21`	`21`	`AuthorizeCallback = SseClientTransport.CreateLocalServerAuthorizeCallback(`
`22`	`22`	`openBrowser: async (url) =>`
`23`	`23`	`{`
`24`		`- // Open the URL in the user's default browser`
`25`	`24`	`Process.Start(new ProcessStartInfo(url) { UseShellExecute = true });`
`26`	`25`	`}`
`27`	`26`	`)`
Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,7 @@ public static async Task Main(string[] args)`
`24`	`24`	`var prm = new ProtectedResourceMetadata`
`25`	`25`	`{`
`26`	`26`	`Resource = "http://localhost:7071", // Changed from HTTPS to HTTP for local development`
`27`		`- AuthorizationServers = ["https://auth.example.com"], // Auth servers that can issue tokens for this resource`
	`27`	`+ AuthorizationServers = ["https://login.microsoftonline.com/a2213e1c-e51e-4304-9a0d-effe57f31655/v2.0"], // Let's use a dummy Entra ID tenant here`
`28`	`28`	`BearerMethodsSupported = ["header"], // We support the Authorization header`
`29`	`29`	`ScopesSupported = ["mcp.tools", "mcp.prompts", "mcp.resources"], // Scopes supported by this resource`
`30`	`30`	`ResourceDocumentation = "https://example.com/docs/mcp-server-auth" // Optional documentation URL`
Original file line number	Diff line number	Diff line change
`@@ -85,7 +85,15 @@ public bool ValidateResourceUrl(string resourceUrl)`
`85`	`85`	`return false;`
`86`	`86`	`}`
`87`	`87`
`88`		`- // Resource URL must match exactly`
	`88`	`+ // Compare the host part (FQDN) rather than the full URL`
	`89`	`+ if (Uri.TryCreate(resourceUrl, UriKind.Absolute, out Uri? resourceUri) &&`
	`90`	`+ Uri.TryCreate(ResourceMetadata.Resource, UriKind.Absolute, out Uri? metadataUri))`
	`91`	`+ {`
	`92`	`+ // Compare only the host (domain name)`
	`93`	`+ return string.Equals(resourceUri.Host, metadataUri.Host, StringComparison.OrdinalIgnoreCase);`
	`94`	`+ }`
	`95`	`+`
	`96`	`+ // If we can't parse both URLs, fall back to exact string comparison`
`89`	`97`	`return string.Equals(resourceUrl, ResourceMetadata.Resource, StringComparison.OrdinalIgnoreCase);`
`90`	`98`	`}`
`91`	`99`	`}`
Original file line number	Diff line number	Diff line change
`@@ -75,9 +75,11 @@ public async Task<bool> HandleUnauthorizedResponseAsync(HttpResponseMessage resp`
`75`	`75`	`throw exception;`
`76`	`76`	`}`
`77`	`77`
	`78`	`+ // Store the resource metadata in the context before validating the resource URL`
	`79`	`+ authContext.Value.ResourceMetadata = resourceMetadata;`
	`80`	`+`
`78`	`81`	`// Validate that the resource matches the server FQDN`
`79`		`- if (!authContext.Value.ValidateResourceUrl(serverUri.ToString()) &&`
`80`		`- !string.Equals(resourceMetadata.Resource, serverUri.ToString(), StringComparison.OrdinalIgnoreCase))`
	`82`	`+ if (!authContext.Value.ValidateResourceUrl(serverUri.ToString()))`
`81`	`83`	`{`
`82`	`84`	`_logger.LogWarning("Resource URL mismatch: expected {Expected}, got {Actual}",`
`83`	`85`	`serverUri, resourceMetadata.Resource);`
`@@ -87,8 +89,6 @@ public async Task<bool> HandleUnauthorizedResponseAsync(HttpResponseMessage resp`
`87`	`89`	`throw exception;`
`88`	`90`	`}`
`89`	`91`
`90`		`- authContext.Value.ResourceMetadata = resourceMetadata;`
`91`		`-`
`92`	`92`	`// Get the first authorization server from the metadata`
`93`	`93`	`if (resourceMetadata.AuthorizationServers == null \|\| resourceMetadata.AuthorizationServers.Length == 0)`
`94`	`94`	`{`