Cleanup

Author: localden

src/ModelContextProtocol.AspNetCore/Authentication/McpAuthorizationPolicyExtensions.cs

@@ -25,10 +25,8 @@ public static AuthorizationOptions AddMcpPolicy(
             .RequireAuthenticatedUser()
             .AddAuthenticationSchemes(McpAuthenticationDefaults.AuthenticationScheme);
 
-        // Allow additional configuration if provided
         configurePolicy?.Invoke(policyBuilder);
 
-        // Add the configured policy
         options.AddPolicy(policyName, policyBuilder.Build());
 
         return options;
@@ -53,16 +51,13 @@ public static AuthorizationOptions AddMcpPolicy(
             return AddMcpPolicy(options, policyName, configurePolicy);
         }
 
-        // Create a policy builder with MCP and additional authentication schemes
         var allSchemes = new[] { McpAuthenticationDefaults.AuthenticationScheme }.Concat(additionalSchemes).ToArray();
 
         var policyBuilder = new AuthorizationPolicyBuilder(allSchemes)
             .RequireAuthenticatedUser();
 
-        // Allow additional configuration if provided
         configurePolicy?.Invoke(policyBuilder);
 
-        // Add the configured policy
         options.AddPolicy(policyName, policyBuilder.Build());
 
         return options;

src/ModelContextProtocol/Authentication/AuthorizationDelegatingHandler.cs

@@ -23,32 +23,25 @@ public AuthorizationDelegatingHandler(IMcpAuthorizationProvider authorizationPro
     /// </summary>
     protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
     {
-        // Add the authentication token to the request if not already present
         if (request.Headers.Authorization == null)
         {
             await AddAuthorizationHeaderAsync(request, cancellationToken);
         }
 
-        // Send the request through the inner handler
         var response = await base.SendAsync(request, cancellationToken);
 
-        // Handle unauthorized responses
         if (response.StatusCode == System.Net.HttpStatusCode.Unauthorized)
         {
-            // Try to handle the unauthorized response
             var handled = await _authorizationProvider.HandleUnauthorizedResponseAsync(
                 response,
                 cancellationToken);
 
             if (handled)
             {
-                // If the unauthorized response was handled, retry the request
                 var retryRequest = await CloneHttpRequestMessageAsync(request);
 
-                // Get a new token
                 await AddAuthorizationHeaderAsync(retryRequest, cancellationToken);
 
-                // Send the retry request
                 return await base.SendAsync(retryRequest, cancellationToken);
             }
         }

src/ModelContextProtocol/Authentication/AuthorizationHelpers.cs

@@ -110,16 +110,9 @@ public static async Task<ProtectedResourceMetadata> ExtractProtectedResourceMeta
             throw new InvalidOperationException("The WWW-Authenticate header does not contain a resource_metadata parameter");
         }
 
-        Uri metadataUri = new Uri(resourceMetadataUrl);
+        Uri metadataUri = new(resourceMetadataUrl);
 
-        // Fetch the resource metadata
-        var metadata = await FetchProtectedResourceMetadataAsync(metadataUri, cancellationToken);
-        if (metadata == null)
-        {
-            throw new InvalidOperationException($"Failed to fetch resource metadata from {resourceMetadataUrl}");
-        }
-
-        // Verify the resource matches the server
+        var metadata = await FetchProtectedResourceMetadataAsync(metadataUri, cancellationToken) ?? throw new InvalidOperationException($"Failed to fetch resource metadata from {resourceMetadataUrl}");
         if (!VerifyResourceMatch(metadata, serverUrl))
         {
             throw new InvalidOperationException(