Tokens can be cached beyond the lifetime of the (http) transport. #834
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This was referenced Oct 4, 2025
halter73
reviewed
Oct 9, 2025
There was a problem hiding this comment.
Can you add tests for supplying a custom ITokenCache that verifies it gets used?
@localden @DavidParks8 Do you have any thoughts on this?
I added tests that verify a custom token cache is used to look up cached tokens and to store new ones. Since I wanted to test the public API, I had to use What do you think? |
halllo
added a commit
to halllo/McpExperiments
that referenced
this pull request
Oct 15, 2025
…oken, until we get the TokenCache (modelcontextprotocol/csharp-sdk#834).
|
Until this is approved and merged, I use reflection magic to extract and inject the oauth token like this: var httpClientTransport = new HttpClientTransport(...)
var token = File.Exists("token.json") ? File.ReadAllText("token.json") : null;
httpClientTransport.InjectOAuthToken(token);
await using var mcpClient = await McpClient.CreateAsync(httpClientTransport);
File.WriteAllText("token.json", httpClientTransport.ExtractOAuthToken()); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I added the possibility to plugin a token cache, so that the client can be made to reuse its access token beyond the lifetime of the transport. By default tokens are only cached for the lifetime of the transport.
Fixes #749
Fixes #597
Motivation and Context
When the client acquires an access token and a refresh token, it should be able to utilze them to make authenticated requests to the server even after it was restarted. The client should not need to go through the OAuth dance again and again every time it is initialised (unless the access token is no longer valid and no refresh token was acquired or the refresh token was revoked).
How Has This Been Tested?
I tested it via a proof of concept application without a token cache (using the default
InMemoryTokenCache) and with a custom implementation of a file-based token cache.Breaking Changes
The introduction of the
ITokenCacheis backwards compatible. If no custom token cache is provided, it falls back to anInMemoryTokenCachewith the same lifetime as the (oauth enabled http) transport (like before).Types of changes
Checklist
Additional context
TokenContainerpublic, so that it can be passed into custom token caches.ObtainedAtproperty serialisable, because it needs to remember when it was obtained after serialization to calculate the expiration.These two changes seemed more reasonable than introducing another token type for cache serialization only. I didn't find usages that could be disrupted by this.