Update with configuration for generic OAuth provider

Author: localden

samples/ProtectedMCPClient/Program.cs

@@ -1,3 +1,4 @@
+using ModelContextProtocol.Authentication;
 using ModelContextProtocol.Client;
 
 namespace ProtectedMCPClient;
@@ -22,7 +23,7 @@ static async Task Main(string[] args)
 
         // Create the token provider with our custom HttpClient, 
         // letting the AuthorizationHelpers be created automatically
-        var tokenProvider = new BasicOAuthProvider(
+        var tokenProvider = new GenericOAuthProvider(
             new Uri(serverUrl),
             httpClient,
             null, // AuthorizationHelpers will be created automatically
@@ -47,6 +48,7 @@ static async Task Main(string[] args)
                 transportOptions,
                 tokenProvider
             );
+            
             var client = await McpClientFactory.CreateAsync(transport);
 
             var tools = await client.ListToolsAsync();

samples/ProtectedMCPServer/Program.cs

@@ -64,7 +64,7 @@
             Resource = new Uri("http://localhost"),
             BearerMethodsSupported = { "header" },
             ResourceDocumentation = new Uri("https://docs.example.com/api/weather"),
-            AuthorizationServers = { new Uri($"{instance}{tenantId}/oauth2/v2.0") }
+            AuthorizationServers = { new Uri($"{instance}{tenantId}/v2.0") }
         };
 
         metadata.ScopesSupported.AddRange([

src/ModelContextProtocol/Authentication/AuthorizationHelpers.cs

@@ -149,7 +149,7 @@ private Uri ExtractBaseResourceUri(Uri metadataUri)
     /// <returns>The resource metadata if the resource matches the server, otherwise throws an exception.</returns>
     /// <exception cref="InvalidOperationException">Thrown when the response is not a 401, lacks a WWW-Authenticate header,
     /// lacks a resource_metadata parameter, the metadata can't be fetched, or the resource URI doesn't match the server URL.</exception>
-    public async Task<ProtectedResourceMetadata> ExtractProtectedResourceMetadata(
+    internal async Task<ProtectedResourceMetadata> ExtractProtectedResourceMetadata(
         HttpResponseMessage response,
         Uri serverUrl,
         CancellationToken cancellationToken = default)
@@ -169,7 +169,7 @@ public async Task<ProtectedResourceMetadata> ExtractProtectedResourceMetadata(
         string? resourceMetadataUrl = null;
         foreach (var header in response.Headers.WwwAuthenticate)
         {
-            if (string.Equals(header.Scheme, "Bearer", StringComparison.OrdinalIgnoreCase) && 
+            if (string.Equals(header.Scheme, "Bearer", StringComparison.OrdinalIgnoreCase) &&
                 !string.IsNullOrEmpty(header.Parameter))
             {
                 resourceMetadataUrl = ParseWwwAuthenticateParameters(header.Parameter, "resource_metadata");
@@ -186,17 +186,17 @@ public async Task<ProtectedResourceMetadata> ExtractProtectedResourceMetadata(
         }
 
         Uri metadataUri = new(resourceMetadataUrl);
-        
+
         var metadata = await FetchProtectedResourceMetadataAsync(metadataUri, cancellationToken).ConfigureAwait(false);
         if (metadata == null)
         {
             throw new InvalidOperationException($"Failed to fetch resource metadata from {resourceMetadataUrl}");
         }
-        
+
         // Extract the base URI from the metadata URL
         Uri urlToValidate = ExtractBaseResourceUri(metadataUri);
         _logger.LogDebug($"Validating resource metadata against base URL: {urlToValidate}");
-        
+
         if (!VerifyResourceMatch(metadata, urlToValidate))
         {
             throw new InvalidOperationException(
@@ -245,5 +245,33 @@ public async Task<ProtectedResourceMetadata> ExtractProtectedResourceMetadata(
         }
 
         return null;
+    }    /// <summary>
+    /// Handles a 401 Unauthorized response and returns all available authorization servers.
+    /// This is the primary method for OAuth discovery - use this when you want full control 
+    /// over authorization server selection.
+    /// </summary>
+    /// <param name="response">The 401 HTTP response.</param>
+    /// <param name="serverUrl">The server URL that returned the 401.</param>
+    /// <param name="cancellationToken">A token to cancel the operation.</param>
+    /// <returns>A list of available authorization server URIs.</returns>
+    /// <exception cref="ArgumentNullException">Thrown when response is null.</exception>    
+    public async Task<IReadOnlyList<Uri>> GetAvailableAuthorizationServersAsync(
+        HttpResponseMessage response,
+        Uri serverUrl,
+        CancellationToken cancellationToken = default)
+    {
+        if (response == null) throw new ArgumentNullException(nameof(response));
+        
+        try
+        {
+            // Extract resource metadata behind the scenes
+            var metadata = await ExtractProtectedResourceMetadata(response, serverUrl, cancellationToken);
+            return metadata.AuthorizationServers ?? new List<Uri>();
+        }
+        catch (Exception ex)
+        {
+            _logger.LogError(ex, "Failed to get available authorization servers");
+            return new List<Uri>();
+        }
     }
 }

samples/ProtectedMCPClient/Types/AuthorizationServerMetadata.cs renamed to src/ModelContextProtocol/Authentication/AuthorizationServerMetadata.cs

@@ -1,6 +1,6 @@
 using System.Text.Json.Serialization;
 
-namespace ModelContextProtocol.Types.Authentication;
+namespace ModelContextProtocol.Authentication;
 
 /// <summary>
 /// Represents the metadata about an OAuth authorization server.
@@ -66,4 +66,4 @@ public class AuthorizationServerMetadata
     /// </summary>
     [JsonPropertyName("scopes_supported")]
     public List<string>? ScopesSupported { get; set; }
-}
+}