-
Notifications
You must be signed in to change notification settings - Fork 670
Expand file tree
/
Copy pathClientOAuthOptions.cs
More file actions
120 lines (109 loc) · 4.94 KB
/
ClientOAuthOptions.cs
File metadata and controls
120 lines (109 loc) · 4.94 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
namespace ModelContextProtocol.Authentication;
/// <summary>
/// Provides configuration options for the <see cref="ClientOAuthProvider"/>.
/// </summary>
public sealed class ClientOAuthOptions
{
/// <summary>
/// Gets or sets the OAuth redirect URI.
/// </summary>
public required Uri RedirectUri { get; set; }
/// <summary>
/// Gets or sets the OAuth client ID. If not provided, the client will attempt to register dynamically.
/// </summary>
public string? ClientId { get; set; }
/// <summary>
/// Gets or sets the OAuth client secret.
/// </summary>
/// <remarks>
/// This secret is optional for public clients or when using PKCE without client authentication.
/// </remarks>
public string? ClientSecret { get; set; }
/// <summary>
/// Gets or sets the HTTPS URL pointing to this client's metadata document.
/// </summary>
/// <remarks>
/// When specified, and when the authorization server metadata reports
/// <c>client_id_metadata_document_supported = true</c>, the OAuth client will respond to
/// challenges by sending this URL as the client identifier instead of performing dynamic
/// client registration.
/// </remarks>
public Uri? ClientMetadataDocumentUri { get; set; }
/// <summary>
/// Gets or sets the OAuth scopes to request.
/// </summary>
/// <remarks>
/// <para>
/// When specified, these scopes will be used instead of the scopes advertised by the protected resource.
/// If not specified, the provider will use the scopes from the protected resource metadata.
/// </para>
/// <para>
/// Common OAuth scopes include "openid", "profile", and "email".
/// </para>
/// </remarks>
public IEnumerable<string>? Scopes { get; set; }
/// <summary>
/// Gets or sets the authorization redirect delegate for handling the OAuth authorization flow.
/// </summary>
/// <remarks>
/// <para>
/// This delegate is responsible for handling the OAuth authorization URL and obtaining the authorization code.
/// If not specified, a default implementation will be used that prompts the user to enter the code manually.
/// </para>
/// <para>
/// Custom implementations might open a browser, start an HTTP listener, or use other mechanisms to capture
/// the authorization code from the OAuth redirect.
/// </para>
/// </remarks>
public AuthorizationRedirectDelegate? AuthorizationRedirectDelegate { get; set; }
/// <summary>
/// Gets or sets the token endpoint authentication method selector function.
/// </summary>
/// <remarks>
/// <para>
/// This function is used to select which token endpoint authentication method to use when multiple methods are available.
/// If not specified, the first available method will be selected.
/// </para>
/// <para>
/// The function receives a list of supported authentication methods from the authorization server metadata and should return the selected method, or null if no suitable method is found.
/// </para>
/// </remarks>
public Func<IReadOnlyList<string>?, string?>? TokenEndpointAuthMethodSelector { get; set; }
/// <summary>
/// Gets or sets the authorization server selector function.
/// </summary>
/// <remarks>
/// <para>
/// This function is used to select which authorization server to use when multiple servers are available.
/// If not specified, the first available server will be selected.
/// </para>
/// <para>
/// The function receives a list of available authorization server URIs and should return the selected server,
/// or null if no suitable server is found.
/// </para>
/// </remarks>
public Func<IReadOnlyList<Uri>, Uri?>? AuthServerSelector { get; set; }
/// <summary>
/// Gets or sets the options to use during dynamic client registration.
/// </summary>
/// <remarks>
/// This value is only used when no <see cref="ClientId"/> is specified.
/// </remarks>
public DynamicClientRegistrationOptions? DynamicClientRegistration { get; set; }
/// <summary>
/// Gets or sets additional parameters to include in the query string of the OAuth authorization request
/// providing extra information or fulfilling specific requirements of the OAuth provider.
/// </summary>
/// <remarks>
/// <para>
/// Parameters specified cannot override or append to any automatically set parameters like the "redirect_uri",
/// which should instead be configured via <see cref="RedirectUri"/>.
/// </para>
/// </remarks>
public IDictionary<string, string> AdditionalAuthorizationParameters { get; set; } = new Dictionary<string, string>();
/// <summary>
/// Gets or sets the token cache to use for storing and retrieving tokens beyond the lifetime of the transport.
/// If none is provided, tokens will be cached with the transport.
/// </summary>
public ITokenCache? TokenCache { get; set; }
}