Cleanup

Author: localden

src/ModelContextProtocol.AspNetCore/Auth/McpAuthenticationHandler.cs

@@ -2,15 +2,20 @@
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
+using ModelContextProtocol.Auth.Types;
+using ModelContextProtocol.Utils.Json;
 using System.Text.Encodings.Web;
 
 namespace ModelContextProtocol.AspNetCore.Auth;
 
 /// <summary>
-/// Authentication handler for MCP protocol that adds resource metadata to challenge responses.
+/// Authentication handler for MCP protocol that adds resource metadata to challenge responses
+/// and handles resource metadata endpoint requests.
 /// </summary>
-public class McpAuthenticationHandler : AuthenticationHandler<McpAuthenticationOptions>
+public class McpAuthenticationHandler : AuthenticationHandler<McpAuthenticationOptions>, IAuthenticationRequestHandler
 {
+    private readonly IOptionsMonitor<McpAuthenticationOptions> _optionsMonitor;
+
     /// <summary>
     /// Initializes a new instance of the <see cref="McpAuthenticationHandler"/> class.
     /// </summary>
@@ -20,6 +25,60 @@ public McpAuthenticationHandler(
         UrlEncoder encoder)
         : base(options, logger, encoder)
     {
+        _optionsMonitor = options;
+    }
+
+    /// <inheritdoc />
+    public async Task<bool> HandleRequestAsync()
+    {
+        // Check if the request is for the resource metadata endpoint
+        string requestPath = Request.Path.Value ?? string.Empty;
+        var options = _optionsMonitor.CurrentValue;
+        string resourceMetadataPath = options.ResourceMetadataUri.ToString();
+        
+        // If the path doesn't match, let the request continue through the pipeline
+        if (!string.Equals(requestPath, resourceMetadataPath, StringComparison.OrdinalIgnoreCase))
+        {
+            return false;
+        }
+
+        // This is a request for resource metadata - handle it
+        await HandleResourceMetadataRequestAsync();
+        return true;
+    }
+
+    /// <summary>
+    /// Handles the resource metadata request.
+    /// </summary>
+    private async Task HandleResourceMetadataRequestAsync()
+    {
+        // Get a copy of the resource metadata from options to avoid modifying the original
+        var options = _optionsMonitor.CurrentValue;
+        var metadata = new ProtectedResourceMetadata
+        {
+            AuthorizationServers = [.. options.ResourceMetadata.AuthorizationServers],
+            BearerMethodsSupported = [.. options.ResourceMetadata.BearerMethodsSupported],
+            ScopesSupported = [.. options.ResourceMetadata.ScopesSupported],
+            ResourceDocumentation = options.ResourceMetadata.ResourceDocumentation
+        };
+        
+        // Set default resource if not set
+        if (metadata.Resource == null)
+        {
+            var request = Request;
+            var hostString = request.Host.Value;
+            var scheme = request.Scheme;
+            metadata.Resource = new Uri($"{scheme}://{hostString}");
+        }
+        
+        Response.StatusCode = StatusCodes.Status200OK;
+        Response.ContentType = "application/json";
+        
+        var json = System.Text.Json.JsonSerializer.Serialize(
+            metadata, 
+            McpJsonUtilities.DefaultOptions.GetTypeInfo(typeof(ProtectedResourceMetadata)));
+        
+        await Response.WriteAsync(json);
     }
 
     /// <inheritdoc />
@@ -36,18 +95,29 @@ protected override Task HandleChallengeAsync(AuthenticationProperties properties
         // Set the response status code
         Response.StatusCode = StatusCodes.Status401Unauthorized;
 
+        // Get the current options to ensure we have the latest values
+        var options = _optionsMonitor.CurrentValue;
+        
         // Generate the full resource metadata URL based on the current request
         var baseUrl = $"{Request.Scheme}://{Request.Host}";
 
-        // Properly parse and validate the ResourceMetadataUri
-        if (!Uri.TryCreate(Options.ResourceMetadataUri.ToString(), UriKind.Absolute, out var prmDocumentUri))
-            throw new InvalidOperationException("Invalid ResourceMetadataUri in options.");
-
-        // Verify that the URI scheme starts with "http"
-        if (!prmDocumentUri.Scheme.StartsWith("http", StringComparison.OrdinalIgnoreCase))
-            throw new InvalidOperationException("ResourceMetadataUri must use HTTP or HTTPS scheme.");
-
-        var rawPrmDocumentUri = prmDocumentUri.ToString();
+        string resourceMetadataUriString = options.ResourceMetadataUri.ToString();
+        string rawPrmDocumentUri;
+        
+        // Check if the URI is relative or absolute
+        if (options.ResourceMetadataUri.IsAbsoluteUri)
+        {
+            rawPrmDocumentUri = resourceMetadataUriString;
+        }
+        else
+        {
+            // For relative URIs, combine with the base URL
+            if (!Uri.TryCreate(baseUrl + resourceMetadataUriString, UriKind.Absolute, out var absoluteUri))
+            {
+                throw new InvalidOperationException("Could not create absolute URI for resource metadata.");
+            }
+            rawPrmDocumentUri = absoluteUri.ToString();
+        }
 
         // Initialize properties if null
         properties ??= new AuthenticationProperties();

src/ModelContextProtocol.AspNetCore/Auth/McpAuthorizationExtensions.cs

@@ -40,36 +40,21 @@ public static AuthenticationBuilder AddMcp(
         string displayName,
         Action<McpAuthenticationOptions>? configureOptions = null)
     {
-        // Create options instance to pass to ResourceMetadataService
-        var options = new McpAuthenticationOptions();
-        configureOptions?.Invoke(options);
-                
-        // Register ResourceMetadataService with options
-        builder.Services.AddSingleton(sp => {
-            var service = new ResourceMetadataService();
-
-            // Configure the service with the resource metadata from options
-            service.ConfigureMetadata(metadata => {
-                metadata.Resource = options.ResourceMetadata.Resource;
-                metadata.AuthorizationServers = options.ResourceMetadata.AuthorizationServers;
-                metadata.BearerMethodsSupported = options.ResourceMetadata.BearerMethodsSupported;
-                metadata.ScopesSupported = options.ResourceMetadata.ScopesSupported;
-                metadata.ResourceDocumentation = options.ResourceMetadata.ResourceDocumentation;
-            });
-            
-            return service;
-        });
-        
-        builder.Services.TryAddSingleton<McpAuthorizationMarker>();
+        if (configureOptions != null)
+        {
+            if (authenticationScheme == McpAuthenticationDefaults.AuthenticationScheme)
+            {
+                builder.Services.Configure(configureOptions);
+            }
+            else
+            {
+                builder.Services.Configure(authenticationScheme, configureOptions);
+            }
+        }
 
         return builder.AddScheme<McpAuthenticationOptions, McpAuthenticationHandler>(
-            authenticationScheme, 
-            displayName, 
-            opt => {
-                if (configureOptions != null)
-                {
-                    configureOptions(opt);
-                }
-            });
+            authenticationScheme,
+            displayName,
+            options => { }); // No-op to avoid overriding
     }
 }

src/ModelContextProtocol.AspNetCore/Auth/McpAuthorizationMarker.cs

@@ -52,24 +52,6 @@ public static IEndpointConventionBuilder MapMcp(this IEndpointRouteBuilder endpo
             .WithMetadata(new AcceptsMetadata(["application/json"]))
             .WithMetadata(new ProducesResponseTypeMetadata(StatusCodes.Status202Accepted));
 
-        // Check if authentication/authorization is configured
-        var authMarker = endpoints.ServiceProvider.GetService<McpAuthorizationMarker>();
-        if (authMarker != null)
-        {
-            // Authorization is configured, so automatically map the OAuth protected resource endpoint
-            var resourceMetadataService = endpoints.ServiceProvider.GetRequiredService<ResourceMetadataService>();
-            
-            var handler = new ResourceMetadataEndpointHandler(resourceMetadataService);
-            
-            var options = endpoints.ServiceProvider.GetRequiredService<IOptions<McpAuthenticationOptions>>();
-            var metadataPath = options.Value.ResourceMetadataUri.ToString();
-            
-            sseGroup.MapGet(metadataPath, handler.HandleRequest)
-                .WithMetadata(new ProducesResponseTypeMetadata(StatusCodes.Status200OK, contentTypes: ["application/json"]))
-                .AllowAnonymous()
-                .WithDisplayName("MCP Resource Metadata");
-        }
-
         return mcpGroup;
     }
 }