Revert "Remove unused properties from ProtectedResourceMetadata"

This reverts commit f18c391.

Author: halter73

samples/ProtectedMcpServer/Program.cs

@@ -56,6 +56,7 @@
 {
     options.ResourceMetadata = new()
     {
+        ResourceDocumentation = "https://docs.example.com/api/weather",
         AuthorizationServers = { inMemoryOAuthServerUrl },
         ScopesSupported = ["mcp:tools"],
     };

src/ModelContextProtocol.Core/Authentication/ProtectedResourceMetadata.cs

@@ -35,6 +35,19 @@ public sealed class ProtectedResourceMetadata
     [JsonPropertyName("authorization_servers")]
     public List<string> AuthorizationServers { get; set; } = [];
 
+    /// <summary>
+    /// Gets or sets the supported bearer token methods.
+    /// </summary>
+    /// <value>
+    /// A JSON array containing a list of the supported methods of sending an OAuth 2.0 bearer token
+    /// to the protected resource. Defined values are ["header", "body", "query"].
+    /// </value>
+    /// <remarks>
+    /// OPTIONAL.
+    /// </remarks>
+    [JsonPropertyName("bearer_methods_supported")]
+    public List<string> BearerMethodsSupported { get; set; } = ["header"];
+
     /// <summary>
     /// Gets or sets the supported scopes.
     /// </summary>
@@ -48,6 +61,123 @@ public sealed class ProtectedResourceMetadata
     [JsonPropertyName("scopes_supported")]
     public List<string> ScopesSupported { get; set; } = [];
 
+    /// <summary>
+    /// Gets or sets the URL of the protected resource's JSON Web Key (JWK) Set document.
+    /// </summary>
+    /// <remarks>
+    /// OPTIONAL. This document contains public keys belonging to the protected resource, such as signing keys
+    /// that the resource server uses to sign resource responses. This URL MUST use the HTTPS scheme.
+    /// </remarks>
+    [JsonPropertyName("jwks_uri")]
+    public string? JwksUri { get; set; }
+
+    /// <summary>
+    /// Gets or sets the list of the JWS signing algorithms supported by the protected resource for signing resource responses.
+    /// </summary>
+    /// <value>
+    /// A JSON array containing a list of the JWS signing algorithms (alg values) supported by the protected resource
+    /// for signing resource responses.
+    /// </value>
+    /// <remarks>
+    /// OPTIONAL. No default algorithms are implied if this entry is omitted. The value "none" MUST NOT be used.
+    /// </remarks>
+    [JsonPropertyName("resource_signing_alg_values_supported")]
+    public List<string>? ResourceSigningAlgValuesSupported { get; set; }
+
+    /// <summary>
+    /// Gets or sets the human-readable name of the protected resource intended for display to the end user.
+    /// </summary>
+    /// <remarks>
+    /// RECOMMENDED. It is recommended that protected resource metadata include this field.
+    /// The value of this field MAY be internationalized.
+    /// </remarks>
+    [JsonPropertyName("resource_name")]
+    public string? ResourceName { get; set; }
+
+    /// <summary>
+    /// Gets or sets the URI to the resource documentation.
+    /// </summary>
+    /// <value>
+    /// The URL of a page containing human-readable information that developers might want or need to know
+    /// when using the protected resource.
+    /// </value>
+    /// <remarks>
+    /// OPTIONAL.
+    /// </remarks>
+    [JsonPropertyName("resource_documentation")]
+    public string? ResourceDocumentation { get; set; }
+
+    /// <summary>
+    /// Gets or sets the URL of a page containing human-readable information about the protected resource's requirements.
+    /// </summary>
+    /// <value>
+    /// The URL of a page that contains information about how the client can use the data provided by the protected resource.
+    /// </value>
+    /// <remarks>
+    /// OPTIONAL.
+    /// </remarks>
+    [JsonPropertyName("resource_policy_uri")]
+    public string? ResourcePolicyUri { get; set; }
+
+    /// <summary>
+    /// Gets or sets the URL of a page containing human-readable information about the protected resource's terms of service.
+    /// </summary>
+    /// <remarks>
+    /// OPTIONAL. The value of this field MAY be internationalized.
+    /// </remarks>
+    [JsonPropertyName("resource_tos_uri")]
+    public string? ResourceTosUri { get; set; }
+
+    /// <summary>
+    /// Gets or sets a value indicating whether there is protected resource support for mutual-TLS client certificate-bound access tokens.
+    /// </summary>
+    /// <value>
+    /// <see langword="true"/> if there's protected resource support for mutual-TLS client certificate-bound access tokens; otherwise, <see langword="false"/>. The default is <see langword="false"/>.
+    /// </value>
+    /// <remarks>
+    /// OPTIONAL.
+    /// </remarks>
+    [JsonPropertyName("tls_client_certificate_bound_access_tokens")]
+    public bool? TlsClientCertificateBoundAccessTokens { get; set; }
+
+    /// <summary>
+    /// Gets or sets the list of the authorization details type values supported by the resource server.
+    /// </summary>
+    /// <value>
+    /// A JSON array containing a list of the authorization details type values supported by the resource server
+    /// when the authorization_details request parameter is used.
+    /// </value>
+    /// <remarks>
+    /// OPTIONAL.
+    /// </remarks>
+    [JsonPropertyName("authorization_details_types_supported")]
+    public List<string>? AuthorizationDetailsTypesSupported { get; set; }
+
+    /// <summary>
+    /// Gets or sets the list of the JWS algorithm values supported by the resource server for validating DPoP proof JWTs.
+    /// </summary>
+    /// <value>
+    /// A JSON array containing a list of the JWS alg values supported by the resource server
+    /// for validating Demonstrating Proof of Possession (DPoP) proof JWTs.
+    /// </value>
+    /// <remarks>
+    /// OPTIONAL.
+    /// </remarks>
+    [JsonPropertyName("dpop_signing_alg_values_supported")]
+    public List<string>? DpopSigningAlgValuesSupported { get; set; }
+
+    /// <summary>
+    /// Gets or sets a value indicating whether the protected resource always requires the use of DPoP-bound access tokens.
+    /// </summary>
+    /// <value>
+    /// <see langword="true"/> if the protected resource always requires the use of DPoP-bound access tokens; otherwise, <see langword="false"/>. The default is <see langword="false"/>.
+    /// </value>
+    /// <remarks>
+    /// OPTIONAL.
+    /// </remarks>
+    [JsonPropertyName("dpop_bound_access_tokens_required")]
+    public bool? DpopBoundAccessTokensRequired { get; set; }
+
     /// <summary>
     /// Used internally by the client to get or set the scope specified as a WWW-Authenticate header parameter.
     /// This should be preferred over using the ScopesSupported property.
@@ -73,7 +203,18 @@ public ProtectedResourceMetadata Clone(Uri? derivedResourceUri = null)
         {
             Resource = Resource ?? derivedResourceUri?.ToString(),
             AuthorizationServers = [.. AuthorizationServers],
+            BearerMethodsSupported = [.. BearerMethodsSupported],
             ScopesSupported = [.. ScopesSupported],
+            JwksUri = JwksUri,
+            ResourceSigningAlgValuesSupported = ResourceSigningAlgValuesSupported is not null ? [.. ResourceSigningAlgValuesSupported] : null,
+            ResourceName = ResourceName,
+            ResourceDocumentation = ResourceDocumentation,
+            ResourcePolicyUri = ResourcePolicyUri,
+            ResourceTosUri = ResourceTosUri,
+            TlsClientCertificateBoundAccessTokens = TlsClientCertificateBoundAccessTokens,
+            AuthorizationDetailsTypesSupported = AuthorizationDetailsTypesSupported is not null ? [.. AuthorizationDetailsTypesSupported] : null,
+            DpopSigningAlgValuesSupported = DpopSigningAlgValuesSupported is not null ? [.. DpopSigningAlgValuesSupported] : null,
+            DpopBoundAccessTokensRequired = DpopBoundAccessTokensRequired
         };
     }
 }

tests/ModelContextProtocol.AspNetCore.Tests/OAuth/AuthEventTests.cs

@@ -152,6 +152,7 @@ public async Task ResourceMetadataEndpoint_CanModifyExistingMetadata_InEvent()
                     if (context.ResourceMetadata != null)
                     {
                         context.ResourceMetadata.ScopesSupported.Add("mcp:tools");
+                        context.ResourceMetadata.ResourceName = "Dynamic Test Resource";
                     }
                     await Task.CompletedTask;
                 };
@@ -178,6 +179,7 @@ public async Task ResourceMetadataEndpoint_CanModifyExistingMetadata_InEvent()
         Assert.Contains(OAuthServerUrl, metadata.AuthorizationServers);
         Assert.Contains("mcp:basic", metadata.ScopesSupported);
         Assert.Contains("mcp:tools", metadata.ScopesSupported);
+        Assert.Equal("Dynamic Test Resource", metadata.ResourceName);
     }
 
     [Fact]