Merge branch 'main' into copilot/normalize-calltoolresult-content

stephentoub · web-flow · commit 8e8987de9787 · 2026-02-23T14:47:45.000-05:00
diff --git a/src/ModelContextProtocol.Core/Client/HttpClientTransportOptions.cs b/src/ModelContextProtocol.Core/Client/HttpClientTransportOptions.cs
@@ -113,14 +113,15 @@ public required Uri Endpoint
     /// Gets or sets the maximum number of consecutive reconnection attempts when an SSE stream is disconnected.
     /// </summary>
     /// <value>
-    /// The maximum number of reconnection attempts. The default is 2.
+    /// The maximum number of reconnection attempts. The default is 5.
     /// </value>
     /// <remarks>
     /// When an SSE stream is disconnected (e.g., due to a network issue), the client will attempt to
     /// reconnect using the Last-Event-ID header to resume from where it left off. This property controls
-    /// how many reconnection attempts are made before giving up.
+    /// how many consecutive reconnection attempts are made before giving up. The counter resets to zero
+    /// on each successful stream read, so this value only limits consecutive failures.
     /// </remarks>
-    public int MaxReconnectionAttempts { get; set; } = 2;
+    public int MaxReconnectionAttempts { get; set; } = 5;
 
     /// <summary>
     /// Gets or sets the default interval at which the client attempts reconnection after an SSE stream is disconnected.
diff --git a/tests/ModelContextProtocol.AspNetCore.Tests/OAuth/AuthTests.cs b/tests/ModelContextProtocol.AspNetCore.Tests/OAuth/AuthTests.cs
@@ -893,6 +893,101 @@ public async Task ResourceMetadata_DoesNotAddTrailingSlash()
             transport, loggerFactory: LoggerFactory, cancellationToken: TestContext.Current.CancellationToken);
     }
 
+    [Fact]
+    public void CloneResourceMetadataClonesAllProperties()
+    {
+        var propertyNames = typeof(ProtectedResourceMetadata).GetProperties().Select(property => property.Name).ToList();
+
+        // Set metadata properties to non-default values to verify they're copied.
+        var metadata = new ProtectedResourceMetadata
+        {
+            Resource = "https://example.com/resource",
+            AuthorizationServers = ["https://auth1.example.com", "https://auth2.example.com"],
+            BearerMethodsSupported = ["header", "body", "query"],
+            ScopesSupported = ["read", "write", "admin"],
+            JwksUri = "https://example.com/.well-known/jwks.json",
+            ResourceSigningAlgValuesSupported = ["RS256", "ES256"],
+            ResourceName = "Test Resource",
+            ResourceDocumentation = "https://docs.example.com",
+            ResourcePolicyUri = "https://example.com/policy",
+            ResourceTosUri = "https://example.com/terms",
+            TlsClientCertificateBoundAccessTokens = true,
+            AuthorizationDetailsTypesSupported = ["payment_initiation", "account_information"],
+            DpopSigningAlgValuesSupported = ["RS256", "PS256"],
+            DpopBoundAccessTokensRequired = true
+        };
+
+        var clonedMetadata = metadata.Clone();
+
+        // Ensure the cloned metadata is not the same instance
+        Assert.NotSame(metadata, clonedMetadata);
+
+        // Verify Resource property
+        Assert.Equal(metadata.Resource, clonedMetadata.Resource);
+        Assert.True(propertyNames.Remove(nameof(metadata.Resource)));
+
+        // Verify AuthorizationServers list is cloned and contains the same values
+        Assert.NotSame(metadata.AuthorizationServers, clonedMetadata.AuthorizationServers);
+        Assert.Equal(metadata.AuthorizationServers, clonedMetadata.AuthorizationServers);
+        Assert.True(propertyNames.Remove(nameof(metadata.AuthorizationServers)));
+
+        // Verify BearerMethodsSupported list is cloned and contains the same values
+        Assert.NotSame(metadata.BearerMethodsSupported, clonedMetadata.BearerMethodsSupported);
+        Assert.Equal(metadata.BearerMethodsSupported, clonedMetadata.BearerMethodsSupported);
+        Assert.True(propertyNames.Remove(nameof(metadata.BearerMethodsSupported)));
+
+        // Verify ScopesSupported list is cloned and contains the same values
+        Assert.NotSame(metadata.ScopesSupported, clonedMetadata.ScopesSupported);
+        Assert.Equal(metadata.ScopesSupported, clonedMetadata.ScopesSupported);
+        Assert.True(propertyNames.Remove(nameof(metadata.ScopesSupported)));
+
+        // Verify JwksUri property
+        Assert.Equal(metadata.JwksUri, clonedMetadata.JwksUri);
+        Assert.True(propertyNames.Remove(nameof(metadata.JwksUri)));
+
+        // Verify ResourceSigningAlgValuesSupported list is cloned (nullable list)
+        Assert.NotSame(metadata.ResourceSigningAlgValuesSupported, clonedMetadata.ResourceSigningAlgValuesSupported);
+        Assert.Equal(metadata.ResourceSigningAlgValuesSupported, clonedMetadata.ResourceSigningAlgValuesSupported);
+        Assert.True(propertyNames.Remove(nameof(metadata.ResourceSigningAlgValuesSupported)));
+
+        // Verify ResourceName property
+        Assert.Equal(metadata.ResourceName, clonedMetadata.ResourceName);
+        Assert.True(propertyNames.Remove(nameof(metadata.ResourceName)));
+
+        // Verify ResourceDocumentation property
+        Assert.Equal(metadata.ResourceDocumentation, clonedMetadata.ResourceDocumentation);
+        Assert.True(propertyNames.Remove(nameof(metadata.ResourceDocumentation)));
+
+        // Verify ResourcePolicyUri property
+        Assert.Equal(metadata.ResourcePolicyUri, clonedMetadata.ResourcePolicyUri);
+        Assert.True(propertyNames.Remove(nameof(metadata.ResourcePolicyUri)));
+
+        // Verify ResourceTosUri property
+        Assert.Equal(metadata.ResourceTosUri, clonedMetadata.ResourceTosUri);
+        Assert.True(propertyNames.Remove(nameof(metadata.ResourceTosUri)));
+
+        // Verify TlsClientCertificateBoundAccessTokens property
+        Assert.Equal(metadata.TlsClientCertificateBoundAccessTokens, clonedMetadata.TlsClientCertificateBoundAccessTokens);
+        Assert.True(propertyNames.Remove(nameof(metadata.TlsClientCertificateBoundAccessTokens)));
+
+        // Verify AuthorizationDetailsTypesSupported list is cloned (nullable list)
+        Assert.NotSame(metadata.AuthorizationDetailsTypesSupported, clonedMetadata.AuthorizationDetailsTypesSupported);
+        Assert.Equal(metadata.AuthorizationDetailsTypesSupported, clonedMetadata.AuthorizationDetailsTypesSupported);
+        Assert.True(propertyNames.Remove(nameof(metadata.AuthorizationDetailsTypesSupported)));
+
+        // Verify DpopSigningAlgValuesSupported list is cloned (nullable list)
+        Assert.NotSame(metadata.DpopSigningAlgValuesSupported, clonedMetadata.DpopSigningAlgValuesSupported);
+        Assert.Equal(metadata.DpopSigningAlgValuesSupported, clonedMetadata.DpopSigningAlgValuesSupported);
+        Assert.True(propertyNames.Remove(nameof(metadata.DpopSigningAlgValuesSupported)));
+
+        // Verify DpopBoundAccessTokensRequired property
+        Assert.Equal(metadata.DpopBoundAccessTokensRequired, clonedMetadata.DpopBoundAccessTokensRequired);
+        Assert.True(propertyNames.Remove(nameof(metadata.DpopBoundAccessTokensRequired)));
+
+        // Ensure we've checked every property. When new properties get added, we'll have to update this test along with the Clone implementation.
+        Assert.Empty(propertyNames);
+    }
+
     [Fact]
     public async Task ResourceMetadata_PreservesExplicitTrailingSlash()
     {
