Changes based on feedback

Author: localden

samples/ProtectedMCPClient/BasicOAuthAuthorizationProvider.cs

@@ -27,6 +27,9 @@ public class BasicOAuthAuthorizationProvider : ITokenProvider
     // Lazy-initialized shared HttpClient for when no client is provided
     private static readonly Lazy<HttpClient> _defaultHttpClient = new(() => new HttpClient());
 
+    // Cached JsonSerializerOptions to avoid recreating it for each deserialization
+    private static readonly JsonSerializerOptions _jsonOptions = new() { PropertyNameCaseInsensitive = true };
+    
     private TokenContainer? _token;
     private AuthorizationServerMetadata? _authServerMetadata;
 
@@ -159,9 +162,17 @@ public BasicOAuthAuthorizationProvider(
                 {
                     var json = await response.Content.ReadAsStringAsync(cancellationToken);
                     var metadata = JsonSerializer.Deserialize<AuthorizationServerMetadata>(
-                        json, new JsonSerializerOptions { PropertyNameCaseInsensitive = true });
+                        json, _jsonOptions);
 
-                    if (metadata != null) return metadata;
+                    if (metadata != null)
+                    {
+                        metadata.ResponseTypesSupported ??= ["code"];
+                        metadata.GrantTypesSupported ??= ["authorization_code", "refresh_token"];
+                        metadata.TokenEndpointAuthMethodsSupported ??= ["client_secret_basic"];
+                        metadata.CodeChallengeMethodsSupported ??= ["S256"];
+                        
+                        return metadata;
+                    }
                 }
             }
             catch (Exception ex)
@@ -200,7 +211,7 @@ public BasicOAuthAuthorizationProvider(
             {
                 var json = await response.Content.ReadAsStringAsync(cancellationToken);
                 var tokenResponse = JsonSerializer.Deserialize<TokenContainer>(
-                    json, new JsonSerializerOptions { PropertyNameCaseInsensitive = true });
+                    json, _jsonOptions);
 
                 if (tokenResponse != null)
                 {
@@ -341,7 +352,7 @@ private Uri BuildAuthorizationUrl(AuthorizationServerMetadata authServerMetadata
             {
                 var json = await response.Content.ReadAsStringAsync(cancellationToken);
                 var tokenResponse = JsonSerializer.Deserialize<TokenContainer>(
-                    json, new JsonSerializerOptions { PropertyNameCaseInsensitive = true });
+                    json, _jsonOptions);
 
                 if (tokenResponse != null)
                 {

samples/ProtectedMCPClient/Types/AuthorizationServerMetadata.cs

@@ -66,24 +66,4 @@ public class AuthorizationServerMetadata
     /// </summary>
     [JsonPropertyName("scopes_supported")]
     public List<string>? ScopesSupported { get; set; }
-
-    /// <summary>
-    /// Gets the response types supported by the authorization server or returns the default.
-    /// </summary>
-    public IReadOnlyList<string> GetResponseTypesSupported() => ResponseTypesSupported ?? new List<string> { "code" };
-
-    /// <summary>
-    /// Gets the grant types supported by the authorization server or returns the default.
-    /// </summary>
-    public IReadOnlyList<string> GetGrantTypesSupported() => GrantTypesSupported ?? new List<string> { "authorization_code", "refresh_token" };
-
-    /// <summary>
-    /// Gets the token endpoint authentication methods supported by the authorization server or returns the default.
-    /// </summary>
-    public IReadOnlyList<string> GetTokenEndpointAuthMethodsSupported() => TokenEndpointAuthMethodsSupported ?? new List<string> { "client_secret_basic" };
-
-    /// <summary>
-    /// Gets the code challenge methods supported by the authorization server or returns the default.
-    /// </summary>
-    public IReadOnlyList<string> GetCodeChallengeMethodsSupported() => CodeChallengeMethodsSupported ?? new List<string> { "S256" };
 }