Remove unused properties from ProtectedResourceMetadata

Per feedback, removed properties that are not used for client OAuth authentication:
- BearerMethodsSupported
- JwksUri
- ResourceSigningAlgValuesSupported
- ResourceName
- ResourceDocumentation
- ResourcePolicyUri
- ResourceTosUri
- TlsClientCertificateBoundAccessTokens
- AuthorizationDetailsTypesSupported
- DpopSigningAlgValuesSupported
- DpopBoundAccessTokensRequired

Kept only the properties necessary for OAuth client authentication:
- Resource
- AuthorizationServers
- ScopesSupported
- WwwAuthenticateScope (internal)

Co-authored-by: halter73 <54385+halter73@users.noreply.github.com>

Author: Copilot

samples/ProtectedMcpServer/Program.cs

@@ -56,7 +56,6 @@
 {
     options.ResourceMetadata = new()
     {
-        ResourceDocumentation = "https://docs.example.com/api/weather",
         AuthorizationServers = { inMemoryOAuthServerUrl },
         ScopesSupported = ["mcp:tools"],
     };

src/ModelContextProtocol.Core/Authentication/ProtectedResourceMetadata.cs

@@ -35,19 +35,6 @@ public sealed class ProtectedResourceMetadata
     [JsonPropertyName("authorization_servers")]
     public List<string> AuthorizationServers { get; set; } = [];
 
-    /// <summary>
-    /// Gets or sets the supported bearer token methods.
-    /// </summary>
-    /// <value>
-    /// A JSON array containing a list of the supported methods of sending an OAuth 2.0 bearer token
-    /// to the protected resource. Defined values are ["header", "body", "query"].
-    /// </value>
-    /// <remarks>
-    /// OPTIONAL.
-    /// </remarks>
-    [JsonPropertyName("bearer_methods_supported")]
-    public List<string> BearerMethodsSupported { get; set; } = ["header"];
-
     /// <summary>
     /// Gets or sets the supported scopes.
     /// </summary>
@@ -61,123 +48,6 @@ public sealed class ProtectedResourceMetadata
     [JsonPropertyName("scopes_supported")]
     public List<string> ScopesSupported { get; set; } = [];
 
-    /// <summary>
-    /// Gets or sets the URL of the protected resource's JSON Web Key (JWK) Set document.
-    /// </summary>
-    /// <remarks>
-    /// OPTIONAL. This document contains public keys belonging to the protected resource, such as signing keys
-    /// that the resource server uses to sign resource responses. This URL MUST use the HTTPS scheme.
-    /// </remarks>
-    [JsonPropertyName("jwks_uri")]
-    public string? JwksUri { get; set; }
-
-    /// <summary>
-    /// Gets or sets the list of the JWS signing algorithms supported by the protected resource for signing resource responses.
-    /// </summary>
-    /// <value>
-    /// A JSON array containing a list of the JWS signing algorithms (alg values) supported by the protected resource
-    /// for signing resource responses.
-    /// </value>
-    /// <remarks>
-    /// OPTIONAL. No default algorithms are implied if this entry is omitted. The value "none" MUST NOT be used.
-    /// </remarks>
-    [JsonPropertyName("resource_signing_alg_values_supported")]
-    public List<string>? ResourceSigningAlgValuesSupported { get; set; }
-
-    /// <summary>
-    /// Gets or sets the human-readable name of the protected resource intended for display to the end user.
-    /// </summary>
-    /// <remarks>
-    /// RECOMMENDED. It is recommended that protected resource metadata include this field.
-    /// The value of this field MAY be internationalized.
-    /// </remarks>
-    [JsonPropertyName("resource_name")]
-    public string? ResourceName { get; set; }
-
-    /// <summary>
-    /// Gets or sets the URI to the resource documentation.
-    /// </summary>
-    /// <value>
-    /// The URL of a page containing human-readable information that developers might want or need to know
-    /// when using the protected resource.
-    /// </value>
-    /// <remarks>
-    /// OPTIONAL.
-    /// </remarks>
-    [JsonPropertyName("resource_documentation")]
-    public string? ResourceDocumentation { get; set; }
-
-    /// <summary>
-    /// Gets or sets the URL of a page containing human-readable information about the protected resource's requirements.
-    /// </summary>
-    /// <value>
-    /// The URL of a page that contains information about how the client can use the data provided by the protected resource.
-    /// </value>
-    /// <remarks>
-    /// OPTIONAL.
-    /// </remarks>
-    [JsonPropertyName("resource_policy_uri")]
-    public string? ResourcePolicyUri { get; set; }
-
-    /// <summary>
-    /// Gets or sets the URL of a page containing human-readable information about the protected resource's terms of service.
-    /// </summary>
-    /// <remarks>
-    /// OPTIONAL. The value of this field MAY be internationalized.
-    /// </remarks>
-    [JsonPropertyName("resource_tos_uri")]
-    public string? ResourceTosUri { get; set; }
-
-    /// <summary>
-    /// Gets or sets a value indicating whether there is protected resource support for mutual-TLS client certificate-bound access tokens.
-    /// </summary>
-    /// <value>
-    /// <see langword="true"/> if there's protected resource support for mutual-TLS client certificate-bound access tokens; otherwise, <see langword="false"/>. The default is <see langword="false"/>.
-    /// </value>
-    /// <remarks>
-    /// OPTIONAL.
-    /// </remarks>
-    [JsonPropertyName("tls_client_certificate_bound_access_tokens")]
-    public bool? TlsClientCertificateBoundAccessTokens { get; set; }
-
-    /// <summary>
-    /// Gets or sets the list of the authorization details type values supported by the resource server.
-    /// </summary>
-    /// <value>
-    /// A JSON array containing a list of the authorization details type values supported by the resource server
-    /// when the authorization_details request parameter is used.
-    /// </value>
-    /// <remarks>
-    /// OPTIONAL.
-    /// </remarks>
-    [JsonPropertyName("authorization_details_types_supported")]
-    public List<string>? AuthorizationDetailsTypesSupported { get; set; }
-
-    /// <summary>
-    /// Gets or sets the list of the JWS algorithm values supported by the resource server for validating DPoP proof JWTs.
-    /// </summary>
-    /// <value>
-    /// A JSON array containing a list of the JWS alg values supported by the resource server
-    /// for validating Demonstrating Proof of Possession (DPoP) proof JWTs.
-    /// </value>
-    /// <remarks>
-    /// OPTIONAL.
-    /// </remarks>
-    [JsonPropertyName("dpop_signing_alg_values_supported")]
-    public List<string>? DpopSigningAlgValuesSupported { get; set; }
-
-    /// <summary>
-    /// Gets or sets a value indicating whether the protected resource always requires the use of DPoP-bound access tokens.
-    /// </summary>
-    /// <value>
-    /// <see langword="true"/> if the protected resource always requires the use of DPoP-bound access tokens; otherwise, <see langword="false"/>. The default is <see langword="false"/>.
-    /// </value>
-    /// <remarks>
-    /// OPTIONAL.
-    /// </remarks>
-    [JsonPropertyName("dpop_bound_access_tokens_required")]
-    public bool? DpopBoundAccessTokensRequired { get; set; }
-
     /// <summary>
     /// Used internally by the client to get or set the scope specified as a WWW-Authenticate header parameter.
     /// This should be preferred over using the ScopesSupported property.
@@ -203,18 +73,7 @@ public ProtectedResourceMetadata Clone(Uri? derivedResourceUri = null)
         {
             Resource = Resource ?? derivedResourceUri?.ToString(),
             AuthorizationServers = [.. AuthorizationServers],
-            BearerMethodsSupported = [.. BearerMethodsSupported],
             ScopesSupported = [.. ScopesSupported],
-            JwksUri = JwksUri,
-            ResourceSigningAlgValuesSupported = ResourceSigningAlgValuesSupported is not null ? [.. ResourceSigningAlgValuesSupported] : null,
-            ResourceName = ResourceName,
-            ResourceDocumentation = ResourceDocumentation,
-            ResourcePolicyUri = ResourcePolicyUri,
-            ResourceTosUri = ResourceTosUri,
-            TlsClientCertificateBoundAccessTokens = TlsClientCertificateBoundAccessTokens,
-            AuthorizationDetailsTypesSupported = AuthorizationDetailsTypesSupported is not null ? [.. AuthorizationDetailsTypesSupported] : null,
-            DpopSigningAlgValuesSupported = DpopSigningAlgValuesSupported is not null ? [.. DpopSigningAlgValuesSupported] : null,
-            DpopBoundAccessTokensRequired = DpopBoundAccessTokensRequired
         };
     }
 }

tests/ModelContextProtocol.AspNetCore.Tests/OAuth/AuthEventTests.cs

@@ -152,7 +152,6 @@ public async Task ResourceMetadataEndpoint_CanModifyExistingMetadata_InEvent()
                     if (context.ResourceMetadata != null)
                     {
                         context.ResourceMetadata.ScopesSupported.Add("mcp:tools");
-                        context.ResourceMetadata.ResourceName = "Dynamic Test Resource";
                     }
                     await Task.CompletedTask;
                 };
@@ -179,7 +178,6 @@ public async Task ResourceMetadataEndpoint_CanModifyExistingMetadata_InEvent()
         Assert.Contains(OAuthServerUrl, metadata.AuthorizationServers);
         Assert.Contains("mcp:basic", metadata.ScopesSupported);
         Assert.Contains("mcp:tools", metadata.ScopesSupported);
-        Assert.Equal("Dynamic Test Resource", metadata.ResourceName);
     }
 
     [Fact]