Add IncludeResourceIndicator option for OAuth and DI client sample#1402
Open
Varun6578 wants to merge 2 commits intomodelcontextprotocol:mainfrom
Open
Add IncludeResourceIndicator option for OAuth and DI client sample#1402Varun6578 wants to merge 2 commits intomodelcontextprotocol:mainfrom
Varun6578 wants to merge 2 commits intomodelcontextprotocol:mainfrom
Conversation
Fix modelcontextprotocol#648: Add IncludeResourceIndicator option to ClientOAuthOptions to allow suppressing the RFC 8707 'resource' parameter in OAuth requests. This enables compatibility with OAuth providers like MS Entra-ID (Azure AD v2.0) that do not support the resource parameter. Fix modelcontextprotocol#147: Add DependencyInjectionClient sample project demonstrating how to wire up MCP clients with Microsoft.Extensions.DependencyInjection and IHostedService. Add DI guidance section to getting-started docs. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…doc warning - GetAccessTokenSilentAsync now omits the resource parameter from token refresh requests when IncludeResourceIndicator is false, matching the behavior of the 401 handler and authorization URL paths. - Added warning comment in getting-started.md about .GetAwaiter().GetResult() deadlock risk in SynchronizationContext environments. - Added end-to-end tests with mock Entra ID server (ExpectResource=false) validating full auth flow and token refresh without resource parameter. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Varun6578
force-pushed
the
fix/oauth-resource-indicator-and-di-sample
branch
from
5819a96 to
b653294
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR addresses two issues from the Backlog milestone:
Fix #648: OAuth authentication fails with MS Entra-ID
The SDK sends a
resourceparameter (RFC 8707) in OAuth authorization, token exchange, and token refresh requests. MS Entra-ID v2.0 does not support this parameter and returnsAADSTS901002.Changes:
IncludeResourceIndicatorproperty toClientOAuthOptions(defaults totruefor backward compatibility)false, theresourceparameter is omitted from all OAuth requestsresourceparameter when the option is disabledUsage:
Fix #147: Add client sample with DI guidance
samples/DependencyInjectionClientshowing how to registerMcpClientas a singleton viaIServiceCollectionand consume it from anIHostedServicedocs/concepts/getting-started.mdTesting
CanAuthenticate_WithoutResourceIndicatorvalidates the feature