Documentation Index Fetch the complete documentation index at: https://easyaf.dev/llms.txt
Use this file to discover all available pages before exploring further.
Definition Assembly: Microsoft.OData.Mcp.Authentication.dllNamespace: Microsoft.OData.Mcp.Authentication.ModelsInheritance: System.ObjectSyntax Microsoft . OData . Mcp . Authentication . Models . AuthorizationMetadata
Summary Represents authorization metadata extracted from a JWT token for use in downstream services.
This class contains the authorization information needed to make decisions about
what operations a user can perform and what data they can access. It’s designed
to be lightweight and serializable for caching and delegation scenarios.
Constructors Initializes a new instance of the AuthorizationMetadata class.
Syntax public AuthorizationMetadata ()
Initializes a new instance of the AuthorizationMetadata class with the specified subject.
Syntax public AuthorizationMetadata ( string subject )
Parameters Name Type Description subjectstringThe user’s subject identifier.
Exceptions Exception Description ArgumentExceptionThrown when subject is null or whitespace.
Inherited Syntax Properties Gets or sets the token audience.
Syntax public string Audience { get ; set ; }
Property Value Type: string?
The audience identifier from the JWT token.
This identifies the intended recipient of the token and should match
the service’s expected audience value.
Gets or sets the client application identifier.
Syntax public string ClientId { get ; set ; }
Property Value Type: string?
The identifier of the client application.
This identifies which application the user is accessing the system
through, which can affect authorization decisions and audit trails.
Gets or sets the authorization context identifier.
Syntax public string ContextId { get ; set ; }
Property Value Type: string?
A unique identifier for this authorization context.
This can be used to correlate authorization decisions across
multiple services and audit logs.
Gets or sets custom authorization attributes.
Syntax public System . Collections . Generic . Dictionary < string , string > CustomAttributes { get ; set ; }
Property Value Type: System.Collections.Generic.Dictionary<string, string>
A dictionary of custom attributes that affect authorization decisions.
These attributes can contain business-specific authorization data
such as department, cost center, or data classification levels.
Gets or sets the token expiration time.
Syntax public System . Nullable < System . DateTime > ExpiresAt { get ; set ; }
Property Value Type: System.Nullable<System.DateTime>
The UTC date and time when the token expires.
This is used to determine if the authorization is still valid and
when refresh might be needed.
Gets or sets the token issued time.
Syntax public System . Nullable < System . DateTime > IssuedAt { get ; set ; }
Property Value Type: System.Nullable<System.DateTime>
The UTC date and time when the token was issued.
This timestamp can be used for auditing and determining the age
of the authorization grant.
Gets or sets the token issuer.
Syntax public string Issuer { get ; set ; }
Property Value Type: string?
The issuer identifier from the JWT token.
This identifies which authorization server issued the token, which
is important for trust and validation decisions.
Gets or sets the user’s roles.
Syntax public System . Collections . Generic . List < string > Roles { get ; set ; }
Property Value Type: System.Collections.Generic.List<string>
A collection of roles assigned to the user.
Roles provide a higher-level abstraction over permissions and can be
used for role-based access control (RBAC) scenarios.
Gets or sets the OAuth2 scopes granted to the user.
Syntax public System . Collections . Generic . List < string > Scopes { get ; set ; }
Property Value Type: System.Collections.Generic.List<string>
A collection of scopes that define the user’s permissions.
These scopes determine what operations the user is authorized to perform.
They are used for fine-grained authorization decisions throughout the system.
Gets or sets the session identifier.
Syntax public string SessionId { get ; set ; }
Property Value Type: string?
The identifier of the user’s authentication session.
This links the authorization to a specific user session and can
be used for session management and security monitoring.
Gets or sets the user’s unique identifier.
Syntax public required string Subject { get ; set ; }
Property Value Type: string
The subject identifier from the JWT token.
This uniquely identifies the user across all systems and is used for
auditing, logging, and data access control.
Gets or sets the tenant identifier for multi-tenant scenarios.
Syntax public string TenantId { get ; set ; }
Property Value Type: string?
The identifier of the tenant the user belongs to.
This is used to isolate data and operations between different
organizational units or customers in multi-tenant deployments.
Methods Creates a copy of the authorization metadata.
Syntax public Microsoft . OData . Mcp . Authentication . Models . AuthorizationMetadata Clone ()
Returns Type: Microsoft.OData.Mcp.Authentication.Models.AuthorizationMetadata
A new instance with the same values as the current instance.
Inherited Virtual Syntax public virtual bool Equals ( object obj )
Parameters Name Type Description objobject?-
Returns Type: bool
Inherited Syntax public static bool Equals ( object objA , object objB )
Parameters Name Type Description objAobject?- objBobject?-
Returns Type: bool
Creates authorization metadata from a user context.
Syntax public static Microsoft . OData . Mcp . Authentication . Models . AuthorizationMetadata FromUserContext ( Microsoft . OData . Mcp . Authentication . Models . UserContext userContext )
Parameters Name Type Description userContextMicrosoft.OData.Mcp.Authentication.Models.UserContextThe user context to extract metadata from.
Returns Type: Microsoft.OData.Mcp.Authentication.Models.AuthorizationMetadata
Authorization metadata populated with information from the user context.
Exceptions Exception Description ArgumentNullExceptionThrown when userContext is null.
Gets a custom attribute value by key.
Syntax public string GetCustomAttribute ( string key )
Parameters Name Type Description keystringThe attribute key.
Returns Type: string?
The attribute value if found; otherwise, null.
Inherited Virtual Syntax public virtual int GetHashCode ()
Returns Type: int
Gets the remaining time before the authorization expires.
Syntax public System . Nullable < System . TimeSpan > GetRemainingLifetime ()
Returns Type: System.Nullable<System.TimeSpan>
The remaining time before expiration, or null if no expiration is set.
Inherited Syntax public System . Type GetType ()
Returns Type: System.Type
Determines whether the authorization has all of the specified scopes.
Syntax public bool HasAllScopes ( System . Collections . Generic . IEnumerable < string > requiredScopes )
Parameters Name Type Description requiredScopesSystem.Collections.Generic.IEnumerable<string>The scopes to check for.
Returns Type: bool
true if all required scopes are present; otherwise, false.
Exceptions Exception Description ArgumentNullExceptionThrown when requiredScopes is null.
Determines whether the authorization has any of the specified roles.
Syntax public bool HasAnyRole ( System . Collections . Generic . IEnumerable < string > requiredRoles )
Parameters Name Type Description requiredRolesSystem.Collections.Generic.IEnumerable<string>The roles to check for.
Returns Type: bool
true if any of the required roles are present; otherwise, false.
Exceptions Exception Description ArgumentNullExceptionThrown when requiredRoles is null.
Determines whether the authorization has any of the specified scopes.
Syntax public bool HasAnyScope ( System . Collections . Generic . IEnumerable < string > requiredScopes )
Parameters Name Type Description requiredScopesSystem.Collections.Generic.IEnumerable<string>The scopes to check for.
Returns Type: bool
true if any of the required scopes are present; otherwise, false.
Exceptions Exception Description ArgumentNullExceptionThrown when requiredScopes is null.
Determines whether the authorization is expired.
Syntax Returns Type: bool
true if the authorization is expired; otherwise, false.
Inherited Syntax protected internal object MemberwiseClone ()
Returns Type: object
Inherited Syntax public static bool ReferenceEquals ( object objA , object objB )
Parameters Name Type Description objAobject?- objBobject?-
Returns Type: bool
Adds or updates a custom attribute.
Syntax public void SetCustomAttribute ( string key , string value )
Parameters Name Type Description keystringThe attribute key. valuestringThe attribute value.
Exceptions Exception Description ArgumentExceptionThrown when key is null or whitespace.
Override Returns a string representation of the authorization metadata.
Syntax public override string ToString ()
Returns Type: string
A summary of the authorization metadata.
Inherited Virtual Syntax public virtual string ToString ()
Returns Type: string? 
