Definition
Assembly: Microsoft.OData.Mcp.Authentication.dll Namespace: Microsoft.OData.Mcp.Authentication.Models Inheritance: System.ObjectSyntax
Summary
Represents authorization metadata extracted from a JWT token for use in downstream services.Remarks
This class contains the authorization information needed to make decisions about what operations a user can perform and what data they can access. It’s designed to be lightweight and serializable for caching and delegation scenarios.Constructors
.ctor
Initializes a new instance of the AuthorizationMetadata class.Syntax
.ctor
Initializes a new instance of the AuthorizationMetadata class with the specified subject.Syntax
Parameters
| Name | Type | Description |
|---|---|---|
subject | string | The user’s subject identifier. |
Exceptions
| Exception | Description |
|---|---|
ArgumentException | Thrown when subject is null or whitespace. |
.ctor Inherited
Inherited from
objectSyntax
Properties
Audience
Gets or sets the token audience.Syntax
Property Value
Type:string?
The audience identifier from the JWT token.
Remarks
This identifies the intended recipient of the token and should match the service’s expected audience value.ClientId
Gets or sets the client application identifier.Syntax
Property Value
Type:string?
The identifier of the client application.
Remarks
This identifies which application the user is accessing the system through, which can affect authorization decisions and audit trails.ContextId
Gets or sets the authorization context identifier.Syntax
Property Value
Type:string?
A unique identifier for this authorization context.
Remarks
This can be used to correlate authorization decisions across multiple services and audit logs.CustomAttributes
Gets or sets custom authorization attributes.Syntax
Property Value
Type:System.Collections.Generic.Dictionary<string, string>
A dictionary of custom attributes that affect authorization decisions.
Remarks
These attributes can contain business-specific authorization data such as department, cost center, or data classification levels.ExpiresAt
Gets or sets the token expiration time.Syntax
Property Value
Type:System.Nullable<System.DateTime>
The UTC date and time when the token expires.
Remarks
This is used to determine if the authorization is still valid and when refresh might be needed.IssuedAt
Gets or sets the token issued time.Syntax
Property Value
Type:System.Nullable<System.DateTime>
The UTC date and time when the token was issued.
Remarks
This timestamp can be used for auditing and determining the age of the authorization grant.Issuer
Gets or sets the token issuer.Syntax
Property Value
Type:string?
The issuer identifier from the JWT token.
Remarks
This identifies which authorization server issued the token, which is important for trust and validation decisions.Roles
Gets or sets the user’s roles.Syntax
Property Value
Type:System.Collections.Generic.List<string>
A collection of roles assigned to the user.
Remarks
Roles provide a higher-level abstraction over permissions and can be used for role-based access control (RBAC) scenarios.Scopes
Gets or sets the OAuth2 scopes granted to the user.Syntax
Property Value
Type:System.Collections.Generic.List<string>
A collection of scopes that define the user’s permissions.
Remarks
These scopes determine what operations the user is authorized to perform. They are used for fine-grained authorization decisions throughout the system.SessionId
Gets or sets the session identifier.Syntax
Property Value
Type:string?
The identifier of the user’s authentication session.
Remarks
This links the authorization to a specific user session and can be used for session management and security monitoring.Subject
Gets or sets the user’s unique identifier.Syntax
Property Value
Type:string
The subject identifier from the JWT token.
Remarks
This uniquely identifies the user across all systems and is used for auditing, logging, and data access control.TenantId
Gets or sets the tenant identifier for multi-tenant scenarios.Syntax
Property Value
Type:string?
The identifier of the tenant the user belongs to.
Remarks
This is used to isolate data and operations between different organizational units or customers in multi-tenant deployments.Methods
Clone
Creates a copy of the authorization metadata.Syntax
Returns
Type:Microsoft.OData.Mcp.Authentication.Models.AuthorizationMetadata
A new instance with the same values as the current instance.
Equals Inherited Virtual
Inherited from
objectSyntax
Parameters
| Name | Type | Description |
|---|---|---|
obj | object? | - |
Returns
Type:bool
Equals Inherited
Inherited from
objectSyntax
Parameters
| Name | Type | Description |
|---|---|---|
objA | object? | - |
objB | object? | - |
Returns
Type:bool
FromUserContext
Creates authorization metadata from a user context.Syntax
Parameters
| Name | Type | Description |
|---|---|---|
userContext | Microsoft.OData.Mcp.Authentication.Models.UserContext | The user context to extract metadata from. |
Returns
Type:Microsoft.OData.Mcp.Authentication.Models.AuthorizationMetadata
Authorization metadata populated with information from the user context.
Exceptions
| Exception | Description |
|---|---|
ArgumentNullException | Thrown when userContext is null. |
GetCustomAttribute
Gets a custom attribute value by key.Syntax
Parameters
| Name | Type | Description |
|---|---|---|
key | string | The attribute key. |
Returns
Type:string?
The attribute value if found; otherwise, null.
GetHashCode Inherited Virtual
Inherited from
objectSyntax
Returns
Type:int
GetRemainingLifetime
Gets the remaining time before the authorization expires.Syntax
Returns
Type:System.Nullable<System.TimeSpan>
The remaining time before expiration, or null if no expiration is set.
GetType Inherited
Inherited from
objectSyntax
Returns
Type:System.Type
HasAllScopes
Determines whether the authorization has all of the specified scopes.Syntax
Parameters
| Name | Type | Description |
|---|---|---|
requiredScopes | System.Collections.Generic.IEnumerable<string> | The scopes to check for. |
Returns
Type:bool
true if all required scopes are present; otherwise, false.
Exceptions
| Exception | Description |
|---|---|
ArgumentNullException | Thrown when requiredScopes is null. |
HasAnyRole
Determines whether the authorization has any of the specified roles.Syntax
Parameters
| Name | Type | Description |
|---|---|---|
requiredRoles | System.Collections.Generic.IEnumerable<string> | The roles to check for. |
Returns
Type:bool
true if any of the required roles are present; otherwise, false.
Exceptions
| Exception | Description |
|---|---|
ArgumentNullException | Thrown when requiredRoles is null. |
HasAnyScope
Determines whether the authorization has any of the specified scopes.Syntax
Parameters
| Name | Type | Description |
|---|---|---|
requiredScopes | System.Collections.Generic.IEnumerable<string> | The scopes to check for. |
Returns
Type:bool
true if any of the required scopes are present; otherwise, false.
Exceptions
| Exception | Description |
|---|---|
ArgumentNullException | Thrown when requiredScopes is null. |
IsExpired
Determines whether the authorization is expired.Syntax
Returns
Type:bool
true if the authorization is expired; otherwise, false.
MemberwiseClone Inherited
Inherited from
objectSyntax
Returns
Type:object
ReferenceEquals Inherited
Inherited from
objectSyntax
Parameters
| Name | Type | Description |
|---|---|---|
objA | object? | - |
objB | object? | - |
Returns
Type:bool
SetCustomAttribute
Adds or updates a custom attribute.Syntax
Parameters
| Name | Type | Description |
|---|---|---|
key | string | The attribute key. |
value | string | The attribute value. |
Exceptions
| Exception | Description |
|---|---|
ArgumentException | Thrown when key is null or whitespace. |
ToString Override
Returns a string representation of the authorization metadata.Syntax
Returns
Type:string
A summary of the authorization metadata.
ToString Inherited Virtual
Inherited from
objectSyntax
Returns
Type:string?