Documentation Index Fetch the complete documentation index at: https://easyaf.dev/llms.txt
Use this file to discover all available pages before exploring further.
Definition Assembly: Microsoft.OData.Mcp.Authentication.dllNamespace: Microsoft.OData.Mcp.Authentication.ModelsInheritance: System.ObjectSyntax Microsoft . OData . Mcp . Authentication . Models . DelegatedToken
Summary Represents a token that has been delegated for use with a downstream service.
This class encapsulates the result of token delegation operations, including
the delegated token itself, its metadata, and information about how it was obtained.
Constructors Initializes a new instance of the DelegatedToken class.
Syntax Initializes a new instance of the DelegatedToken class with the specified access token and target service.
Syntax public DelegatedToken ( string accessToken , string targetServiceId )
Parameters Name Type Description accessTokenstringThe delegated access token. targetServiceIdstringThe target service identifier.
Exceptions Exception Description ArgumentExceptionThrown when accessToken or targetServiceId is null or whitespace.
Inherited Syntax Properties Gets or sets the delegated access token.
Syntax public required string AccessToken { get ; set ; }
Property Value Type: string
The access token that can be used to authenticate with the target service.
This token should be included in the Authorization header when making requests
to the target service. The format is typically “Bearer ”.
Gets or sets a value indicating whether this token can be refreshed.
Syntax public bool CanRefresh { get ; }
Property Value Type: bool
true if the token can be refreshed; otherwise, false.
This is determined by whether a refresh token is available and the
delegation strategy supports refresh operations.
Gets or sets the delegation strategy used to obtain this token.
Syntax public Microsoft . OData . Mcp . Authentication . Models . TokenForwardingStrategy DelegationStrategy { get ; set ; }
Property Value Type: Microsoft.OData.Mcp.Authentication.Models.TokenForwardingStrategy
The strategy that was used for token delegation.
This information can be useful for debugging, auditing, and determining
what operations are possible with the token (e.g., refresh capabilities).
Gets or sets the token expiration time.
Syntax public System . Nullable < System . DateTime > ExpiresAt { get ; set ; }
Property Value Type: System.Nullable<System.DateTime>
The UTC date and time when the token expires.
After this time, the token will no longer be valid for authentication.
If a refresh token is available, it can be used to obtain a new access token.
Gets a value indicating whether this token is expired.
Syntax public bool IsExpired { get ; }
Property Value Type: bool
true if the token is expired; otherwise, false.
Gets or sets the time when the token was issued.
Syntax public System . DateTime IssuedAt { get ; set ; }
Property Value Type: System.DateTime
The UTC date and time when the token was issued.
This timestamp indicates when the token delegation operation completed
successfully and the token became available for use.
Gets or sets additional metadata about the token delegation.
Syntax public System . Collections . Generic . Dictionary < string , object > Metadata { get ; set ; }
Property Value Type: System.Collections.Generic.Dictionary<string, object>
A dictionary of metadata key-value pairs.
This can include information such as the delegation endpoint used,
client credentials applied, or other context that might be useful
for debugging or auditing.
Gets or sets the original token that was used for delegation.
Syntax public string OriginalToken { get ; set ; }
Property Value Type: string?
The user’s original token that was delegated.
This is stored for auditing purposes and potential token refresh operations.
It should be handled securely and not logged or exposed unnecessarily.
Gets or sets the refresh token, if available.
Syntax public string RefreshToken { get ; set ; }
Property Value Type: string?
The refresh token that can be used to obtain new access tokens.
Refresh tokens allow obtaining new access tokens without requiring user
re-authentication. Not all delegation scenarios provide refresh tokens.
Gets the remaining lifetime of the token.
Syntax public System . Nullable < System . TimeSpan > RemainingLifetime { get ; }
Property Value Type: System.Nullable<System.TimeSpan>
The time remaining before the token expires, or null if no expiration is set.
Gets or sets the scopes granted for this token.
Syntax public System . Collections . Generic . List < string > Scopes { get ; set ; }
Property Value Type: System.Collections.Generic.List<string>
A collection of OAuth2 scopes that define what the token can access.
These scopes may be a subset of the originally requested scopes, depending
on what the authorization server granted for the target service.
Gets or sets the target audience for the token.
Syntax public string TargetAudience { get ; set ; }
Property Value Type: string?
The audience claim for which the token was issued.
This is the intended recipient of the token and should match the
target service’s expected audience value.
Gets or sets the target service identifier.
Syntax public required string TargetServiceId { get ; set ; }
Property Value Type: string
The identifier of the service this token is intended for.
This identifies which service configuration was used to obtain the token
and can be used for routing and caching decisions.
Gets or sets the type of the token.
Syntax public string TokenType { get ; set ; }
Property Value Type: string
The token type (e.g., “Bearer”, “JWT”).
This indicates how the token should be used in HTTP requests. Most OAuth2
implementations use “Bearer” tokens.
Methods Adds metadata to the delegated token.
Syntax public void AddMetadata ( string key , object value )
Parameters Name Type Description keystringThe metadata key. valueobjectThe metadata value.
Exceptions Exception Description ArgumentExceptionThrown when key is null or whitespace.
Creates a delegated token from a token exchange result.
Syntax public static Microsoft . OData . Mcp . Authentication . Models . DelegatedToken CreateFromExchange ( string exchangedToken , string targetServiceId , string originalToken = null )
Parameters Name Type Description exchangedTokenstringThe token received from the exchange. targetServiceIdstringThe target service identifier. originalTokenstring?The original token that was exchanged.
Returns Type: Microsoft.OData.Mcp.Authentication.Models.DelegatedToken
A delegated token configured for token exchange.
Exceptions Exception Description ArgumentExceptionThrown when exchangedToken or targetServiceId is null or whitespace.
Creates a delegated token from an on-behalf-of flow result.
Syntax public static Microsoft . OData . Mcp . Authentication . Models . DelegatedToken CreateFromOnBehalfOf ( string onBehalfOfToken , string targetServiceId , string originalToken = null )
Parameters Name Type Description onBehalfOfTokenstringThe token received from the on-behalf-of flow. targetServiceIdstringThe target service identifier. originalTokenstring?The original token used for the on-behalf-of flow.
Returns Type: Microsoft.OData.Mcp.Authentication.Models.DelegatedToken
A delegated token configured for on-behalf-of flow.
Exceptions Exception Description ArgumentExceptionThrown when onBehalfOfToken or targetServiceId is null or whitespace.
Creates a delegated token for pass-through scenarios.
Syntax public static Microsoft . OData . Mcp . Authentication . Models . DelegatedToken CreatePassThrough ( string originalToken , string targetServiceId )
Parameters Name Type Description originalTokenstringThe original token to pass through. targetServiceIdstringThe target service identifier.
Returns Type: Microsoft.OData.Mcp.Authentication.Models.DelegatedToken
A delegated token configured for pass-through.
Exceptions Exception Description ArgumentExceptionThrown when originalToken or targetServiceId is null or whitespace.
Inherited Virtual Syntax public virtual bool Equals ( object obj )
Parameters Name Type Description objobject?-
Returns Type: bool
Inherited Syntax public static bool Equals ( object objA , object objB )
Parameters Name Type Description objAobject?- objBobject?-
Returns Type: bool
Gets the authorization header value for HTTP requests.
Syntax public string GetAuthorizationHeaderValue ()
Returns Type: string
The complete authorization header value (e.g., “Bearer ”).
Inherited Virtual Syntax public virtual int GetHashCode ()
Returns Type: int
Gets metadata value by key.
Syntax public T GetMetadata < T >( string key )
Parameters Name Type Description keystringThe metadata key.
Returns Type: T?
The metadata value if found and of the correct type; otherwise, the default value.
Type Parameters
T - The type of the metadata value.
Inherited Syntax public System . Type GetType ()
Returns Type: System.Type
Inherited Syntax protected internal object MemberwiseClone ()
Returns Type: object
Inherited Syntax public static bool ReferenceEquals ( object objA , object objB )
Parameters Name Type Description objAobject?- objBobject?-
Returns Type: bool
Determines whether the token should be refreshed based on its expiration time.
Syntax public bool ShouldRefresh ( System . TimeSpan refreshThreshold )
Parameters Name Type Description refreshThresholdSystem.TimeSpanThe time before expiration when refresh should be considered.
Returns Type: bool
true if the token should be refreshed; otherwise, false.
Override Returns a string representation of the delegated token.
Syntax public override string ToString ()
Returns Type: string
A summary of the delegated token.
Inherited Virtual Syntax public virtual string ToString ()
Returns Type: string?
Creates a copy of the delegated token with updated values.
Syntax public Microsoft . OData . Mcp . Authentication . Models . DelegatedToken WithUpdatedToken ( string newAccessToken , System . Nullable < System . DateTime > newExpiresAt = null , string newRefreshToken = null )
Parameters Name Type Description newAccessTokenstringThe new access token value. newExpiresAtSystem.Nullable<System.DateTime>The new expiration time. newRefreshTokenstring?The new refresh token.
Returns Type: Microsoft.OData.Mcp.Authentication.Models.DelegatedToken
A new delegated token instance with updated values. 
