Skip to main content

Definition

Assembly: Microsoft.OData.Mcp.Authentication.dll Namespace: Microsoft.OData.Mcp.Authentication.Models Inheritance: System.Object

Syntax

Microsoft.OData.Mcp.Authentication.Models.DelegatedToken

Summary

Represents a token that has been delegated for use with a downstream service.

Remarks

This class encapsulates the result of token delegation operations, including the delegated token itself, its metadata, and information about how it was obtained.

Constructors

.ctor

Initializes a new instance of the DelegatedToken class.

Syntax

public DelegatedToken()

.ctor

Initializes a new instance of the DelegatedToken class with the specified access token and target service.

Syntax

public DelegatedToken(string accessToken, string targetServiceId)

Parameters

NameTypeDescription
accessTokenstringThe delegated access token.
targetServiceIdstringThe target service identifier.

Exceptions

ExceptionDescription
ArgumentExceptionThrown when accessToken or targetServiceId is null or whitespace.

.ctor Inherited

Inherited from object

Syntax

public Object()

Properties

AccessToken

Gets or sets the delegated access token.

Syntax

public required string AccessToken { get; set; }

Property Value

Type: string The access token that can be used to authenticate with the target service.

Remarks

This token should be included in the Authorization header when making requests to the target service. The format is typically “Bearer ”.

CanRefresh

Gets or sets a value indicating whether this token can be refreshed.

Syntax

public bool CanRefresh { get; }

Property Value

Type: bool true if the token can be refreshed; otherwise, false.

Remarks

This is determined by whether a refresh token is available and the delegation strategy supports refresh operations.

DelegationStrategy

Gets or sets the delegation strategy used to obtain this token.

Syntax

public Microsoft.OData.Mcp.Authentication.Models.TokenForwardingStrategy DelegationStrategy { get; set; }

Property Value

Type: Microsoft.OData.Mcp.Authentication.Models.TokenForwardingStrategy The strategy that was used for token delegation.

Remarks

This information can be useful for debugging, auditing, and determining what operations are possible with the token (e.g., refresh capabilities).

ExpiresAt

Gets or sets the token expiration time.

Syntax

public System.Nullable<System.DateTime> ExpiresAt { get; set; }

Property Value

Type: System.Nullable<System.DateTime> The UTC date and time when the token expires.

Remarks

After this time, the token will no longer be valid for authentication. If a refresh token is available, it can be used to obtain a new access token.

IsExpired

Gets a value indicating whether this token is expired.

Syntax

public bool IsExpired { get; }

Property Value

Type: bool true if the token is expired; otherwise, false.

IssuedAt

Gets or sets the time when the token was issued.

Syntax

public System.DateTime IssuedAt { get; set; }

Property Value

Type: System.DateTime The UTC date and time when the token was issued.

Remarks

This timestamp indicates when the token delegation operation completed successfully and the token became available for use.

Metadata

Gets or sets additional metadata about the token delegation.

Syntax

public System.Collections.Generic.Dictionary<string, object> Metadata { get; set; }

Property Value

Type: System.Collections.Generic.Dictionary<string, object> A dictionary of metadata key-value pairs.

Remarks

This can include information such as the delegation endpoint used, client credentials applied, or other context that might be useful for debugging or auditing.

OriginalToken

Gets or sets the original token that was used for delegation.

Syntax

public string OriginalToken { get; set; }

Property Value

Type: string? The user’s original token that was delegated.

Remarks

This is stored for auditing purposes and potential token refresh operations. It should be handled securely and not logged or exposed unnecessarily.

RefreshToken

Gets or sets the refresh token, if available.

Syntax

public string RefreshToken { get; set; }

Property Value

Type: string? The refresh token that can be used to obtain new access tokens.

Remarks

Refresh tokens allow obtaining new access tokens without requiring user re-authentication. Not all delegation scenarios provide refresh tokens.

RemainingLifetime

Gets the remaining lifetime of the token.

Syntax

public System.Nullable<System.TimeSpan> RemainingLifetime { get; }

Property Value

Type: System.Nullable<System.TimeSpan> The time remaining before the token expires, or null if no expiration is set.

Scopes

Gets or sets the scopes granted for this token.

Syntax

public System.Collections.Generic.List<string> Scopes { get; set; }

Property Value

Type: System.Collections.Generic.List<string> A collection of OAuth2 scopes that define what the token can access.

Remarks

These scopes may be a subset of the originally requested scopes, depending on what the authorization server granted for the target service.

TargetAudience

Gets or sets the target audience for the token.

Syntax

public string TargetAudience { get; set; }

Property Value

Type: string? The audience claim for which the token was issued.

Remarks

This is the intended recipient of the token and should match the target service’s expected audience value.

TargetServiceId

Gets or sets the target service identifier.

Syntax

public required string TargetServiceId { get; set; }

Property Value

Type: string The identifier of the service this token is intended for.

Remarks

This identifies which service configuration was used to obtain the token and can be used for routing and caching decisions.

TokenType

Gets or sets the type of the token.

Syntax

public string TokenType { get; set; }

Property Value

Type: string The token type (e.g., “Bearer”, “JWT”).

Remarks

This indicates how the token should be used in HTTP requests. Most OAuth2 implementations use “Bearer” tokens.

Methods

AddMetadata

Adds metadata to the delegated token.

Syntax

public void AddMetadata(string key, object value)

Parameters

NameTypeDescription
keystringThe metadata key.
valueobjectThe metadata value.

Exceptions

ExceptionDescription
ArgumentExceptionThrown when key is null or whitespace.

CreateFromExchange

Creates a delegated token from a token exchange result.

Syntax

public static Microsoft.OData.Mcp.Authentication.Models.DelegatedToken CreateFromExchange(string exchangedToken, string targetServiceId, string originalToken = null)

Parameters

NameTypeDescription
exchangedTokenstringThe token received from the exchange.
targetServiceIdstringThe target service identifier.
originalTokenstring?The original token that was exchanged.

Returns

Type: Microsoft.OData.Mcp.Authentication.Models.DelegatedToken A delegated token configured for token exchange.

Exceptions

ExceptionDescription
ArgumentExceptionThrown when exchangedToken or targetServiceId is null or whitespace.

CreateFromOnBehalfOf

Creates a delegated token from an on-behalf-of flow result.

Syntax

public static Microsoft.OData.Mcp.Authentication.Models.DelegatedToken CreateFromOnBehalfOf(string onBehalfOfToken, string targetServiceId, string originalToken = null)

Parameters

NameTypeDescription
onBehalfOfTokenstringThe token received from the on-behalf-of flow.
targetServiceIdstringThe target service identifier.
originalTokenstring?The original token used for the on-behalf-of flow.

Returns

Type: Microsoft.OData.Mcp.Authentication.Models.DelegatedToken A delegated token configured for on-behalf-of flow.

Exceptions

ExceptionDescription
ArgumentExceptionThrown when onBehalfOfToken or targetServiceId is null or whitespace.

CreatePassThrough

Creates a delegated token for pass-through scenarios.

Syntax

public static Microsoft.OData.Mcp.Authentication.Models.DelegatedToken CreatePassThrough(string originalToken, string targetServiceId)

Parameters

NameTypeDescription
originalTokenstringThe original token to pass through.
targetServiceIdstringThe target service identifier.

Returns

Type: Microsoft.OData.Mcp.Authentication.Models.DelegatedToken A delegated token configured for pass-through.

Exceptions

ExceptionDescription
ArgumentExceptionThrown when originalToken or targetServiceId is null or whitespace.

Equals Inherited Virtual

Inherited from object

Syntax

public virtual bool Equals(object obj)

Parameters

NameTypeDescription
objobject?-

Returns

Type: bool

Equals Inherited

Inherited from object

Syntax

public static bool Equals(object objA, object objB)

Parameters

NameTypeDescription
objAobject?-
objBobject?-

Returns

Type: bool

GetAuthorizationHeaderValue

Gets the authorization header value for HTTP requests.

Syntax

public string GetAuthorizationHeaderValue()

Returns

Type: string The complete authorization header value (e.g., “Bearer ”).

GetHashCode Inherited Virtual

Inherited from object

Syntax

public virtual int GetHashCode()

Returns

Type: int

GetMetadata

Gets metadata value by key.

Syntax

public T GetMetadata<T>(string key)

Parameters

NameTypeDescription
keystringThe metadata key.

Returns

Type: T? The metadata value if found and of the correct type; otherwise, the default value.

Type Parameters

  • T - The type of the metadata value.

GetType Inherited

Inherited from object

Syntax

public System.Type GetType()

Returns

Type: System.Type

MemberwiseClone Inherited

Inherited from object

Syntax

protected internal object MemberwiseClone()

Returns

Type: object

ReferenceEquals Inherited

Inherited from object

Syntax

public static bool ReferenceEquals(object objA, object objB)

Parameters

NameTypeDescription
objAobject?-
objBobject?-

Returns

Type: bool

ShouldRefresh

Determines whether the token should be refreshed based on its expiration time.

Syntax

public bool ShouldRefresh(System.TimeSpan refreshThreshold)

Parameters

NameTypeDescription
refreshThresholdSystem.TimeSpanThe time before expiration when refresh should be considered.

Returns

Type: bool true if the token should be refreshed; otherwise, false.

ToString Override

Returns a string representation of the delegated token.

Syntax

public override string ToString()

Returns

Type: string A summary of the delegated token.

ToString Inherited Virtual

Inherited from object

Syntax

public virtual string ToString()

Returns

Type: string?

WithUpdatedToken

Creates a copy of the delegated token with updated values.

Syntax

public Microsoft.OData.Mcp.Authentication.Models.DelegatedToken WithUpdatedToken(string newAccessToken, System.Nullable<System.DateTime> newExpiresAt = null, string newRefreshToken = null)

Parameters

NameTypeDescription
newAccessTokenstringThe new access token value.
newExpiresAtSystem.Nullable<System.DateTime>The new expiration time.
newRefreshTokenstring?The new refresh token.

Returns

Type: Microsoft.OData.Mcp.Authentication.Models.DelegatedToken A new delegated token instance with updated values.