> ## Documentation Index > Fetch the complete documentation index at: https://easyaf.dev/llms.txt > Use this file to discover all available pages before exploring further. # JwtBearerOptions > Configuration options for JWT bearer token validation. export function DocsBadge({text, variant = 'neutral'}) { const variantClasses = { success: 'mint-bg-green-500/10 mint-text-green-600 dark:mint-text-green-400 mint-border-green-500/20', neutral: 'mint-bg-slate-500/10 mint-text-slate-600 dark:mint-text-slate-400 mint-border-slate-500/20', info: 'mint-bg-blue-500/10 mint-text-blue-600 dark:mint-text-blue-400 mint-border-blue-500/20', warning: 'mint-bg-amber-500/10 mint-text-amber-600 dark:mint-text-amber-400 mint-border-amber-500/20', danger: 'mint-bg-red-500/10 mint-text-red-600 dark:mint-text-red-400 mint-border-red-500/20' }; const classes = variantClasses[variant] || variantClasses.neutral; return {text} ; } ## Definition **Assembly:** Microsoft.OData.Mcp.Authentication.dll **Namespace:** Microsoft.OData.Mcp.Authentication.Models **Inheritance:** System.Object ## Syntax ```csharp theme={"dark"} Microsoft.OData.Mcp.Authentication.Models.JwtBearerOptions ``` ## Summary Configuration options for JWT bearer token validation. ## Remarks These options control how JWT tokens are validated by the MCP server when acting as an OAuth2 resource server. They define the trust relationship with authorization servers and specify validation requirements. ## Constructors ### .ctor Initializes a new instance of the [JwtBearerOptions](/odata-mcp/api-reference/Microsoft/OData/Mcp/Authentication/Models/JwtBearerOptions) class. #### Syntax ```csharp theme={"dark"} public JwtBearerOptions() ``` ### .ctor Inherited from `object` #### Syntax ```csharp theme={"dark"} public Object() ``` ## Properties ### AdditionalValidationParameters Gets or sets additional token validation parameters. #### Syntax ```csharp theme={"dark"} public System.Collections.Generic.Dictionary AdditionalValidationParameters { get; set; } ``` #### Property Value Type: `System.Collections.Generic.Dictionary` A dictionary of custom validation parameters and their values. #### Remarks These parameters allow for custom token validation logic beyond the standard JWT validation. They can be used to enforce additional security requirements specific to the deployment environment. ### Audience Gets or sets the expected audience for JWT tokens. #### Syntax ```csharp theme={"dark"} public string Audience { get; set; } ``` #### Property Value Type: `string?` The audience claim value that must be present in valid tokens. #### Remarks The audience identifies this MCP server as a valid recipient for the token. Tokens without the correct audience claim will be rejected. This is typically the API identifier or base URL of the MCP server. ### Authority Gets or sets the authority URL of the OAuth2 authorization server. #### Syntax ```csharp theme={"dark"} public string Authority { get; set; } ``` #### Property Value Type: `string?` The base URL of the authorization server (e.g., "[https://login.microsoftonline.com/tenant-id](https://login.microsoftonline.com/tenant-id)"). #### Remarks This URL is used to discover the authorization server's metadata, including the JWKS endpoint for token validation keys. The authority must support OpenID Connect discovery. ### ClockSkew Gets or sets the clock skew tolerance for token validation. #### Syntax ```csharp theme={"dark"} public System.TimeSpan ClockSkew { get; set; } ``` #### Property Value Type: `System.TimeSpan?` The maximum allowed time difference between token and server clocks. #### Remarks Clock skew tolerance accounts for small time differences between the authorization server and MCP server clocks. This prevents valid tokens from being rejected due to minor time synchronization issues. ### Issuer Gets or sets the expected issuer for JWT tokens. #### Syntax ```csharp theme={"dark"} public string Issuer { get; set; } ``` #### Property Value Type: `string?` The issuer claim value that must be present in valid tokens. #### Remarks The issuer identifies the authorization server that issued the token. When specified, tokens from other issuers will be rejected. If not specified, the issuer will be derived from the Authority during metadata discovery. ### MetadataAddress Gets or sets the URL of the JWKS (JSON Web Key Set) endpoint. #### Syntax ```csharp theme={"dark"} public string MetadataAddress { get; set; } ``` #### Property Value Type: `string?` The URL where JWT signing keys can be retrieved. #### Remarks If not specified, the JWKS URL will be discovered from the authorization server's metadata. Manually specifying this can improve startup performance and provide more control over key retrieval. ### RequiredScopes Gets or sets the required OAuth2 scopes for accessing the MCP server. #### Syntax ```csharp theme={"dark"} public System.Collections.Generic.List RequiredScopes { get; set; } ``` #### Property Value Type: `System.Collections.Generic.List` A collection of scope names that must be present in valid tokens. #### Remarks When specified, tokens must contain at least one of these scopes to be considered valid. Scopes provide fine-grained authorization control beyond basic authentication. ### RequireHttpsMetadata Gets or sets a value indicating whether to require HTTPS for metadata retrieval. #### Syntax ```csharp theme={"dark"} public bool RequireHttpsMetadata { get; set; } ``` #### Property Value Type: `bool` `true` if HTTPS is required for metadata retrieval; otherwise, `false`. #### Remarks Requiring HTTPS for metadata retrieval ensures the integrity and confidentiality of validation keys and other security-critical information. This should be enabled in production environments. ### ValidateAudience Gets or sets a value indicating whether to validate the token audience. #### Syntax ```csharp theme={"dark"} public bool ValidateAudience { get; set; } ``` #### Property Value Type: `bool` `true` if the audience should be validated; otherwise, `false`. #### Remarks Audience validation ensures tokens are intended for this service. Disabling this validation allows tokens intended for other services, which may be a security risk. ### ValidateIssuer Gets or sets a value indicating whether to validate the token issuer. #### Syntax ```csharp theme={"dark"} public bool ValidateIssuer { get; set; } ``` #### Property Value Type: `bool` `true` if the issuer should be validated; otherwise, `false`. #### Remarks Issuer validation ensures tokens come from trusted authorization servers. Disabling this validation reduces security and should only be done in development scenarios. ### ValidateIssuerSigningKey Gets or sets a value indicating whether to validate the token signature. #### Syntax ```csharp theme={"dark"} public bool ValidateIssuerSigningKey { get; set; } ``` #### Property Value Type: `bool` `true` if the token signature should be validated; otherwise, `false`. #### Remarks Signature validation ensures tokens haven't been tampered with and come from trusted sources. Disabling this validation should never be done in production as it completely undermines token security. ### ValidateLifetime Gets or sets a value indicating whether to validate the token lifetime. #### Syntax ```csharp theme={"dark"} public bool ValidateLifetime { get; set; } ``` #### Property Value Type: `bool` `true` if the token lifetime should be validated; otherwise, `false`. #### Remarks Lifetime validation ensures tokens are not expired or used before their valid time period. Disabling this validation allows expired tokens, which is a significant security risk. ## Methods ### Equals Inherited from `object` #### Syntax ```csharp theme={"dark"} public virtual bool Equals(object obj) ``` #### Parameters | Name | Type | Description | | ----- | --------- | ----------- | | `obj` | `object?` | - | #### Returns Type: `bool` ### Equals Inherited from `object` #### Syntax ```csharp theme={"dark"} public static bool Equals(object objA, object objB) ``` #### Parameters | Name | Type | Description | | ------ | --------- | ----------- | | `objA` | `object?` | - | | `objB` | `object?` | - | #### Returns Type: `bool` ### GetHashCode Inherited from `object` #### Syntax ```csharp theme={"dark"} public virtual int GetHashCode() ``` #### Returns Type: `int` ### GetType Inherited from `object` #### Syntax ```csharp theme={"dark"} public System.Type GetType() ``` #### Returns Type: `System.Type` ### MemberwiseClone Inherited from `object` #### Syntax ```csharp theme={"dark"} protected internal object MemberwiseClone() ``` #### Returns Type: `object` ### ReferenceEquals Inherited from `object` #### Syntax ```csharp theme={"dark"} public static bool ReferenceEquals(object objA, object objB) ``` #### Parameters | Name | Type | Description | | ------ | --------- | ----------- | | `objA` | `object?` | - | | `objB` | `object?` | - | #### Returns Type: `bool` ### ToString Returns a string representation of the JWT bearer options. #### Syntax ```csharp theme={"dark"} public override string ToString() ``` #### Returns Type: `string` A summary of the JWT bearer configuration. ### ToString Inherited from `object` #### Syntax ```csharp theme={"dark"} public virtual string ToString() ``` #### Returns Type: `string?` ### Validate Validates the JWT bearer options for consistency and completeness. #### Syntax ```csharp theme={"dark"} public System.Collections.Generic.IEnumerable Validate() ``` #### Returns Type: `System.Collections.Generic.IEnumerable` A collection of validation errors, or an empty collection if the options are valid.