Definition
Assembly: Microsoft.OData.Mcp.Authentication.dll Namespace: Microsoft.OData.Mcp.Authentication.Models Inheritance: System.ObjectSyntax
Summary
Configuration options for token delegation to downstream services.Remarks
These options control how authentication tokens are forwarded from the MCP server to downstream OData services and other dependencies. Token delegation preserves the user’s identity throughout the request chain.Constructors
.ctor
Initializes a new instance of the TokenDelegationOptions class.Syntax
.ctor Inherited
Inherited from
objectSyntax
Properties
CacheDuration
Gets or sets the cache duration for delegated tokens.Syntax
Property Value
Type:System.TimeSpan
The duration to cache delegated tokens.
Remarks
This duration should be shorter than the token’s actual lifetime to ensure cached tokens don’t expire unexpectedly. The cache automatically handles token refresh when possible.CacheTokens
Gets or sets a value indicating whether to cache delegated tokens.Syntax
Property Value
Type:bool
true if delegated tokens should be cached; otherwise, false.
Remarks
Caching delegated tokens can improve performance by avoiding repeated token exchange operations. Cached tokens are automatically refreshed before expiration.Enabled
Gets or sets a value indicating whether token delegation is enabled.Syntax
Property Value
Type:bool
true if token delegation is enabled; otherwise, false.
Remarks
When enabled, the MCP server will forward authentication tokens to downstream services. When disabled, the server may use alternative authentication methods for downstream calls, such as service-to-service authentication.RetryPolicy
Gets or sets the retry policy for failed token delegation operations.Syntax
Property Value
Type:Microsoft.OData.Mcp.Authentication.Models.RetryPolicyOptions
Configuration for retrying failed token operations.
Remarks
Retry policies help handle transient failures in token delegation, such as network issues or temporary service unavailability. They should be configured carefully to avoid overwhelming downstream services.Strategy
Gets or sets the token forwarding strategy.Syntax
Property Value
Type:Microsoft.OData.Mcp.Authentication.Models.TokenForwardingStrategy
The strategy for forwarding tokens to downstream services.
Remarks
Different strategies provide different levels of security and functionality:- PassThrough: Forward the original token as-is
- Exchange: Exchange the token for a new one scoped to the downstream service
- OnBehalfOf: Use OAuth2 on-behalf-of flow for token delegation
TargetServices
Gets or sets the target services for token delegation.Syntax
Property Value
Type:System.Collections.Generic.List<Microsoft.OData.Mcp.Authentication.Models.TargetServiceOptions>
A collection of service configurations for token forwarding.
Remarks
Each target service can have its own delegation configuration, including different forwarding strategies, scopes, and authentication parameters.Timeout
Gets or sets the timeout for token delegation operations.Syntax
Property Value
Type:System.TimeSpan
The timeout duration for token delegation operations.
Remarks
This timeout applies to operations like token exchange, on-behalf-of flows, and communication with token endpoints. Operations that exceed this timeout will be cancelled.TokenExchange
Gets or sets the token exchange options for services that support token exchange.Syntax
Property Value
Type:Microsoft.OData.Mcp.Authentication.Models.TokenExchangeOptions
Configuration for OAuth2 token exchange flows.
Remarks
Token exchange allows the MCP server to obtain tokens with different scopes or audiences for downstream services while maintaining the user’s identity.ValidateBeforeForwarding
Gets or sets a value indicating whether to validate delegated tokens before forwarding.Syntax
Property Value
Type:bool
true if delegated tokens should be validated; otherwise, false.
Remarks
Validating delegated tokens ensures they are properly formatted and not expired before forwarding them to downstream services. This can prevent downstream authentication failures but adds processing overhead.Methods
AddOrUpdateTargetService
Adds or updates target service options.Syntax
Parameters
| Name | Type | Description |
|---|---|---|
targetService | Microsoft.OData.Mcp.Authentication.Models.TargetServiceOptions | The target service options to add or update. |
Exceptions
| Exception | Description |
|---|---|
ArgumentNullException | Thrown when targetService is null. |
Equals Inherited Virtual
Inherited from
objectSyntax
Parameters
| Name | Type | Description |
|---|---|---|
obj | object? | - |
Returns
Type:bool
Equals Inherited
Inherited from
objectSyntax
Parameters
| Name | Type | Description |
|---|---|---|
objA | object? | - |
objB | object? | - |
Returns
Type:bool
GetHashCode Inherited Virtual
Inherited from
objectSyntax
Returns
Type:int
GetTargetService
Gets the target service options for a specific service identifier.Syntax
Parameters
| Name | Type | Description |
|---|---|---|
serviceId | string | The identifier of the target service. |
Returns
Type:Microsoft.OData.Mcp.Authentication.Models.TargetServiceOptions?
The target service options, or null if not found.
GetType Inherited
Inherited from
objectSyntax
Returns
Type:System.Type
MemberwiseClone Inherited
Inherited from
objectSyntax
Returns
Type:object
ReferenceEquals Inherited
Inherited from
objectSyntax
Parameters
| Name | Type | Description |
|---|---|---|
objA | object? | - |
objB | object? | - |
Returns
Type:bool
ToString Override
Returns a string representation of the token delegation options.Syntax
Returns
Type:string
A summary of the token delegation configuration.
ToString Inherited Virtual
Inherited from
objectSyntax
Returns
Type:string?
Validate
Validates the token delegation options for consistency and completeness.Syntax
Returns
Type:System.Collections.Generic.IEnumerable<string>
A collection of validation errors, or an empty collection if the options are valid.