Skip to main content

Definition

Assembly: Microsoft.OData.Mcp.Authentication.dll Namespace: Microsoft.OData.Mcp.Authentication.Models Inheritance: System.Object

Syntax

Microsoft.OData.Mcp.Authentication.Models.UserContext

Summary

Represents the user context extracted from an authenticated request.

Remarks

This class encapsulates the user’s identity, authorization information, and other context data needed for processing MCP requests on behalf of the user.

Constructors

.ctor

Initializes a new instance of the UserContext class.

Syntax

public UserContext()

.ctor

Initializes a new instance of the UserContext class with the specified user ID.

Syntax

public UserContext(string userId)

Parameters

NameTypeDescription
userIdstringThe user’s unique identifier.

Exceptions

ExceptionDescription
ArgumentExceptionThrown when userId is null or whitespace.

.ctor Inherited

Inherited from object

Syntax

public Object()

Properties

AdditionalClaims

Gets or sets additional user claims.

Syntax

public System.Collections.Generic.Dictionary<string, string> AdditionalClaims { get; set; }

Property Value

Type: System.Collections.Generic.Dictionary<string, string> A dictionary of additional claims extracted from the token.

Remarks

This contains any custom claims that are not covered by the standard properties but may be needed for authorization or business logic.

Audience

Gets or sets the audience for which the token was issued.

Syntax

public string Audience { get; set; }

Property Value

Type: string? The audience identifier from the JWT token.

Remarks

This identifies the intended recipient of the token, which should match the MCP server’s configuration.

AuthenticatedAt

Gets or sets the time when the user was authenticated.

Syntax

public System.DateTime AuthenticatedAt { get; set; }

Property Value

Type: System.DateTime? The UTC date and time when authentication occurred.

Remarks

This timestamp is used for session management, auditing, and security analysis.

AuthenticationMethod

Gets or sets the authentication method used.

Syntax

public string AuthenticationMethod { get; set; }

Property Value

Type: string? The method used to authenticate the user (e.g., “Bearer”, “JWT”).

Remarks

This indicates how the user was authenticated, which can be useful for security auditing and compliance reporting.

ClientId

Gets or sets the client application identifier.

Syntax

public string ClientId { get; set; }

Property Value

Type: string? The identifier of the client application that initiated the request.

Remarks

This identifies which application the user is accessing the MCP server through, which can be useful for auditing and access control.

DisplayName

Gets or sets the user’s display name.

Syntax

public string DisplayName { get; set; }

Property Value

Type: string? The display name or username of the authenticated user.

Remarks

This is typically extracted from claims like ‘name’, ‘preferred_username’, or ‘upn’ and is used for display purposes in logs and audit trails.

Email

Gets or sets the user’s email address.

Syntax

public string Email { get; set; }

Property Value

Type: string? The email address of the authenticated user.

Remarks

This is typically extracted from the ‘email’ claim and can be used for notifications or audit purposes.

Issuer

Gets or sets the issuer of the authentication token.

Syntax

public string Issuer { get; set; }

Property Value

Type: string? The issuer identifier from the JWT token.

Remarks

This identifies which authorization server issued the token, which is important for multi-provider scenarios and security auditing.

Roles

Gets or sets the user’s roles.

Syntax

public System.Collections.Generic.List<string> Roles { get; set; }

Property Value

Type: System.Collections.Generic.List<string> A collection of roles assigned to the user.

Remarks

Roles provide a higher-level grouping of permissions and are typically extracted from ‘roles’ or similar claims in the token.

Scopes

Gets or sets the OAuth2 scopes granted to the user.

Syntax

public System.Collections.Generic.List<string> Scopes { get; set; }

Property Value

Type: System.Collections.Generic.List<string> A collection of OAuth2 scopes that define the user’s permissions.

Remarks

These scopes are extracted from the token and determine what operations the user is authorized to perform through the MCP server.

TenantId

Gets or sets the tenant identifier for multi-tenant scenarios.

Syntax

public string TenantId { get; set; }

Property Value

Type: string? The identifier of the tenant the user belongs to.

Remarks

This is used in multi-tenant deployments to isolate data and operations between different organizational units or customers.

Token

Gets or sets the original JWT token.

Syntax

public string Token { get; set; }

Property Value

Type: string? The raw JWT token that was used for authentication.

Remarks

This token can be forwarded to downstream services for delegation scenarios while maintaining the user’s identity.

TokenExpiresAt

Gets or sets the token expiration time.

Syntax

public System.Nullable<System.DateTime> TokenExpiresAt { get; set; }

Property Value

Type: System.Nullable<System.DateTime?>? The UTC date and time when the token expires.

Remarks

This is used to determine when the user’s session will expire and when token refresh might be needed.

UserId

Gets or sets the user’s unique identifier.

Syntax

public required string UserId { get; set; }

Property Value

Type: string The unique identifier for the authenticated user.

Remarks

This is typically extracted from the ‘sub’ (subject) claim in the JWT token and uniquely identifies the user across the system.

Methods

Equals Inherited Virtual

Inherited from object

Syntax

public virtual bool Equals(object obj)

Parameters

NameTypeDescription
objobject?-

Returns

Type: bool

Equals Inherited

Inherited from object

Syntax

public static bool Equals(object objA, object objB)

Parameters

NameTypeDescription
objAobject?-
objBobject?-

Returns

Type: bool

FromClaimsPrincipal

Creates a user context from a claims principal.

Syntax

public static Microsoft.OData.Mcp.Authentication.Models.UserContext FromClaimsPrincipal(System.Security.Claims.ClaimsPrincipal principal, string token = null)

Parameters

NameTypeDescription
principalSystem.Security.Claims.ClaimsPrincipalThe claims principal to extract user context from.
tokenstring?The original JWT token (optional).

Returns

Type: Microsoft.OData.Mcp.Authentication.Models.UserContext A user context populated with information from the claims principal.

Exceptions

ExceptionDescription
ArgumentNullExceptionThrown when principal is null.
InvalidOperationExceptionThrown when the principal does not contain a subject claim.

GetAdditionalClaim

Gets an additional claim value by type.

Syntax

public string GetAdditionalClaim(string claimType)

Parameters

NameTypeDescription
claimTypestringThe claim type to retrieve.

Returns

Type: string? The claim value if found; otherwise, null.

GetHashCode Inherited Virtual

Inherited from object

Syntax

public virtual int GetHashCode()

Returns

Type: int

GetRemainingTokenLifetime

Gets the remaining time before the token expires.

Syntax

public System.Nullable<System.TimeSpan> GetRemainingTokenLifetime()

Returns

Type: System.Nullable<System.TimeSpan?>? The remaining time before token expiration, or null if no expiration is set.

GetType Inherited

Inherited from object

Syntax

public System.Type GetType()

Returns

Type: System.Type

HasAllScopes

Determines whether the user has all of the specified scopes.

Syntax

public bool HasAllScopes(System.Collections.Generic.IEnumerable<string> requiredScopes)

Parameters

NameTypeDescription
requiredScopesSystem.Collections.Generic.IEnumerable<string>The scopes to check for.

Returns

Type: bool true if the user has all of the required scopes; otherwise, false.

Exceptions

ExceptionDescription
ArgumentNullExceptionThrown when requiredScopes is null.

HasAnyRole

Determines whether the user has any of the specified roles.

Syntax

public bool HasAnyRole(System.Collections.Generic.IEnumerable<string> requiredRoles)

Parameters

NameTypeDescription
requiredRolesSystem.Collections.Generic.IEnumerable<string>The roles to check for.

Returns

Type: bool true if the user has at least one of the required roles; otherwise, false.

Exceptions

ExceptionDescription
ArgumentNullExceptionThrown when requiredRoles is null.

HasAnyScope

Determines whether the user has any of the specified scopes.

Syntax

public bool HasAnyScope(System.Collections.Generic.IEnumerable<string> requiredScopes)

Parameters

NameTypeDescription
requiredScopesSystem.Collections.Generic.IEnumerable<string>The scopes to check for.

Returns

Type: bool true if the user has at least one of the required scopes; otherwise, false.

Exceptions

ExceptionDescription
ArgumentNullExceptionThrown when requiredScopes is null.

IsTokenExpired

Determines whether the user’s token is expired.

Syntax

public bool IsTokenExpired()

Returns

Type: bool true if the token is expired; otherwise, false.

MemberwiseClone Inherited

Inherited from object

Syntax

protected internal object MemberwiseClone()

Returns

Type: object

ReferenceEquals Inherited

Inherited from object

Syntax

public static bool ReferenceEquals(object objA, object objB)

Parameters

NameTypeDescription
objAobject?-
objBobject?-

Returns

Type: bool

ToString Override

Returns a string representation of the user context.

Syntax

public override string ToString()

Returns

Type: string A summary of the user context.

ToString Inherited Virtual

Inherited from object

Syntax

public virtual string ToString()

Returns

Type: string?