Documentation Index Fetch the complete documentation index at: https://easyaf.dev/llms.txt
Use this file to discover all available pages before exploring further.
Definition Assembly: Microsoft.OData.Mcp.Authentication.dllNamespace: Microsoft.OData.Mcp.Authentication.ModelsInheritance: System.ObjectSyntax Microsoft . OData . Mcp . Authentication . Models . UserContext
Summary Represents the user context extracted from an authenticated request.
This class encapsulates the user’s identity, authorization information, and
other context data needed for processing MCP requests on behalf of the user.
Constructors Initializes a new instance of the UserContext class.
Syntax Initializes a new instance of the UserContext class with the specified user ID.
Syntax public UserContext ( string userId )
Parameters Name Type Description userIdstringThe user’s unique identifier.
Exceptions Exception Description ArgumentExceptionThrown when userId is null or whitespace.
Inherited Syntax Properties Gets or sets additional user claims.
Syntax public System . Collections . Generic . Dictionary < string , string > AdditionalClaims { get ; set ; }
Property Value Type: System.Collections.Generic.Dictionary<string, string>
A dictionary of additional claims extracted from the token.
This contains any custom claims that are not covered by the standard
properties but may be needed for authorization or business logic.
Gets or sets the audience for which the token was issued.
Syntax public string Audience { get ; set ; }
Property Value Type: string?
The audience identifier from the JWT token.
This identifies the intended recipient of the token, which should
match the MCP server’s configuration.
Gets or sets the time when the user was authenticated.
Syntax public System . DateTime AuthenticatedAt { get ; set ; }
Property Value Type: System.DateTime?
The UTC date and time when authentication occurred.
This timestamp is used for session management, auditing, and
security analysis.
Gets or sets the authentication method used.
Syntax public string AuthenticationMethod { get ; set ; }
Property Value Type: string?
The method used to authenticate the user (e.g., “Bearer”, “JWT”).
This indicates how the user was authenticated, which can be useful
for security auditing and compliance reporting.
Gets or sets the client application identifier.
Syntax public string ClientId { get ; set ; }
Property Value Type: string?
The identifier of the client application that initiated the request.
This identifies which application the user is accessing the MCP server
through, which can be useful for auditing and access control.
Gets or sets the user’s display name.
Syntax public string DisplayName { get ; set ; }
Property Value Type: string?
The display name or username of the authenticated user.
This is typically extracted from claims like ‘name’, ‘preferred_username’,
or ‘upn’ and is used for display purposes in logs and audit trails.
Gets or sets the user’s email address.
Syntax public string Email { get ; set ; }
Property Value Type: string?
The email address of the authenticated user.
This is typically extracted from the ‘email’ claim and can be used
for notifications or audit purposes.
Gets or sets the issuer of the authentication token.
Syntax public string Issuer { get ; set ; }
Property Value Type: string?
The issuer identifier from the JWT token.
This identifies which authorization server issued the token, which is
important for multi-provider scenarios and security auditing.
Gets or sets the user’s roles.
Syntax public System . Collections . Generic . List < string > Roles { get ; set ; }
Property Value Type: System.Collections.Generic.List<string>
A collection of roles assigned to the user.
Roles provide a higher-level grouping of permissions and are typically
extracted from ‘roles’ or similar claims in the token.
Gets or sets the OAuth2 scopes granted to the user.
Syntax public System . Collections . Generic . List < string > Scopes { get ; set ; }
Property Value Type: System.Collections.Generic.List<string>
A collection of OAuth2 scopes that define the user’s permissions.
These scopes are extracted from the token and determine what operations
the user is authorized to perform through the MCP server.
Gets or sets the tenant identifier for multi-tenant scenarios.
Syntax public string TenantId { get ; set ; }
Property Value Type: string?
The identifier of the tenant the user belongs to.
This is used in multi-tenant deployments to isolate data and operations
between different organizational units or customers.
Gets or sets the original JWT token.
Syntax public string Token { get ; set ; }
Property Value Type: string?
The raw JWT token that was used for authentication.
This token can be forwarded to downstream services for delegation
scenarios while maintaining the user’s identity.
Gets or sets the token expiration time.
Syntax public System . Nullable < System . DateTime > TokenExpiresAt { get ; set ; }
Property Value Type: System.Nullable<System.DateTime?>?
The UTC date and time when the token expires.
This is used to determine when the user’s session will expire and
when token refresh might be needed.
Gets or sets the user’s unique identifier.
Syntax public required string UserId { get ; set ; }
Property Value Type: string
The unique identifier for the authenticated user.
This is typically extracted from the ‘sub’ (subject) claim in the JWT token
and uniquely identifies the user across the system.
Methods Inherited Virtual Syntax public virtual bool Equals ( object obj )
Parameters Name Type Description objobject?-
Returns Type: bool
Inherited Syntax public static bool Equals ( object objA , object objB )
Parameters Name Type Description objAobject?- objBobject?-
Returns Type: bool
Creates a user context from a claims principal.
Syntax public static Microsoft . OData . Mcp . Authentication . Models . UserContext FromClaimsPrincipal ( System . Security . Claims . ClaimsPrincipal principal , string token = null )
Parameters Name Type Description principalSystem.Security.Claims.ClaimsPrincipalThe claims principal to extract user context from. tokenstring?The original JWT token (optional).
Returns Type: Microsoft.OData.Mcp.Authentication.Models.UserContext
A user context populated with information from the claims principal.
Exceptions Exception Description ArgumentNullExceptionThrown when principal is null. InvalidOperationExceptionThrown when the principal does not contain a subject claim.
Gets an additional claim value by type.
Syntax public string GetAdditionalClaim ( string claimType )
Parameters Name Type Description claimTypestringThe claim type to retrieve.
Returns Type: string?
The claim value if found; otherwise, null.
Inherited Virtual Syntax public virtual int GetHashCode ()
Returns Type: int
Gets the remaining time before the token expires.
Syntax public System . Nullable < System . TimeSpan > GetRemainingTokenLifetime ()
Returns Type: System.Nullable<System.TimeSpan?>?
The remaining time before token expiration, or null if no expiration is set.
Inherited Syntax public System . Type GetType ()
Returns Type: System.Type
Determines whether the user has all of the specified scopes.
Syntax public bool HasAllScopes ( System . Collections . Generic . IEnumerable < string > requiredScopes )
Parameters Name Type Description requiredScopesSystem.Collections.Generic.IEnumerable<string>The scopes to check for.
Returns Type: bool
true if the user has all of the required scopes; otherwise, false.
Exceptions Exception Description ArgumentNullExceptionThrown when requiredScopes is null.
Determines whether the user has any of the specified roles.
Syntax public bool HasAnyRole ( System . Collections . Generic . IEnumerable < string > requiredRoles )
Parameters Name Type Description requiredRolesSystem.Collections.Generic.IEnumerable<string>The roles to check for.
Returns Type: bool
true if the user has at least one of the required roles; otherwise, false.
Exceptions Exception Description ArgumentNullExceptionThrown when requiredRoles is null.
Determines whether the user has any of the specified scopes.
Syntax public bool HasAnyScope ( System . Collections . Generic . IEnumerable < string > requiredScopes )
Parameters Name Type Description requiredScopesSystem.Collections.Generic.IEnumerable<string>The scopes to check for.
Returns Type: bool
true if the user has at least one of the required scopes; otherwise, false.
Exceptions Exception Description ArgumentNullExceptionThrown when requiredScopes is null.
Determines whether the user’s token is expired.
Syntax public bool IsTokenExpired ()
Returns Type: bool
true if the token is expired; otherwise, false.
Inherited Syntax protected internal object MemberwiseClone ()
Returns Type: object
Inherited Syntax public static bool ReferenceEquals ( object objA , object objB )
Parameters Name Type Description objAobject?- objBobject?-
Returns Type: bool
Override Returns a string representation of the user context.
Syntax public override string ToString ()
Returns Type: string
A summary of the user context.
Inherited Virtual Syntax public virtual string ToString ()
Returns Type: string? 
