> ## Documentation Index > Fetch the complete documentation index at: https://easyaf.dev/llms.txt > Use this file to discover all available pages before exploring further. # ITokenDelegationService > Provides services for delegating authentication tokens to downstream services. export function DocsBadge({text, variant = 'neutral'}) { const variantClasses = { success: 'mint-bg-green-500/10 mint-text-green-600 dark:mint-text-green-400 mint-border-green-500/20', neutral: 'mint-bg-slate-500/10 mint-text-slate-600 dark:mint-text-slate-400 mint-border-slate-500/20', info: 'mint-bg-blue-500/10 mint-text-blue-600 dark:mint-text-blue-400 mint-border-blue-500/20', warning: 'mint-bg-amber-500/10 mint-text-amber-600 dark:mint-text-amber-400 mint-border-amber-500/20', danger: 'mint-bg-red-500/10 mint-text-red-600 dark:mint-text-red-400 mint-border-red-500/20' }; const classes = variantClasses[variant] || variantClasses.neutral; return {text} ; } ## Definition **Assembly:** Microsoft.OData.Mcp.Authentication.dll **Namespace:** Microsoft.OData.Mcp.Authentication.Services ## Syntax ```csharp theme={"dark"} Microsoft.OData.Mcp.Authentication.Services.ITokenDelegationService ``` ## Summary Provides services for delegating authentication tokens to downstream services. ## Remarks This service handles the complexities of token delegation, including token forwarding, exchange, and on-behalf-of flows. It ensures that user identity is preserved while enabling secure communication with downstream OData services. ## Methods ### ClearCachedTokensAsync Clears all cached tokens for a specific user. #### Syntax ```csharp theme={"dark"} System.Threading.Tasks.Task ClearCachedTokensAsync(string userId, System.Threading.CancellationToken cancellationToken = null) ``` #### Parameters | Name | Type | Description | | ------------------- | ------------------------------------ | --------------------------------------------- | | `userId` | `string` | The user identifier. | | `cancellationToken` | `System.Threading.CancellationToken` | A cancellation token to cancel the operation. | #### Returns Type: `System.Threading.Tasks.Task` A task that represents the asynchronous operation. #### Exceptions | Exception | Description | | ------------------- | ------------------------------------------- | | `ArgumentException` | Thrown when *userId* is null or whitespace. | ### ExchangeTokenAsync Exchanges a token for a new token with different scopes or audience. #### Syntax ```csharp theme={"dark"} System.Threading.Tasks.Task ExchangeTokenAsync(string originalToken, string targetAudience, System.Collections.Generic.IEnumerable requestedScopes = null, System.Threading.CancellationToken cancellationToken = null) ``` #### Parameters | Name | Type | Description | | ------------------- | ------------------------------------------------- | --------------------------------------------- | | `originalToken` | `string` | The original token to exchange. | | `targetAudience` | `string` | The audience for the new token. | | `requestedScopes` | `System.Collections.Generic.IEnumerable?` | The scopes to request for the new token. | | `cancellationToken` | `System.Threading.CancellationToken` | A cancellation token to cancel the operation. | #### Returns Type: `System.Threading.Tasks.Task` A task that represents the asynchronous operation. The task result contains the exchanged token. #### Exceptions | Exception | Description | | ------------------- | ---------------------------------------------------------------------- | | `ArgumentException` | Thrown when *originalToken* or *targetAudience* is null or whitespace. | ### GetCachedTokenAsync Gets the cached token for a specific service and user, if available. #### Syntax ```csharp theme={"dark"} System.Threading.Tasks.Task GetCachedTokenAsync(string userId, string targetServiceId, System.Threading.CancellationToken cancellationToken = null) ``` #### Parameters | Name | Type | Description | | ------------------- | ------------------------------------ | --------------------------------------------- | | `userId` | `string` | The user identifier. | | `targetServiceId` | `string` | The target service identifier. | | `cancellationToken` | `System.Threading.CancellationToken` | A cancellation token to cancel the operation. | #### Returns Type: `System.Threading.Tasks.Task` A task that represents the asynchronous operation. The task result contains the cached token, or null if not found. #### Exceptions | Exception | Description | | ------------------- | ---------------------------------------------------------------- | | `ArgumentException` | Thrown when *userId* or *targetServiceId* is null or whitespace. | ### GetOnBehalfOfTokenAsync Performs an OAuth2 on-behalf-of flow to get a token for a downstream service. #### Syntax ```csharp theme={"dark"} System.Threading.Tasks.Task GetOnBehalfOfTokenAsync(string originalToken, string targetAudience, Microsoft.OData.Mcp.Authentication.Models.ClientCredentials clientCredentials, System.Collections.Generic.IEnumerable requestedScopes = null, System.Threading.CancellationToken cancellationToken = null) ``` #### Parameters | Name | Type | Description | | ------------------- | ------------------------------------------------------------- | ------------------------------------------------- | | `originalToken` | `string` | The original user token. | | `targetAudience` | `string` | The audience for the new token. | | `clientCredentials` | `Microsoft.OData.Mcp.Authentication.Models.ClientCredentials` | The client credentials for the on-behalf-of flow. | | `requestedScopes` | `System.Collections.Generic.IEnumerable?` | The scopes to request for the new token. | | `cancellationToken` | `System.Threading.CancellationToken` | A cancellation token to cancel the operation. | #### Returns Type: `System.Threading.Tasks.Task` A task that represents the asynchronous operation. The task result contains the on-behalf-of token. #### Exceptions | Exception | Description | | ----------------------- | ---------------------------------------------------------------------- | | `ArgumentException` | Thrown when *originalToken* or *targetAudience* is null or whitespace. | | `ArgumentNullException` | Thrown when *clientCredentials* is null. | ### GetTokenForServiceAsync Gets an authentication token for making requests to a specific target service. #### Syntax ```csharp theme={"dark"} System.Threading.Tasks.Task GetTokenForServiceAsync(string originalToken, string targetServiceId, System.Threading.CancellationToken cancellationToken = null) ``` #### Parameters | Name | Type | Description | | ------------------- | ------------------------------------ | --------------------------------------------- | | `originalToken` | `string` | The original user token. | | `targetServiceId` | `string` | The identifier of the target service. | | `cancellationToken` | `System.Threading.CancellationToken` | A cancellation token to cancel the operation. | #### Returns Type: `System.Threading.Tasks.Task` A task that represents the asynchronous operation. The task result contains the delegated token. #### Exceptions | Exception | Description | | ------------------- | ----------------------------------------------------------------------- | | `ArgumentException` | Thrown when *originalToken* or *targetServiceId* is null or whitespace. | ### GetTokenForUrlAsync Gets an authentication token for making requests to a target URL. #### Syntax ```csharp theme={"dark"} System.Threading.Tasks.Task GetTokenForUrlAsync(string originalToken, string targetUrl, System.Threading.CancellationToken cancellationToken = null) ``` #### Parameters | Name | Type | Description | | ------------------- | ------------------------------------ | --------------------------------------------- | | `originalToken` | `string` | The original user token. | | `targetUrl` | `string` | The URL of the target service. | | `cancellationToken` | `System.Threading.CancellationToken` | A cancellation token to cancel the operation. | #### Returns Type: `System.Threading.Tasks.Task` A task that represents the asynchronous operation. The task result contains the delegated token. #### Exceptions | Exception | Description | | ------------------- | ----------------------------------------------------------------- | | `ArgumentException` | Thrown when *originalToken* or *targetUrl* is null or whitespace. | ### RefreshTokenAsync Refreshes a delegated token if it supports refresh operations. #### Syntax ```csharp theme={"dark"} System.Threading.Tasks.Task RefreshTokenAsync(Microsoft.OData.Mcp.Authentication.Models.DelegatedToken delegatedToken, System.Threading.CancellationToken cancellationToken = null) ``` #### Parameters | Name | Type | Description | | ------------------- | ---------------------------------------------------------- | --------------------------------------------- | | `delegatedToken` | `Microsoft.OData.Mcp.Authentication.Models.DelegatedToken` | The delegated token to refresh. | | `cancellationToken` | `System.Threading.CancellationToken` | A cancellation token to cancel the operation. | #### Returns Type: `System.Threading.Tasks.Task` A task that represents the asynchronous operation. The task result contains the refreshed token. #### Exceptions | Exception | Description | | ----------------------- | ------------------------------------- | | `ArgumentNullException` | Thrown when *delegatedToken* is null. | ### RevokeTokenAsync Revokes a delegated token if the target service supports token revocation. #### Syntax ```csharp theme={"dark"} System.Threading.Tasks.Task RevokeTokenAsync(Microsoft.OData.Mcp.Authentication.Models.DelegatedToken delegatedToken, System.Threading.CancellationToken cancellationToken = null) ``` #### Parameters | Name | Type | Description | | ------------------- | ---------------------------------------------------------- | --------------------------------------------- | | `delegatedToken` | `Microsoft.OData.Mcp.Authentication.Models.DelegatedToken` | The delegated token to revoke. | | `cancellationToken` | `System.Threading.CancellationToken` | A cancellation token to cancel the operation. | #### Returns Type: `System.Threading.Tasks.Task` A task that represents the asynchronous operation. #### Exceptions | Exception | Description | | ----------------------- | ------------------------------------- | | `ArgumentNullException` | Thrown when *delegatedToken* is null. | ### ValidateTokenForDelegationAsync Validates that a token is suitable for delegation to a specific service. #### Syntax ```csharp theme={"dark"} System.Threading.Tasks.Task ValidateTokenForDelegationAsync(string token, string targetServiceId, System.Threading.CancellationToken cancellationToken = null) ``` #### Parameters | Name | Type | Description | | ------------------- | ------------------------------------ | --------------------------------------------- | | `token` | `string` | The token to validate for delegation. | | `targetServiceId` | `string` | The identifier of the target service. | | `cancellationToken` | `System.Threading.CancellationToken` | A cancellation token to cancel the operation. | #### Returns Type: `System.Threading.Tasks.Task` A task that represents the asynchronous operation. The task result indicates whether the token is valid for delegation. #### Exceptions | Exception | Description | | ------------------- | --------------------------------------------------------------- | | `ArgumentException` | Thrown when *token* or *targetServiceId* is null or whitespace. |