Skip to main content

Definition

Assembly: Microsoft.OData.Mcp.Authentication.dll Namespace: Microsoft.OData.Mcp.Authentication.Services

Syntax

Microsoft.OData.Mcp.Authentication.Services.ITokenValidationService

Summary

Provides services for validating JWT tokens and extracting user context.

Remarks

This service handles the core token validation logic, including signature verification, claim extraction, and scope validation. It provides a abstraction layer over the underlying JWT validation mechanisms.

Methods

ExtractUserContext Abstract

Extracts the user context from a validated claims principal.

Syntax

Microsoft.OData.Mcp.Authentication.Models.UserContext ExtractUserContext(System.Security.Claims.ClaimsPrincipal principal)

Parameters

NameTypeDescription
principalSystem.Security.Claims.ClaimsPrincipalThe claims principal from a validated token.

Returns

Type: Microsoft.OData.Mcp.Authentication.Models.UserContext The user context containing identity and authorization information.

Exceptions

ExceptionDescription
ArgumentNullExceptionThrown when principal is null.

GetAuthorizationMetadataAsync Abstract

Gets the authorization metadata from the JWT token for downstream services.

Syntax

System.Threading.Tasks.Task<Microsoft.OData.Mcp.Authentication.Models.AuthorizationMetadata> GetAuthorizationMetadataAsync(string token)

Parameters

NameTypeDescription
tokenstringThe JWT token to extract metadata from.

Returns

Type: System.Threading.Tasks.Task<Microsoft.OData.Mcp.Authentication.Models.AuthorizationMetadata> A task that represents the asynchronous operation. The task result contains the authorization metadata.

Exceptions

ExceptionDescription
ArgumentExceptionThrown when token is null or whitespace.

GetTokenLifetime Abstract

Gets the remaining lifetime of a token.

Syntax

System.Nullable<System.TimeSpan> GetTokenLifetime(System.Security.Claims.ClaimsPrincipal principal)

Parameters

NameTypeDescription
principalSystem.Security.Claims.ClaimsPrincipalThe claims principal from a validated token.

Returns

Type: System.Nullable<System.TimeSpan> The remaining time before the token expires, or null if the token has no expiration.

Exceptions

ExceptionDescription
ArgumentNullExceptionThrown when principal is null.

HasRequiredScopes Abstract

Checks if a user has the required scopes for a specific operation.

Syntax

bool HasRequiredScopes(Microsoft.OData.Mcp.Authentication.Models.UserContext userContext, System.Collections.Generic.IEnumerable<string> requiredScopes)

Parameters

NameTypeDescription
userContextMicrosoft.OData.Mcp.Authentication.Models.UserContextThe user context to check.
requiredScopesSystem.Collections.Generic.IEnumerable<string>The scopes required for the operation.

Returns

Type: bool true if the user has at least one of the required scopes; otherwise, false.

Exceptions

ExceptionDescription
ArgumentNullExceptionThrown when userContext or requiredScopes is null.

IsTokenExpired Abstract

Determines if a token is expired based on its claims.

Syntax

bool IsTokenExpired(System.Security.Claims.ClaimsPrincipal principal)

Parameters

NameTypeDescription
principalSystem.Security.Claims.ClaimsPrincipalThe claims principal from a validated token.

Returns

Type: bool true if the token is expired; otherwise, false.

Exceptions

ExceptionDescription
ArgumentNullExceptionThrown when principal is null.

ValidateTokenAsync Abstract

Validates a JWT token and returns the principal if valid.

Syntax

System.Threading.Tasks.Task<System.Security.Claims.ClaimsPrincipal> ValidateTokenAsync(string token, System.Threading.CancellationToken cancellationToken = null)

Parameters

NameTypeDescription
tokenstringThe JWT token to validate.
cancellationTokenSystem.Threading.CancellationTokenA cancellation token to cancel the operation.

Returns

Type: System.Threading.Tasks.Task<System.Security.Claims.ClaimsPrincipal?> A task that represents the asynchronous validation operation. The task result contains the claims principal if the token is valid, or null if invalid.

Exceptions

ExceptionDescription
ArgumentExceptionThrown when token is null or whitespace.

ValidateTokenAsync Abstract

Validates a JWT token with additional validation parameters.

Syntax

System.Threading.Tasks.Task<Microsoft.OData.Mcp.Authentication.Models.TokenValidationResult> ValidateTokenAsync(string token, System.Collections.Generic.Dictionary<string, object> validationParameters, System.Threading.CancellationToken cancellationToken = null)

Parameters

NameTypeDescription
tokenstringThe JWT token to validate.
validationParametersSystem.Collections.Generic.Dictionary<string, object>Additional validation parameters to apply.
cancellationTokenSystem.Threading.CancellationTokenA cancellation token to cancel the operation.

Returns

Type: System.Threading.Tasks.Task<Microsoft.OData.Mcp.Authentication.Models.TokenValidationResult> A task that represents the asynchronous validation operation. The task result contains the validation result.

Exceptions

ExceptionDescription
ArgumentExceptionThrown when token is null or whitespace.
ArgumentNullExceptionThrown when validationParameters is null.