Table of Contents

Class ProtectedResourceMetadata

Namespace
ModelContextProtocol.Authentication
Assembly
ModelContextProtocol.Core.dll

Represents the resource metadata for OAuth authorization as defined in RFC 9396. Defined by RFC 9728.

public sealed class ProtectedResourceMetadata
Inheritance
ProtectedResourceMetadata
Inherited Members

Properties

AuthorizationDetailsTypesSupported

List of the authorization details type values supported by the resource server.

[JsonPropertyName("authorization_details_types_supported")]
public List<string>? AuthorizationDetailsTypesSupported { get; set; }

Property Value

List<string>

Remarks

OPTIONAL. JSON array containing a list of the authorization details type values supported by the resource server when the authorization_details request parameter is used.

AuthorizationServers

The list of authorization server URIs.

[JsonPropertyName("authorization_servers")]
public List<Uri> AuthorizationServers { get; set; }

Property Value

List<Uri>

Remarks

OPTIONAL. JSON array containing a list of OAuth authorization server issuer identifiers for authorization servers that can be used with this protected resource.

BearerMethodsSupported

The supported bearer token methods.

[JsonPropertyName("bearer_methods_supported")]
public List<string> BearerMethodsSupported { get; set; }

Property Value

List<string>

Remarks

OPTIONAL. JSON array containing a list of the supported methods of sending an OAuth 2.0 bearer token to the protected resource. Defined values are ["header", "body", "query"].

DpopBoundAccessTokensRequired

Boolean value specifying whether the protected resource always requires the use of DPoP-bound access tokens.

[JsonPropertyName("dpop_bound_access_tokens_required")]
public bool? DpopBoundAccessTokensRequired { get; set; }

Property Value

bool?

Remarks

OPTIONAL. If omitted, the default value is false.

DpopSigningAlgValuesSupported

List of the JWS algorithm values supported by the resource server for validating DPoP proof JWTs.

[JsonPropertyName("dpop_signing_alg_values_supported")]
public List<string>? DpopSigningAlgValuesSupported { get; set; }

Property Value

List<string>

Remarks

OPTIONAL. JSON array containing a list of the JWS alg values supported by the resource server for validating Demonstrating Proof of Possession (DPoP) proof JWTs.

JwksUri

URL of the protected resource's JSON Web Key (JWK) Set document.

[JsonPropertyName("jwks_uri")]
public Uri? JwksUri { get; set; }

Property Value

Uri

Remarks

OPTIONAL. This contains public keys belonging to the protected resource, such as signing key(s) that the resource server uses to sign resource responses. This URL MUST use the https scheme.

Resource

The resource URI.

[JsonPropertyName("resource")]
public required Uri Resource { get; set; }

Property Value

Uri

Remarks

REQUIRED. The protected resource's resource identifier.

ResourceDocumentation

The URI to the resource documentation.

[JsonPropertyName("resource_documentation")]
public Uri? ResourceDocumentation { get; set; }

Property Value

Uri

Remarks

OPTIONAL. URL of a page containing human-readable information that developers might want or need to know when using the protected resource.

ResourceName

Human-readable name of the protected resource intended for display to the end user.

[JsonPropertyName("resource_name")]
public string? ResourceName { get; set; }

Property Value

string

Remarks

RECOMMENDED. It is recommended that protected resource metadata include this field. The value of this field MAY be internationalized.

ResourcePolicyUri

URL of a page containing human-readable information about the protected resource's requirements.

[JsonPropertyName("resource_policy_uri")]
public Uri? ResourcePolicyUri { get; set; }

Property Value

Uri

Remarks

OPTIONAL. Information about how the client can use the data provided by the protected resource.

ResourceSigningAlgValuesSupported

List of the JWS signing algorithms supported by the protected resource for signing resource responses.

[JsonPropertyName("resource_signing_alg_values_supported")]
public List<string>? ResourceSigningAlgValuesSupported { get; set; }

Property Value

List<string>

Remarks

OPTIONAL. JSON array containing a list of the JWS signing algorithms (alg values) supported by the protected resource for signing resource responses. No default algorithms are implied if this entry is omitted. The value none MUST NOT be used.

ResourceTosUri

URL of a page containing human-readable information about the protected resource's terms of service.

[JsonPropertyName("resource_tos_uri")]
public Uri? ResourceTosUri { get; set; }

Property Value

Uri

Remarks

OPTIONAL. The value of this field MAY be internationalized.

ScopesSupported

The supported scopes.

[JsonPropertyName("scopes_supported")]
public List<string> ScopesSupported { get; set; }

Property Value

List<string>

Remarks

RECOMMENDED. JSON array containing a list of scope values that are used in authorization requests to request access to this protected resource.

TlsClientCertificateBoundAccessTokens

Boolean value indicating protected resource support for mutual-TLS client certificate-bound access tokens.

[JsonPropertyName("tls_client_certificate_bound_access_tokens")]
public bool? TlsClientCertificateBoundAccessTokens { get; set; }

Property Value

bool?

Remarks

OPTIONAL. If omitted, the default value is false.

Edit this page