Skip to content

Add auth regression test for missing resource in PRM#1265

Open
Copilot wants to merge 2 commits intomainfrom
copilot/add-auth-test-for-missing-resource
Open

Add auth regression test for missing resource in PRM#1265
Copilot wants to merge 2 commits intomainfrom
copilot/add-auth-test-for-missing-resource

Conversation

Copy link
Contributor

Copilot AI commented Feb 12, 2026
edited
Loading

The auth flow lacked coverage for client-side validation when the PRM document omits resource, which should still cause authentication failure even if the OAuth server is permissive.

  • Test OAuth server toggle
    • Add RequireResource flag to bypass server-side resource validation when needed.
  • Auth test coverage
    • Emit PRM without resource via OnResourceMetadataRequest and assert client-side rejection.
options.Events.OnResourceMetadataRequest = async context =>
{
    context.HandleResponse();
    var metadata = new ProtectedResourceMetadata
    {
        AuthorizationServers = { new Uri(OAuthServerUrl) },
        ScopesSupported = ["mcp:tools"],
    };
    await Results.Json(metadata, McpJsonUtilities.DefaultOptions).ExecuteAsync(context.HttpContext);
};

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

@halter73
Add auth test for missing resource metadata
82a5d1a 
Co-authored-by: halter73 <54385+halter73@users.noreply.github.com>
Copilot AI changed the title [WIP] Add AuthTest for missing resource URI in PRM document Add auth regression test for missing resource in PRM Feb 12, 2026
Copilot AI requested a review from halter73 February 12, 2026 18:21
halter73
halter73 approved these changes Feb 12, 2026
View reviewed changes
Copy link
Contributor

@halter73 halter73 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it's good to make sure we have a regression test against anyone removing the validation in ClientOAuthProvider.GetRequiredResourceUri for reasons I explained in https://github.com/modelcontextprotocol/csharp-sdk/pull/1262/changes#r2800287979

@halter73 halter73 marked this pull request as ready for review February 12, 2026 18:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stephentoub stephentoub stephentoub approved these changes

+1 more reviewer

@halter73 halter73 halter73 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@halter73 halter73

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@halter73 @stephentoub