Microsoft
MicrosoftHi Mark
thanks a lot for this helpful blog.
But I want to do the authentication without browser-based user authentication. I registered my mcp client app as confidential app in Azure with a client secret. How can I now do the authentication with the client id & secret without any user interaction... the client is trusted and should be allowed to call the mcp server.
Thanks for any hints, samples or ideas, I couldnt find anything in the net. BR markus
MicrosoftHi Markus mbuchberger1967 ... OAuth is useful when you want the server to know who the user is to do authz - ie behave differently depending on the user or maybe their role. If its a fixed client and no user interaction then maybe the simplest authentication mechanism is just to check a key in the payload - much like an API key. Catch me on LinkedIn if you want to discuss. /markharrison-uk
ok i see your point. is there support for your proposal in the MCP C# lib?
Thx for the quick reply. is it ok to discuss here?
MicrosoftSure discuss here - its just these forums seem a bit clunky :-) for a lot of dialogue.
Not seen any proposal in the C#SDK. To validate a key passed in the http payload is just standard .NET coding ... i dont think it would be needed in the SDK.
thx,
this is my code in the client:
// Add HTTP client transport for MCP server (adjust the URL as needed)
var transport_http = new SseClientTransport(
new SseClientTransportOptions
{
Endpoint = new Uri("http://localhost:7071/"), // Replace with your MCP server's HTTP endpoint
Name = "MCP SSE Server",
OAuth = new()
{
ClientId = config["Identity:ClientId"],
ClientSecret = config["Identity:ClientSecret"],
// TenantId = config["Identity:TenantId"],
Scopes = [config["Identity:ScopeName"]],
RedirectUri = new Uri("http://localhost:7071/signin-oidc"), // Adjust as needed
// AuthorizationRedirectDelegate = HandleAuthorizationUrlAsync,
// Authority = $"https://login.microsoftonline.com/{config["Identity:TenantId"]}/v2.0"
}
}
);
IMcpClient mcpClient = await McpClientFactory.CreateAsync(transport_http);
var tools = await mcpClient.ListToolsAsync();I was hoping that I could authenticate with clientId/Secret this way, but this wont work.
If I get you right you would suggest to leave away the OAuth structure, but creating and connectin the client this way, how would I pass a token between client and server using the mcp sdk?
Any suggestion?
Thx
Markus