OAuthSession

A live OAuth session bound to one MCP server. Holds the discovered authorization-server metadata and the registered client so it can refresh the access token automatically when it nears expiry. Created by useOAuth; also constructible directly for advanced/test use.

@safe final

class OAuthSession {

this(OAuthClient oauth, AuthorizationServerMetadata as_, RegisteredClient client, TokenStore store, string resource, StoredToken token);

this(string resource, StoredToken token, TokenStore store, TokenSet delegate(string refreshToken) @(safe) refreshFn);

StoredToken token();

string bearerForRequest(long now);

}

Constructors

this this(OAuthClient oauth, AuthorizationServerMetadata as_, RegisteredClient client, TokenStore store, string resource, StoredToken token): oauth must already carry the canonical resource. token is the initial (possibly empty) stored token for resource.
this this(string resource, StoredToken token, TokenStore store, TokenSet delegate(string refreshToken) @(safe) refreshFn): Test/advanced constructor: inject a refresh function (the refresh-token-grant call) directly, bypassing the live HTTP client.

Members

Functions

bearerForRequest string bearerForRequest(long now): Return a valid bearer access token for use at now (Unix seconds), refreshing via the refresh-token grant first when the current token has expired (or is within the skew window). The refreshed token is persisted through the TokenStore. Throws when no valid token can be produced (e.g. expired with no refresh token).
token StoredToken token(): The current stored token (for inspection / persistence).