OAuth middleware improvements

[erwinkramer]

This pull request introduces significant improvements to the OAuth middleware, focusing on clearer token validation logic, more robust challenge responses, and improved test coverage. It also updates package dependencies and adds sample configuration for token validation.

Closes #16

OAuth middleware improvements:

• Refactored McpOAuthAuthenticationMiddleware to clarify the authentication flow, including improved handling of token validation, challenge scope calculation, and more modular helper methods such as BuildChallengeScopes and TryGetBearerToken. This results in more maintainable and readable code. [1] [2] [3] [4] [5] [6] [7] [8] [9]

Testing enhancements:

• Added a new integration test OAuthChallengeTokenValidationTests to verify that a 401 Unauthorized challenge is correctly returned when token validation is enabled and no token is provided.

Sample and configuration updates:

• Updated the sample service extension (DemoServiceExtensions.cs) to enable JWT validation and audience validation in the demo configuration.

Dependency updates:

• Updated several NuGet package dependencies to their latest patch versions in MCPify.Sample.csproj, including Microsoft.AspNetCore.Authentication.JwtBearer, Microsoft.AspNetCore.OpenApi, Microsoft.IdentityModel.Protocols.OpenIdConnect, Microsoft.EntityFrameworkCore.InMemory, and Swashbuckle.AspNetCore.

[abdebek]

Good job, @erwinkramer! Thank you!

[erwinkramer]

@abdebek thanks for merging. I see the latest releases are all based of the same (old) commit, did u notice?

[abdebek]

@erwinkramer
I was on the wrong branch and didn’t get time to properly test the releases. This is fixed now, and I’ll be testing this one properly. We could republish the previous releases with the correct commits as stable versions, but I’d prefer to just ignore them. Thank you so much for flagging it.