refactor: improve form content creation for OAuth requests using FormUrlEncoded helper

abdebek · abdebek · commit 3ce11cba7ab4 · 2026-01-17T18:58:36.000+03:00
diff --git a/MCPify/Core/Auth/DeviceCode/DeviceCodeAuthentication.cs b/MCPify/Core/Auth/DeviceCode/DeviceCodeAuthentication.cs
@@ -76,19 +76,11 @@ public async Task ApplyAsync(HttpRequestMessage request, CancellationToken cance
 
     private async Task<TokenData> PerformDeviceLoginAsync(CancellationToken cancellationToken)
     {
-        var codeRequestForm = new Dictionary<string, string>
-        {
-            { "client_id", _clientId },
-            { "scope", _scope }
-        };
-
-        // RFC 8707: Add resource parameter if configured
-        if (!string.IsNullOrEmpty(_resourceUrl))
-        {
-            codeRequestForm["resource"] = _resourceUrl;
-        }
-
-        var codeRequest = new FormUrlEncodedContent(codeRequestForm);
+        var codeRequest = FormUrlEncoded.Create()
+            .Add("client_id", _clientId)
+            .Add("scope", _scope)
+            .AddIfNotEmpty("resource", _resourceUrl)  // RFC 8707
+            .ToContent();
 
         var codeResponse = await _httpClient.PostAsync(_deviceCodeEndpoint, codeRequest, cancellationToken);
         codeResponse.EnsureSuccessStatusCode();
@@ -105,20 +97,12 @@ private async Task<TokenData> PerformDeviceLoginAsync(CancellationToken cancella
         {
             await Task.Delay(interval * 1000, cancellationToken);
 
-            var tokenRequestForm = new Dictionary<string, string>
-            {
-                { "grant_type", "urn:ietf:params:oauth:grant-type:device_code" },
-                { "client_id", _clientId },
-                { "device_code", codeData.device_code }
-            };
-
-            // RFC 8707: Add resource parameter if configured
-            if (!string.IsNullOrEmpty(_resourceUrl))
-            {
-                tokenRequestForm["resource"] = _resourceUrl;
-            }
-
-            var tokenRequest = new FormUrlEncodedContent(tokenRequestForm);
+            var tokenRequest = FormUrlEncoded.Create()
+                .Add("grant_type", "urn:ietf:params:oauth:grant-type:device_code")
+                .Add("client_id", _clientId)
+                .Add("device_code", codeData.device_code)
+                .AddIfNotEmpty("resource", _resourceUrl)  // RFC 8707
+                .ToContent();
 
             var tokenResponse = await _httpClient.PostAsync(_tokenEndpoint, tokenRequest, cancellationToken);
             
@@ -144,20 +128,12 @@ private async Task<TokenData> PerformDeviceLoginAsync(CancellationToken cancella
 
     private async Task<TokenData> RefreshTokenAsync(string refreshToken, CancellationToken cancellationToken)
     {
-        var form = new Dictionary<string, string>
-        {
-            { "grant_type", "refresh_token" },
-            { "client_id", _clientId },
-            { "refresh_token", refreshToken }
-        };
-
-        // RFC 8707: Add resource parameter if configured
-        if (!string.IsNullOrEmpty(_resourceUrl))
-        {
-            form["resource"] = _resourceUrl;
-        }
-
-        var content = new FormUrlEncodedContent(form);
+        var content = FormUrlEncoded.Create()
+            .Add("grant_type", "refresh_token")
+            .Add("client_id", _clientId)
+            .Add("refresh_token", refreshToken)
+            .AddIfNotEmpty("resource", _resourceUrl)  // RFC 8707
+            .ToContent();
 
         var response = await _httpClient.PostAsync(_tokenEndpoint, content, cancellationToken);
         response.EnsureSuccessStatusCode();
diff --git a/MCPify/Core/Auth/FormUrlEncoded.cs b/MCPify/Core/Auth/FormUrlEncoded.cs
@@ -0,0 +1,28 @@
+namespace MCPify.Core.Auth;
+
+/// <summary>
+/// Fluent helper for creating application/x-www-form-urlencoded POST content.
+/// </summary>
+internal class FormUrlEncoded
+{
+    private readonly List<KeyValuePair<string, string>> _params = new();
+
+    public static FormUrlEncoded Create() => new();
+
+    public FormUrlEncoded Add(string key, string value)
+    {
+        _params.Add(new(key, value));
+        return this;
+    }
+
+    public FormUrlEncoded AddIfNotEmpty(string key, string? value)
+    {
+        if (!string.IsNullOrEmpty(value))
+        {
+            _params.Add(new(key, value));
+        }
+        return this;
+    }
+
+    public FormUrlEncodedContent ToContent() => new(_params);
+}
diff --git a/MCPify/Core/Auth/OAuth/ClientCredentialsAuthentication.cs b/MCPify/Core/Auth/OAuth/ClientCredentialsAuthentication.cs
@@ -57,21 +57,13 @@ public async Task ApplyAsync(HttpRequestMessage request, CancellationToken cance
 
     private async Task<TokenData> RequestTokenAsync(CancellationToken cancellationToken)
     {
-        var form = new Dictionary<string, string>
-        {
-            { "grant_type", "client_credentials" },
-            { "client_id", _clientId },
-            { "client_secret", _clientSecret },
-            { "scope", _scope }
-        };
-
-        // RFC 8707: Add resource parameter if configured
-        if (!string.IsNullOrEmpty(_resourceUrl))
-        {
-            form["resource"] = _resourceUrl;
-        }
-
-        var content = new FormUrlEncodedContent(form);
+        var content = FormUrlEncoded.Create()
+            .Add("grant_type", "client_credentials")
+            .Add("client_id", _clientId)
+            .Add("client_secret", _clientSecret)
+            .Add("scope", _scope)
+            .AddIfNotEmpty("resource", _resourceUrl)  // RFC 8707
+            .ToContent();
         var response = await _httpClient.PostAsync(_tokenEndpoint, content, cancellationToken);
         response.EnsureSuccessStatusCode();
 
diff --git a/MCPify/Core/Auth/OAuth/OAuthAuthorizationCodeAuthentication.cs b/MCPify/Core/Auth/OAuth/OAuthAuthorizationCodeAuthentication.cs
@@ -229,31 +229,15 @@ public virtual async Task<TokenData> HandleAuthorizationCallbackAsync(string cod
 
     private async Task<TokenData> ExchangeCodeForTokenAsync(string code, string redirectUri, string? codeVerifier, CancellationToken cancellationToken)
     {
-        var form = new Dictionary<string, string>
-        {
-            { "grant_type", "authorization_code" },
-            { "client_id", _clientId },
-            { "code", code },
-            { "redirect_uri", redirectUri }
-        };
-
-        if (!string.IsNullOrEmpty(codeVerifier))
-        {
-            form["code_verifier"] = codeVerifier;
-        }
-
-        if (!string.IsNullOrEmpty(_clientSecret))
-        {
-            form["client_secret"] = _clientSecret;
-        }
-
-        // RFC 8707: Add resource parameter if configured
-        if (!string.IsNullOrEmpty(_resourceUrl))
-        {
-            form["resource"] = _resourceUrl;
-        }
-
-        var content = new FormUrlEncodedContent(form);
+        var content = FormUrlEncoded.Create()
+            .Add("grant_type", "authorization_code")
+            .Add("client_id", _clientId)
+            .Add("code", code)
+            .Add("redirect_uri", redirectUri)
+            .AddIfNotEmpty("code_verifier", codeVerifier)
+            .AddIfNotEmpty("client_secret", _clientSecret)
+            .AddIfNotEmpty("resource", _resourceUrl)  // RFC 8707
+            .ToContent();
 
         var response = await _httpClient.PostAsync(_tokenEndpoint, content, cancellationToken);
         response.EnsureSuccessStatusCode();
@@ -277,25 +261,13 @@ private async Task<TokenData> ExchangeCodeForTokenAsync(string code, string redi
 
     private async Task<TokenData> RefreshTokenAsync(string refreshToken, string sessionId, CancellationToken cancellationToken)
     {
-        var form = new Dictionary<string, string>
-        {
-            { "grant_type", "refresh_token" },
-            { "client_id", _clientId },
-            { "refresh_token", refreshToken }
-        };
-
-        if (!string.IsNullOrEmpty(_clientSecret))
-        {
-            form["client_secret"] = _clientSecret;
-        }
-
-        // RFC 8707: Add resource parameter if configured
-        if (!string.IsNullOrEmpty(_resourceUrl))
-        {
-            form["resource"] = _resourceUrl;
-        }
-
-        var content = new FormUrlEncodedContent(form);
+        var content = FormUrlEncoded.Create()
+            .Add("grant_type", "refresh_token")
+            .Add("client_id", _clientId)
+            .Add("refresh_token", refreshToken)
+            .AddIfNotEmpty("client_secret", _clientSecret)
+            .AddIfNotEmpty("resource", _resourceUrl)  // RFC 8707
+            .ToContent();
 
         var response = await _httpClient.PostAsync(_tokenEndpoint, content, cancellationToken);
         response.EnsureSuccessStatusCode();
