Update the client stack to handle errors returned while processing challenge and sign-out demands

3 years ago · 0cf3b872b5
14 changed files with 71 additions and 20 deletions
--- a/src/OpenIddict.Client.AspNetCore/OpenIddictClientAspNetCoreHandlers.cs
+++ b/src/OpenIddict.Client.AspNetCore/OpenIddictClientAspNetCoreHandlers.cs
@ -58,7 +58,19 @@ public static partial class OpenIddictClientAspNetCoreHandlers
         */
        ResolveHostSignOutProperties.Descriptor,
        ValidateTransportSecurityRequirementForSignOut.Descriptor,
-        GenerateLogoutCorrelationCookie.Descriptor)
+        GenerateLogoutCorrelationCookie.Descriptor,
+
+        /*
+         * Error processing:
+         */
+        // Note: these handler registrations are only used as a last resort for errors that are not
+        // returned by an OpenIddict endpoint (e.g errors returned during a failed challenge demand).
+        //
+        // Errors returned by an OpenIddict endpoint are handled via the Apply*Response events.
+        AttachHttpResponseCode<ProcessErrorContext>.Descriptor,
+        AttachCacheControlHeader<ProcessErrorContext>.Descriptor,
+        ProcessStatusCodePagesErrorResponse<ProcessErrorContext>.Descriptor,
+        ProcessLocalErrorResponse<ProcessErrorContext>.Descriptor)
        .AddRange(Authentication.DefaultHandlers)
        .AddRange(Session.DefaultHandlers);

@ -1035,7 +1047,7 @@ public static partial class OpenIddictClientAspNetCoreHandlers
            = OpenIddictClientHandlerDescriptor.CreateBuilder<TContext>()
                .AddFilter<RequireHttpRequest>()
                .UseSingletonHandler<AttachHttpResponseCode<TContext>>()
-                .SetOrder(100_000)
+                .SetOrder(int.MaxValue - 100_000)
                .SetType(OpenIddictClientHandlerType.BuiltIn)
                .Build();

@ -1122,7 +1134,7 @@ public static partial class OpenIddictClientAspNetCoreHandlers
                .AddFilter<RequireErrorPassthroughEnabled>()
                .AddFilter<TFilter>()
                .UseSingletonHandler<ProcessPassthroughErrorResponse<TContext, TFilter>>()
-                .SetOrder(100_000)
+                .SetOrder(AttachCacheControlHeader<TContext>.Descriptor.Order + 1_000)
                .SetType(OpenIddictClientHandlerType.BuiltIn)
                .Build();

--- a/src/OpenIddict.Client.Owin/OpenIddictClientOwinHandlers.cs
+++ b/src/OpenIddict.Client.Owin/OpenIddictClientOwinHandlers.cs
@ -53,7 +53,18 @@ public static partial class OpenIddictClientOwinHandlers
         */
        ResolveHostSignOutProperties.Descriptor,
        ValidateTransportSecurityRequirementForSignOut.Descriptor,
-        GenerateLogoutCorrelationCookie.Descriptor)
+        GenerateLogoutCorrelationCookie.Descriptor,
+
+        /*
+         * Error processing:
+         */
+        // Note: these handler registrations are only used as a last resort for errors that are not
+        // returned by an OpenIddict endpoint (e.g errors returned during a failed challenge demand).
+        //
+        // Errors returned by an OpenIddict endpoint are handled via the Apply*Response events.
+        AttachHttpResponseCode<ProcessErrorContext>.Descriptor,
+        AttachCacheControlHeader<ProcessErrorContext>.Descriptor,
+        ProcessLocalErrorResponse<ProcessErrorContext>.Descriptor)
        .AddRange(Authentication.DefaultHandlers)
        .AddRange(Session.DefaultHandlers);

@ -1097,7 +1108,7 @@ public static partial class OpenIddictClientOwinHandlers
            = OpenIddictClientHandlerDescriptor.CreateBuilder<TContext>()
                .AddFilter<RequireOwinRequest>()
                .UseSingletonHandler<AttachHttpResponseCode<TContext>>()
-                .SetOrder(100_000)
+                .SetOrder(int.MaxValue - 100_000)
                .SetType(OpenIddictClientHandlerType.BuiltIn)
                .Build();

@ -1303,7 +1314,7 @@ public static partial class OpenIddictClientOwinHandlers
                .AddFilter<RequireErrorPassthroughEnabled>()
                .AddFilter<TFilter>()
                .UseSingletonHandler<ProcessPassthroughErrorResponse<TContext, TFilter>>()
-                .SetOrder(100_000)
+                .SetOrder(AttachCacheControlHeader<TContext>.Descriptor.Order + 1_000)
                .SetType(OpenIddictClientHandlerType.BuiltIn)
                .Build();

--- a/src/OpenIddict.Client.SystemIntegration/OpenIddictClientSystemIntegrationHandlerFilters.cs
+++ b/src/OpenIddict.Client.SystemIntegration/OpenIddictClientSystemIntegrationHandlerFilters.cs
@ -147,7 +147,6 @@ public static class OpenIddictClientSystemIntegrationHandlerFilters
                return new(mode is OpenIddictClientSystemIntegrationAuthenticationMode.WebAuthenticationBroker);
            }
 #endif
-
            return new(false);
        }
    }
--- a/src/OpenIddict.Client/OpenIddictClientHandlers.Authentication.cs
+++ b/src/OpenIddict.Client/OpenIddictClientHandlers.Authentication.cs
@ -382,7 +382,7 @@ public static partial class OpenIddictClientHandlers
                = OpenIddictClientHandlerDescriptor.CreateBuilder<TContext>()
                    .AddFilter<RequireRedirectionRequest>()
                    .UseScopedHandler<ApplyRedirectionResponse<TContext>>()
-                    .SetOrder(int.MaxValue - 100_000)
+                    .SetOrder(500_000)
                    .SetType(OpenIddictClientHandlerType.BuiltIn)
                    .Build();

--- a/src/OpenIddict.Client/OpenIddictClientHandlers.Session.cs
+++ b/src/OpenIddict.Client/OpenIddictClientHandlers.Session.cs
@ -373,7 +373,7 @@ public static partial class OpenIddictClientHandlers
                = OpenIddictClientHandlerDescriptor.CreateBuilder<TContext>()
                    .AddFilter<RequirePostLogoutRedirectionRequest>()
                    .UseScopedHandler<ApplyPostLogoutRedirectionResponse<TContext>>()
-                    .SetOrder(int.MaxValue - 100_000)
+                    .SetOrder(500_000)
                    .SetType(OpenIddictClientHandlerType.BuiltIn)
                    .Build();

--- a/src/OpenIddict.Client/OpenIddictClientHandlers.cs
+++ b/src/OpenIddict.Client/OpenIddictClientHandlers.cs
@ -144,7 +144,8 @@ public static partial class OpenIddictClientHandlers
        /*
         * Error processing:
         */
-        AttachErrorParameters.Descriptor)
+        AttachErrorParameters.Descriptor,
+        AttachCustomErrorParameters.Descriptor)

        .AddRange(Authentication.DefaultHandlers)
        .AddRange(Device.DefaultHandlers)
@ -6056,6 +6057,34 @@ public static partial class OpenIddictClientHandlers
            context.Response.ErrorDescription = context.ErrorDescription;
            context.Response.ErrorUri = context.ErrorUri;

+            return default;
+        }
+    }
+
+    /// <summary>
+    /// Contains the logic responsible for attaching the parameters
+    /// populated from user-defined handlers to the error response.
+    /// </summary>
+    public sealed class AttachCustomErrorParameters : IOpenIddictClientHandler<ProcessErrorContext>
+    {
+        /// <summary>
+        /// Gets the default descriptor definition assigned to this handler.
+        /// </summary>
+        public static OpenIddictClientHandlerDescriptor Descriptor { get; }
+            = OpenIddictClientHandlerDescriptor.CreateBuilder<ProcessErrorContext>()
+                .UseSingletonHandler<AttachCustomErrorParameters>()
+                .SetOrder(100_000)
+                .SetType(OpenIddictClientHandlerType.BuiltIn)
+                .Build();
+
+        /// <inheritdoc/>
+        public ValueTask HandleAsync(ProcessErrorContext context)
+        {
+            if (context is null)
+            {
+                throw new ArgumentNullException(nameof(context));
+            }
+
            if (context.Parameters.Count > 0)
            {
                foreach (var parameter in context.Parameters)
--- a/src/OpenIddict.Server/OpenIddictServerHandlers.Authentication.cs
+++ b/src/OpenIddict.Server/OpenIddictServerHandlers.Authentication.cs
@ -309,7 +309,7 @@ public static partial class OpenIddictServerHandlers
                = OpenIddictServerHandlerDescriptor.CreateBuilder<TContext>()
                    .AddFilter<RequireAuthorizationRequest>()
                    .UseScopedHandler<ApplyAuthorizationResponse<TContext>>()
-                    .SetOrder(int.MaxValue - 100_000)
+                    .SetOrder(500_000)
                    .SetType(OpenIddictServerHandlerType.BuiltIn)
                    .Build();

--- a/src/OpenIddict.Server/OpenIddictServerHandlers.Device.cs
+++ b/src/OpenIddict.Server/OpenIddictServerHandlers.Device.cs
@ -301,7 +301,7 @@ public static partial class OpenIddictServerHandlers
                = OpenIddictServerHandlerDescriptor.CreateBuilder<TContext>()
                    .AddFilter<RequireDeviceRequest>()
                    .UseScopedHandler<ApplyDeviceResponse<TContext>>()
-                    .SetOrder(int.MaxValue - 100_000)
+                    .SetOrder(500_000)
                    .SetType(OpenIddictServerHandlerType.BuiltIn)
                    .Build();

@ -1099,7 +1099,7 @@ public static partial class OpenIddictServerHandlers
                = OpenIddictServerHandlerDescriptor.CreateBuilder<TContext>()
                    .AddFilter<RequireVerificationRequest>()
                    .UseScopedHandler<ApplyVerificationResponse<TContext>>()
-                    .SetOrder(int.MaxValue - 100_000)
+                    .SetOrder(500_000)
                    .SetType(OpenIddictServerHandlerType.BuiltIn)
                    .Build();

--- a/src/OpenIddict.Server/OpenIddictServerHandlers.Discovery.cs
+++ b/src/OpenIddict.Server/OpenIddictServerHandlers.Discovery.cs
@ -281,7 +281,7 @@ public static partial class OpenIddictServerHandlers
                = OpenIddictServerHandlerDescriptor.CreateBuilder<TContext>()
                    .AddFilter<RequireConfigurationRequest>()
                    .UseScopedHandler<ApplyConfigurationResponse<TContext>>()
-                    .SetOrder(int.MaxValue - 100_000)
+                    .SetOrder(500_000)
                    .SetType(OpenIddictServerHandlerType.BuiltIn)
                    .Build();

@ -1021,7 +1021,7 @@ public static partial class OpenIddictServerHandlers
                = OpenIddictServerHandlerDescriptor.CreateBuilder<TContext>()
                    .AddFilter<RequireCryptographyRequest>()
                    .UseScopedHandler<ApplyCryptographyResponse<TContext>>()
-                    .SetOrder(int.MaxValue - 100_000)
+                    .SetOrder(500_000)
                    .SetType(OpenIddictServerHandlerType.BuiltIn)
                    .Build();

--- a/src/OpenIddict.Server/OpenIddictServerHandlers.Exchange.cs
+++ b/src/OpenIddict.Server/OpenIddictServerHandlers.Exchange.cs
@ -306,7 +306,7 @@ public static partial class OpenIddictServerHandlers
                = OpenIddictServerHandlerDescriptor.CreateBuilder<TContext>()
                    .AddFilter<RequireTokenRequest>()
                    .UseScopedHandler<ApplyTokenResponse<TContext>>()
-                    .SetOrder(int.MaxValue - 100_000)
+                    .SetOrder(500_000)
                    .SetType(OpenIddictServerHandlerType.BuiltIn)
                    .Build();

--- a/src/OpenIddict.Server/OpenIddictServerHandlers.Introspection.cs
+++ b/src/OpenIddict.Server/OpenIddictServerHandlers.Introspection.cs
@ -299,7 +299,7 @@ public static partial class OpenIddictServerHandlers
                = OpenIddictServerHandlerDescriptor.CreateBuilder<TContext>()
                    .AddFilter<RequireIntrospectionRequest>()
                    .UseScopedHandler<ApplyIntrospectionResponse<TContext>>()
-                    .SetOrder(int.MaxValue - 100_000)
+                    .SetOrder(500_000)
                    .SetType(OpenIddictServerHandlerType.BuiltIn)
                    .Build();

--- a/src/OpenIddict.Server/OpenIddictServerHandlers.Revocation.cs
+++ b/src/OpenIddict.Server/OpenIddictServerHandlers.Revocation.cs
@ -246,7 +246,7 @@ public static partial class OpenIddictServerHandlers
                = OpenIddictServerHandlerDescriptor.CreateBuilder<TContext>()
                    .AddFilter<RequireRevocationRequest>()
                    .UseScopedHandler<ApplyRevocationResponse<TContext>>()
-                    .SetOrder(int.MaxValue - 100_000)
+                    .SetOrder(500_000)
                    .SetType(OpenIddictServerHandlerType.BuiltIn)
                    .Build();

--- a/src/OpenIddict.Server/OpenIddictServerHandlers.Session.cs
+++ b/src/OpenIddict.Server/OpenIddictServerHandlers.Session.cs
@ -286,7 +286,7 @@ public static partial class OpenIddictServerHandlers
                = OpenIddictServerHandlerDescriptor.CreateBuilder<TContext>()
                    .AddFilter<RequireLogoutRequest>()
                    .UseScopedHandler<ApplyLogoutResponse<TContext>>()
-                    .SetOrder(int.MaxValue - 100_000)
+                    .SetOrder(500_000)
                    .SetType(OpenIddictServerHandlerType.BuiltIn)
                    .Build();

--- a/src/OpenIddict.Server/OpenIddictServerHandlers.Userinfo.cs
+++ b/src/OpenIddict.Server/OpenIddictServerHandlers.Userinfo.cs
@ -271,7 +271,7 @@ public static partial class OpenIddictServerHandlers
                = OpenIddictServerHandlerDescriptor.CreateBuilder<TContext>()
                    .AddFilter<RequireUserinfoRequest>()
                    .UseScopedHandler<ApplyUserinfoResponse<TContext>>()
-                    .SetOrder(int.MaxValue - 100_000)
+                    .SetOrder(500_000)
                    .SetType(OpenIddictServerHandlerType.BuiltIn)
                    .Build();