tsai
/
openiddict-core
mirror of https://github.com/openiddict/openiddict-core.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Update the ProcessChallenge/SignIn/SignOut events to expose the host authentication properties

pull/1523/head
Kévin Chalet 3 years ago
parent
8342dd20ce
commit
43e75cd49f
19 changed files with 901 additions and 382 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      sandbox/OpenIddict.Sandbox.AspNet.Client/Controllers/AuthenticationController.cs
  2. 38
      sandbox/OpenIddict.Sandbox.AspNet.Client/Views/Home/Index.cshtml
  3. 9
      sandbox/OpenIddict.Sandbox.AspNetCore.Client/Controllers/AuthenticationController.cs
  4. 40
      sandbox/OpenIddict.Sandbox.AspNetCore.Client/Views/Home/Index.cshtml
  5. 2
      sandbox/OpenIddict.Sandbox.AspNetCore.Server/Controllers/AuthenticationController.cs
  6. 232
      src/OpenIddict.Client.AspNetCore/OpenIddictClientAspNetCoreHandlers.cs
  7. 56
      src/OpenIddict.Client.Owin/OpenIddictClientOwinHandlers.cs
  8. 14
      src/OpenIddict.Client/OpenIddictClientEvents.cs
  9. 68
      src/OpenIddict.Client/OpenIddictClientHandlers.cs
  10. 179
      src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.cs
  11. 150
      src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.cs
  12. 21
      src/OpenIddict.Server/OpenIddictServerEvents.cs
  13. 34
      src/OpenIddict.Server/OpenIddictServerHandlers.cs
  14. 79
      src/OpenIddict.Validation.AspNetCore/OpenIddictValidationAspNetCoreHandlers.cs
  15. 8
      src/OpenIddict.Validation.Owin/OpenIddictValidationOwinConstants.cs
  16. 82
      src/OpenIddict.Validation.Owin/OpenIddictValidationOwinHandlers.cs
  17. 7
      src/OpenIddict.Validation/OpenIddictValidationEvents.cs
  18. 135
      test/OpenIddict.Server.AspNetCore.IntegrationTests/OpenIddictServerAspNetCoreIntegrationTests.cs
  19. 127
      test/OpenIddict.Server.Owin.IntegrationTests/OpenIddictServerOwinIntegrationTests.cs

2
sandbox/OpenIddict.Sandbox.AspNet.Client/Controllers/AuthenticationController.cs
View File

@ -15,7 +15,7 @@ namespace OpenIddict.Sandbox.AspNet.Client.Controllers
{
public class AuthenticationController : Controller
{
[HttpGet, Route("~/login")]
[HttpPost, Route("~/login"), ValidateAntiForgeryToken]
public ActionResult LogIn(string provider, string returnUrl)
{
var context = HttpContext.GetOwinContext();

38
sandbox/OpenIddict.Sandbox.AspNet.Client/Views/Home/Index.cshtml
View File

@ -31,6 +31,8 @@
<form action="/logout" method="post">
@Html.AntiForgeryToken()
<input type="hidden" name="returnUrl" value="@Request.RawUrl" />
<button class="btn btn-lg btn-danger" type="submit">Sign out</button>
</form>
}
@ -38,15 +40,31 @@
else
{
<h1>Welcome, anonymous</h1>
@Html.ActionLink("Sign in using the local OIDC server", "Login", "Authentication",
new { provider = "Local" }, new { @class = "btn btn-lg btn-success" })
@Html.ActionLink("Sign in using the local OIDC server (using GitHub delegation)", "Login", "Authentication",
new { provider = "Local+GitHub" }, new { @class = "btn btn-lg btn-success" })
@Html.ActionLink("Sign in using GitHub", "Login", "Authentication",
new { provider = "GitHub" }, new { @class = "btn btn-lg btn-success" })
@Html.ActionLink("Sign in using Google", "Login", "Authentication",
new { provider = "Google" }, new { @class = "btn btn-lg btn-success" })
@Html.ActionLink("Sign in using Twitter", "Login", "Authentication",
new { provider = "Twitter" }, new { @class = "btn btn-lg btn-success" })
<form action="/login" method="post">
@Html.AntiForgeryToken()
<input type="hidden" name="returnUrl" value="@Request.RawUrl" />
<button class="btn btn-lg btn-success" type="submit" name="provider" value="Local">
Sign in using the local OIDC server
</button>
<button class="btn btn-lg btn-success" type="submit" name="provider" value="Local+GitHub">
Sign in using the local OIDC server (using GitHub delegation)
</button>
<button class="btn btn-lg btn-success" type="submit" name="provider" value="GitHub">
Sign in using GitHub
</button>
<button class="btn btn-lg btn-success" type="submit" name="provider" value="Google">
Sign in using Google
</button>
<button class="btn btn-lg btn-success" type="submit" name="provider" value="Twitter">
Sign in using Twitter
</button>
</form>
}
</div>

9
sandbox/OpenIddict.Sandbox.AspNetCore.Client/Controllers/AuthenticationController.cs
View File

@ -10,7 +10,7 @@ namespace OpenIddict.Sandbox.AspNetCore.Client.Controllers;
public class AuthenticationController : Controller
{
[HttpGet("~/login")]
[HttpPost("~/login"), ValidateAntiForgeryToken]
public ActionResult LogIn(string provider, string returnUrl)
{
// Note: OpenIddict always validates the specified provider name when handling the challenge operation,
@ -41,7 +41,10 @@ public class AuthenticationController : Controller
// Only allow local return URLs to prevent open redirect attacks.
RedirectUri = Url.IsLocalUrl(returnUrl) ? returnUrl : "/",
Parameters = { [Parameters.IdentityProvider] = "GitHub" }
Parameters =
{
[Parameters.IdentityProvider] = "GitHub"
}
};
// Ask the OpenIddict client middleware to redirect the user agent to the identity provider.
@ -146,7 +149,7 @@ public class AuthenticationController : Controller
// Such identities cannot be used as-is to build an authentication cookie in ASP.NET Core (as the
// antiforgery stack requires at least a name claim to bind CSRF cookies to the user's identity) but
// the access/refresh tokens can be retrieved using result.Properties.GetTokens() to make API calls.
if (result.Principal.Identity is not ClaimsIdentity { IsAuthenticated: true })
if (result.Principal is not ClaimsPrincipal { Identity.IsAuthenticated: true })
{
throw new InvalidOperationException("The external authorization data cannot be used for authentication.");
}

40
sandbox/OpenIddict.Sandbox.AspNetCore.Client/Views/Home/Index.cshtml
View File

@ -33,17 +33,33 @@
else
{
<h1>Welcome, anonymous</h1>
<a class="btn btn-lg btn-success" asp-controller="Authentication"
asp-action="Login" asp-route-provider="Local">Sign in using the local OIDC server</a>
<a class="btn btn-lg btn-success" asp-controller="Authentication"
asp-action="Login" asp-route-provider="Local+GitHub">Sign in using the local OIDC server (using GitHub delegation)</a>
<a class="btn btn-lg btn-success" asp-controller="Authentication"
asp-action="Login" asp-route-provider="GitHub">Sign in using GitHub</a>
<a class="btn btn-lg btn-success" asp-controller="Authentication"
asp-action="Login" asp-route-provider="Google">Sign in using Google</a>
<a class="btn btn-lg btn-success" asp-controller="Authentication"
asp-action="Login" asp-route-provider="Reddit">Sign in using Reddit</a>
<a class="btn btn-lg btn-success" asp-controller="Authentication"
asp-action="Login" asp-route-provider="Twitter">Sign in using Twitter</a>
<form asp-action="Login" asp-controller="Authentication" method="post">
<input type="hidden" name="returnUrl" value="@(Context.Request.PathBase + Context.Request.Path + Context.Request.QueryString)" />
<button class="btn btn-lg btn-success" type="submit" name="provider" value="Local">
Sign in using the local OIDC server
</button>
<button class="btn btn-lg btn-success" type="submit" name="provider" value="Local+GitHub">
Sign in using the local OIDC server (using GitHub delegation)
</button>
<button class="btn btn-lg btn-success" type="submit" name="provider" value="GitHub">
Sign in using GitHub
</button>
<button class="btn btn-lg btn-success" type="submit" name="provider" value="Google">
Sign in using Google
</button>
<button class="btn btn-lg btn-success" type="submit" name="provider" value="Reddit">
Sign in using Reddit
</button>
<button class="btn btn-lg btn-success" type="submit" name="provider" value="Twitter">
Sign in using Twitter
</button>
</form>
}
</div>

2
sandbox/OpenIddict.Sandbox.AspNetCore.Server/Controllers/AuthenticationController.cs
View File

@ -45,7 +45,7 @@ public class AuthenticationController : Controller
// Such identities cannot be used as-is to build an authentication cookie in ASP.NET Core (as the
// antiforgery stack requires at least a name claim to bind CSRF cookies to the user's identity) but
// the access/refresh tokens can be retrieved using result.Properties.GetTokens() to make API calls.
if (result.Principal.Identity is not ClaimsIdentity { IsAuthenticated: true })
if (result.Principal is not ClaimsPrincipal { Identity.IsAuthenticated: true })
{
throw new InvalidOperationException("The external authorization data cannot be used for authentication.");
}

232
src/OpenIddict.Client.AspNetCore/OpenIddictClientAspNetCoreHandlers.cs
View File

@ -42,13 +42,13 @@ public static partial class OpenIddictClientAspNetCoreHandlers
/*
* Challenge processing:
*/
ResolveHostChallengeParameters.Descriptor,
ResolveHostChallengeProperties.Descriptor,
GenerateLoginCorrelationCookie.Descriptor,
/*
* Sign-out processing:
*/
ResolveHostSignOutParameters.Descriptor,
ResolveHostSignOutProperties.Descriptor,
GenerateLogoutCorrelationCookie.Descriptor)
.AddRange(Authentication.DefaultHandlers)
.AddRange(Session.DefaultHandlers);
@ -414,11 +414,11 @@ public static partial class OpenIddictClientAspNetCoreHandlers
}
/// <summary>
/// Contains the logic responsible for resolving the additional challenge parameters stored in the ASP.NET
/// Core authentication properties specified by the application that triggered the challenge operation.
/// Contains the logic responsible for resolving the context-specific properties and parameters stored in the
/// ASP.NET Core authentication properties specified by the application that triggered the challenge operation.
/// Note: this handler is not used when the OpenID Connect request is not initially handled by ASP.NET Core.
/// </summary>
public class ResolveHostChallengeParameters : IOpenIddictClientHandler<ProcessChallengeContext>
public class ResolveHostChallengeProperties : IOpenIddictClientHandler<ProcessChallengeContext>
{
/// <summary>
/// Gets the default descriptor definition assigned to this handler.
@ -426,7 +426,7 @@ public static partial class OpenIddictClientAspNetCoreHandlers
public static OpenIddictClientHandlerDescriptor Descriptor { get; }
= OpenIddictClientHandlerDescriptor.CreateBuilder<ProcessChallengeContext>()
.AddFilter<RequireHttpRequest>()
.UseSingletonHandler<ResolveHostChallengeParameters>()
.UseSingletonHandler<ResolveHostChallengeProperties>()
.SetOrder(ValidateChallengeDemand.Descriptor.Order - 500)
.SetType(OpenIddictClientHandlerType.BuiltIn)
.Build();
@ -439,76 +439,74 @@ public static partial class OpenIddictClientAspNetCoreHandlers
throw new ArgumentNullException(nameof(context));
}
Debug.Assert(context.Principal is { Identity: ClaimsIdentity }, SR.GetResourceString(SR.ID4006));
var properties = context.Transaction.GetProperty<AuthenticationProperties>(typeof(AuthenticationProperties).FullName!);
if (properties is null)
{
return default;
}
// If an issuer was explicitly set, update the challenge context to use it.
if (properties.Items.TryGetValue(Properties.Issuer, out string? issuer) && !string.IsNullOrEmpty(issuer))
if (properties is { Items.Count: > 0 })
{
// Ensure the issuer set by the application is a valid absolute URI.
if (!Uri.TryCreate(issuer, UriKind.Absolute, out Uri? uri) || !uri.IsWellFormedOriginalString())
// If an issuer was explicitly set, update the challenge context to use it.
if (properties.Items.TryGetValue(Properties.Issuer, out string? issuer) && !string.IsNullOrEmpty(issuer))
{
throw new InvalidOperationException(SR.GetResourceString(SR.ID0306));
}
// Ensure the issuer set by the application is a valid absolute URI.
if (!Uri.TryCreate(issuer, UriKind.Absolute, out Uri? uri) || !uri.IsWellFormedOriginalString())
{
throw new InvalidOperationException(SR.GetResourceString(SR.ID0306));
}
context.Issuer = uri;
}
context.Issuer = uri;
}
// If a provider name was explicitly set, update the challenge context to use it.
if (properties.Items.TryGetValue(Properties.ProviderName, out string? provider) &&
!string.IsNullOrEmpty(provider))
{
context.ProviderName = provider;
}
// If a provider name was explicitly set, update the challenge context to use it.
if (properties.Items.TryGetValue(Properties.ProviderName, out string? provider) &&
!string.IsNullOrEmpty(provider))
{
context.ProviderName = provider;
}
// If a return URL was specified, use it as the target_link_uri claim.
if (!string.IsNullOrEmpty(properties.RedirectUri))
{
context.TargetLinkUri = properties.RedirectUri;
}
// If a return URL was specified, use it as the target_link_uri claim.
if (!string.IsNullOrEmpty(properties.RedirectUri))
{
context.TargetLinkUri = properties.RedirectUri;
}
// If an identity token hint was specified, attach it to the context.
if (properties.Items.TryGetValue(Properties.IdentityTokenHint, out string? token) &&
!string.IsNullOrEmpty(token))
{
context.IdentityTokenHint = token;
}
// If an identity token hint was specified, attach it to the context.
if (properties.Items.TryGetValue(Properties.IdentityTokenHint, out string? token) &&
!string.IsNullOrEmpty(token))
{
context.IdentityTokenHint = token;
}
// If a login hint was specified, attach it to the context.
if (properties.Items.TryGetValue(Properties.LoginHint, out string? hint) &&
!string.IsNullOrEmpty(hint))
{
context.LoginHint = hint;
}
// If a login hint was specified, attach it to the context.
if (properties.Items.TryGetValue(Properties.LoginHint, out string? hint) &&
!string.IsNullOrEmpty(hint))
{
context.LoginHint = hint;
}
// Preserve the host properties in the principal.
if (properties.Items.Count is not 0)
{
context.Principal.SetClaim(Claims.Private.HostProperties, properties.Items);
foreach (var property in properties.Items)
{
context.Properties[property.Key] = property.Value;
}
}
foreach (var parameter in properties.Parameters)
if (properties is { Parameters.Count: > 0 })
{
context.Parameters[parameter.Key] = parameter.Value switch
foreach (var parameter in properties.Parameters)
{
OpenIddictParameter value => value,
JsonElement value => new OpenIddictParameter(value),
bool value => new OpenIddictParameter(value),
int value => new OpenIddictParameter(value),
long value => new OpenIddictParameter(value),
string value => new OpenIddictParameter(value),
string[] value => new OpenIddictParameter(value),
context.Parameters[parameter.Key] = parameter.Value switch
{
OpenIddictParameter value => value,
JsonElement value => new OpenIddictParameter(value),
bool value => new OpenIddictParameter(value),
int value => new OpenIddictParameter(value),
long value => new OpenIddictParameter(value),
string value => new OpenIddictParameter(value),
string[] value => new OpenIddictParameter(value),
#if SUPPORTS_JSON_NODES
JsonNode value => new OpenIddictParameter(value),
JsonNode value => new OpenIddictParameter(value),
#endif
_ => throw new InvalidOperationException(SR.GetResourceString(SR.ID0115))
};
_ => throw new InvalidOperationException(SR.GetResourceString(SR.ID0115))
};
}
}
return default;
@ -590,11 +588,11 @@ public static partial class OpenIddictClientAspNetCoreHandlers
}
/// <summary>
/// Contains the logic responsible for resolving the additional sign-out parameters stored in the ASP.NET
/// Core authentication properties specified by the application that triggered the sign-out operation.
/// Contains the logic responsible for resolving the context-specific properties and parameters stored in the
/// ASP.NET Core authentication properties specified by the application that triggered the sign-out operation.
/// Note: this handler is not used when the OpenID Connect request is not initially handled by ASP.NET Core.
/// </summary>
public class ResolveHostSignOutParameters : IOpenIddictClientHandler<ProcessSignOutContext>
public class ResolveHostSignOutProperties : IOpenIddictClientHandler<ProcessSignOutContext>
{
/// <summary>
/// Gets the default descriptor definition assigned to this handler.
@ -602,7 +600,7 @@ public static partial class OpenIddictClientAspNetCoreHandlers
public static OpenIddictClientHandlerDescriptor Descriptor { get; }
= OpenIddictClientHandlerDescriptor.CreateBuilder<ProcessSignOutContext>()
.AddFilter<RequireHttpRequest>()
.UseSingletonHandler<ResolveHostSignOutParameters>()
.UseSingletonHandler<ResolveHostSignOutProperties>()
.SetOrder(ValidateSignOutDemand.Descriptor.Order - 500)
.SetType(OpenIddictClientHandlerType.BuiltIn)
.Build();
@ -615,76 +613,74 @@ public static partial class OpenIddictClientAspNetCoreHandlers
throw new ArgumentNullException(nameof(context));
}
Debug.Assert(context.Principal is { Identity: ClaimsIdentity }, SR.GetResourceString(SR.ID4006));
var properties = context.Transaction.GetProperty<AuthenticationProperties>(typeof(AuthenticationProperties).FullName!);
if (properties is null)
{
return default;
}
// If an issuer was explicitly set, update the sign-out context to use it.
if (properties.Items.TryGetValue(Properties.Issuer, out string? issuer) && !string.IsNullOrEmpty(issuer))
if (properties is { Items.Count: > 0 })
{
// Ensure the issuer set by the application is a valid absolute URI.
if (!Uri.TryCreate(issuer, UriKind.Absolute, out Uri? uri) || !uri.IsWellFormedOriginalString())
// If an issuer was explicitly set, update the sign-out context to use it.
if (properties.Items.TryGetValue(Properties.Issuer, out string? issuer) && !string.IsNullOrEmpty(issuer))
{
throw new InvalidOperationException(SR.GetResourceString(SR.ID0306));
}
// Ensure the issuer set by the application is a valid absolute URI.
if (!Uri.TryCreate(issuer, UriKind.Absolute, out Uri? uri) || !uri.IsWellFormedOriginalString())
{
throw new InvalidOperationException(SR.GetResourceString(SR.ID0306));
}
context.Issuer = uri;
}
context.Issuer = uri;
}
// If a provider name was explicitly set, update the sign-out context to use it.
if (properties.Items.TryGetValue(Properties.ProviderName, out string? provider) &&
!string.IsNullOrEmpty(provider))
{
context.ProviderName = provider;
}
// If a provider name was explicitly set, update the sign-out context to use it.
if (properties.Items.TryGetValue(Properties.ProviderName, out string? provider) &&
!string.IsNullOrEmpty(provider))
{
context.ProviderName = provider;
}
// If a return URL was specified, use it as the target_link_uri claim.
if (!string.IsNullOrEmpty(properties.RedirectUri))
{
context.TargetLinkUri = properties.RedirectUri;
}
// If a return URL was specified, use it as the target_link_uri claim.
if (!string.IsNullOrEmpty(properties.RedirectUri))
{
context.TargetLinkUri = properties.RedirectUri;
}
// If an identity token hint was specified, attach it to the context.
if (properties.Items.TryGetValue(Properties.IdentityTokenHint, out string? token) &&
!string.IsNullOrEmpty(token))
{
context.IdentityTokenHint = token;
}
// If an identity token hint was specified, attach it to the context.
if (properties.Items.TryGetValue(Properties.IdentityTokenHint, out string? token) &&
!string.IsNullOrEmpty(token))
{
context.IdentityTokenHint = token;
}
// If a login hint was specified, attach it to the context.
if (properties.Items.TryGetValue(Properties.LoginHint, out string? hint) &&
!string.IsNullOrEmpty(hint))
{
context.LoginHint = hint;
}
// If a login hint was specified, attach it to the context.
if (properties.Items.TryGetValue(Properties.LoginHint, out string? hint) &&
!string.IsNullOrEmpty(hint))
{
context.LoginHint = hint;
}
// Preserve the host properties in the principal.
if (properties.Items.Count is not 0)
{
context.Principal.SetClaim(Claims.Private.HostProperties, properties.Items);
foreach (var property in properties.Items)
{
context.Properties[property.Key] = property.Value;
}
}
foreach (var parameter in properties.Parameters)
if (properties is { Parameters.Count: > 0 })
{
context.Parameters[parameter.Key] = parameter.Value switch
foreach (var parameter in properties.Parameters)
{
OpenIddictParameter value => value,
JsonElement value => new OpenIddictParameter(value),
bool value => new OpenIddictParameter(value),
int value => new OpenIddictParameter(value),
long value => new OpenIddictParameter(value),
string value => new OpenIddictParameter(value),
string[] value => new OpenIddictParameter(value),
context.Parameters[parameter.Key] = parameter.Value switch
{
OpenIddictParameter value => value,
JsonElement value => new OpenIddictParameter(value),
bool value => new OpenIddictParameter(value),
int value => new OpenIddictParameter(value),
long value => new OpenIddictParameter(value),
string value => new OpenIddictParameter(value),
string[] value => new OpenIddictParameter(value),
#if SUPPORTS_JSON_NODES
JsonNode value => new OpenIddictParameter(value),
JsonNode value => new OpenIddictParameter(value),
#endif
_ => throw new InvalidOperationException(SR.GetResourceString(SR.ID0115))
};
_ => throw new InvalidOperationException(SR.GetResourceString(SR.ID0115))
};
}
}
return default;

56
src/OpenIddict.Client.Owin/OpenIddictClientOwinHandlers.cs
View File

@ -38,13 +38,13 @@ public static partial class OpenIddictClientOwinHandlers
/*
* Challenge processing:
*/
ResolveHostChallengeParameters.Descriptor,
ResolveHostChallengeProperties.Descriptor,
GenerateLoginCorrelationCookie.Descriptor,
/*
* Sign-out processing:
*/
ResolveHostSignOutParameters.Descriptor,
ResolveHostSignOutProperties.Descriptor,
GenerateLogoutCorrelationCookie.Descriptor)
.AddRange(Authentication.DefaultHandlers)
.AddRange(Session.DefaultHandlers);
@ -319,7 +319,7 @@ public static partial class OpenIddictClientOwinHandlers
/// <summary>
/// Contains the logic responsible for comparing the current request URL to the expected URL stored in the state token.
/// Note: this handler is not used when the OpenID Connect request is not initially handled by ASP.NET Core.
/// Note: this handler is not used when the OpenID Connect request is not initially handled by OWIN.
/// </summary>
public class ValidateEndpointUri : IOpenIddictClientHandler<ProcessAuthenticationContext>
{
@ -425,11 +425,11 @@ public static partial class OpenIddictClientOwinHandlers
}
/// <summary>
/// Contains the logic responsible for resolving the additional challenge parameters stored in the ASP.NET
/// Core authentication properties specified by the application that triggered the challenge operation.
/// Contains the logic responsible for resolving the context-specific properties and parameters stored in the
/// OWIN authentication properties specified by the application that triggered the challenge operation.
/// Note: this handler is not used when the OpenID Connect request is not initially handled by OWIN.
/// </summary>
public class ResolveHostChallengeParameters : IOpenIddictClientHandler<ProcessChallengeContext>
public class ResolveHostChallengeProperties : IOpenIddictClientHandler<ProcessChallengeContext>
{
/// <summary>
/// Gets the default descriptor definition assigned to this handler.
@ -437,7 +437,7 @@ public static partial class OpenIddictClientOwinHandlers
public static OpenIddictClientHandlerDescriptor Descriptor { get; }
= OpenIddictClientHandlerDescriptor.CreateBuilder<ProcessChallengeContext>()
.AddFilter<RequireOwinRequest>()
.UseSingletonHandler<ResolveHostChallengeParameters>()
.UseSingletonHandler<ResolveHostChallengeProperties>()
.SetOrder(ValidateChallengeDemand.Descriptor.Order - 500)
.SetType(OpenIddictClientHandlerType.BuiltIn)
.Build();
@ -450,10 +450,8 @@ public static partial class OpenIddictClientOwinHandlers
throw new ArgumentNullException(nameof(context));
}
Debug.Assert(context.Principal is { Identity: ClaimsIdentity }, SR.GetResourceString(SR.ID4006));
var properties = context.Transaction.GetProperty<AuthenticationProperties>(typeof(AuthenticationProperties).FullName!);
if (properties is null)
if (properties is not { Dictionary.Count: > 0 })
{
return default;
}
@ -497,13 +495,7 @@ public static partial class OpenIddictClientOwinHandlers
context.LoginHint = hint;
}
// Preserve the host properties in the principal.
if (properties.Dictionary.Count is not 0)
{
context.Principal.SetClaim(Claims.Private.HostProperties, properties.Dictionary);
}
// Note: unlike ASP.NET Core, Owin's AuthenticationProperties doesn't offer a strongly-typed
// Note: unlike ASP.NET Core, OWIN's AuthenticationProperties doesn't offer a strongly-typed
// dictionary that allows flowing parameters while preserving their original types. To allow
// returning custom parameters, the OWIN host allows using AuthenticationProperties.Dictionary
// but requires suffixing the properties that are meant to be used as parameters using a special
@ -539,6 +531,11 @@ public static partial class OpenIddictClientOwinHandlers
{
context.Parameters[name] = value;
}
else
{
context.Properties[property.Key] = property.Value;
}
}
return default;
@ -628,11 +625,11 @@ public static partial class OpenIddictClientOwinHandlers
}
/// <summary>
/// Contains the logic responsible for resolving the additional sign-out parameters stored in the ASP.NET
/// Core authentication properties specified by the application that triggered the sign-out operation.
/// Contains the logic responsible for resolving the context-specific properties and parameters stored in the
/// OWIN authentication properties specified by the application that triggered the sign-out operation.
/// Note: this handler is not used when the OpenID Connect request is not initially handled by OWIN.
/// </summary>
public class ResolveHostSignOutParameters : IOpenIddictClientHandler<ProcessSignOutContext>
public class ResolveHostSignOutProperties : IOpenIddictClientHandler<ProcessSignOutContext>
{
/// <summary>
/// Gets the default descriptor definition assigned to this handler.
@ -640,7 +637,7 @@ public static partial class OpenIddictClientOwinHandlers
public static OpenIddictClientHandlerDescriptor Descriptor { get; }
= OpenIddictClientHandlerDescriptor.CreateBuilder<ProcessSignOutContext>()
.AddFilter<RequireOwinRequest>()
.UseSingletonHandler<ResolveHostSignOutParameters>()
.UseSingletonHandler<ResolveHostSignOutProperties>()
.SetOrder(ValidateSignOutDemand.Descriptor.Order - 500)
.SetType(OpenIddictClientHandlerType.BuiltIn)
.Build();
@ -653,10 +650,8 @@ public static partial class OpenIddictClientOwinHandlers
throw new ArgumentNullException(nameof(context));
}
Debug.Assert(context.Principal is { Identity: ClaimsIdentity }, SR.GetResourceString(SR.ID4006));
var properties = context.Transaction.GetProperty<AuthenticationProperties>(typeof(AuthenticationProperties).FullName!);
if (properties is null)
if (properties is not { Dictionary.Count: > 0 })
{
return default;
}
@ -700,13 +695,7 @@ public static partial class OpenIddictClientOwinHandlers
context.LoginHint = hint;
}
// Preserve the host properties in the principal.
if (properties.Dictionary.Count is not 0)
{
context.Principal.SetClaim(Claims.Private.HostProperties, properties.Dictionary);
}
// Note: unlike ASP.NET Core, Owin's AuthenticationProperties doesn't offer a strongly-typed
// Note: unlike ASP.NET Core, OWIN's AuthenticationProperties doesn't offer a strongly-typed
// dictionary that allows flowing parameters while preserving their original types. To allow
// returning custom parameters, the OWIN host allows using AuthenticationProperties.Dictionary
// but requires suffixing the properties that are meant to be used as parameters using a special
@ -742,6 +731,11 @@ public static partial class OpenIddictClientOwinHandlers
{
context.Parameters[name] = value;
}
else
{
context.Properties[property.Key] = property.Value;
}
}
return default;

14
src/OpenIddict.Client/OpenIddictClientEvents.cs
View File

@ -693,6 +693,11 @@ public static partial class OpenIddictClientEvents
set => Transaction.Response = value;
}
/// <summary>
/// Gets the user-defined authentication properties, if available.
/// </summary>
public Dictionary<string, string?> Properties { get; } = new(StringComparer.Ordinal);
/// <summary>
/// Gets or sets the name of the provider that will be
/// used to resolve the issuer identity, if applicable.
@ -700,7 +705,7 @@ public static partial class OpenIddictClientEvents
public string? ProviderName { get; set; }
/// <summary>
/// Gets the additional parameters returned to caller.
/// Gets the additional parameters returned to the caller.
/// </summary>
public Dictionary<string, OpenIddictParameter> Parameters { get; } = new(StringComparer.Ordinal);
@ -843,6 +848,11 @@ public static partial class OpenIddictClientEvents
set => Transaction.Response = value;
}
/// <summary>
/// Gets the user-defined authentication properties, if available.
/// </summary>
public Dictionary<string, string?> Properties { get; } = new(StringComparer.Ordinal);
/// <summary>
/// Gets or sets the name of the provider that will be
/// used to resolve the issuer identity, if applicable.
@ -884,7 +894,7 @@ public static partial class OpenIddictClientEvents
public string? RequestForgeryProtection { get; set; }
/// <summary>
/// Gets the additional parameters returned to caller.
/// Gets the additional parameters returned to the caller.
/// </summary>
public Dictionary<string, OpenIddictParameter> Parameters { get; } = new(StringComparer.Ordinal);

68
src/OpenIddict.Client/OpenIddictClientHandlers.cs
View File

@ -94,6 +94,7 @@ public static partial class OpenIddictClientHandlers
ResolveClientRegistrationFromChallengeContext.Descriptor,
AttachGrantType.Descriptor,
EvaluateGeneratedChallengeTokens.Descriptor,
AttachChallengeHostProperties.Descriptor,
AttachResponseType.Descriptor,
AttachResponseMode.Descriptor,
AttachClientId.Descriptor,
@ -116,6 +117,7 @@ public static partial class OpenIddictClientHandlers
AttachOptionalClientId.Descriptor,
AttachPostLogoutRedirectUri.Descriptor,
EvaluateGeneratedLogoutTokens.Descriptor,
AttachSignOutHostProperties.Descriptor,
AttachLogoutRequestForgeryProtection.Descriptor,
PrepareLogoutStateTokenPrincipal.Descriptor,
GenerateLogoutStateToken.Descriptor,
@ -3567,6 +3569,37 @@ public static partial class OpenIddictClientHandlers
}
}
/// <summary>
/// Contains the logic responsible for attaching the user-defined properties to the authentication principal.
/// </summary>
public class AttachChallengeHostProperties : IOpenIddictClientHandler<ProcessChallengeContext>
{
/// <summary>
/// Gets the default descriptor definition assigned to this handler.
/// </summary>
public static OpenIddictClientHandlerDescriptor Descriptor { get; }
= OpenIddictClientHandlerDescriptor.CreateBuilder<ProcessChallengeContext>()
.UseSingletonHandler<AttachChallengeHostProperties>()
.SetOrder(EvaluateGeneratedChallengeTokens.Descriptor.Order + 1_000)
.SetType(OpenIddictClientHandlerType.BuiltIn)
.Build();
/// <inheritdoc/>
public ValueTask HandleAsync(ProcessChallengeContext context)
{
if (context is null)
{
throw new ArgumentNullException(nameof(context));
}
Debug.Assert(context.Principal is { Identity: ClaimsIdentity }, SR.GetResourceString(SR.ID4006));
context.Principal.SetClaim(Claims.Private.HostProperties, context.Properties);
return default;
}
}
/// <summary>
/// Contains the logic responsible for attaching the response type to the challenge request.
/// </summary>
@ -3579,7 +3612,7 @@ public static partial class OpenIddictClientHandlers
= OpenIddictClientHandlerDescriptor.CreateBuilder<ProcessChallengeContext>()
.AddFilter<RequireInteractiveGrantType>()
.UseSingletonHandler<AttachResponseType>()
.SetOrder(EvaluateGeneratedChallengeTokens.Descriptor.Order + 1_000)
.SetOrder(AttachChallengeHostProperties.Descriptor.Order + 1_000)
.Build();
/// <inheritdoc/>
@ -4646,6 +4679,37 @@ public static partial class OpenIddictClientHandlers
}
}
/// <summary>
/// Contains the logic responsible for attaching the user-defined properties to the authentication principal.
/// </summary>
public class AttachSignOutHostProperties : IOpenIddictClientHandler<ProcessSignOutContext>
{
/// <summary>
/// Gets the default descriptor definition assigned to this handler.
/// </summary>
public static OpenIddictClientHandlerDescriptor Descriptor { get; }
= OpenIddictClientHandlerDescriptor.CreateBuilder<ProcessSignOutContext>()
.UseSingletonHandler<AttachSignOutHostProperties>()
.SetOrder(EvaluateGeneratedLogoutTokens.Descriptor.Order + 1_000)
.SetType(OpenIddictClientHandlerType.BuiltIn)
.Build();
/// <inheritdoc/>
public ValueTask HandleAsync(ProcessSignOutContext context)
{
if (context is null)
{
throw new ArgumentNullException(nameof(context));
}
Debug.Assert(context.Principal is { Identity: ClaimsIdentity }, SR.GetResourceString(SR.ID4006));
context.Principal.SetClaim(Claims.Private.HostProperties, context.Properties);
return default;
}
}
/// <summary>
/// Contains the logic responsible for attaching a request forgery protection to the authorization request.
/// </summary>
@ -4657,7 +4721,7 @@ public static partial class OpenIddictClientHandlers
public static OpenIddictClientHandlerDescriptor Descriptor { get; }
= OpenIddictClientHandlerDescriptor.CreateBuilder<ProcessSignOutContext>()
.UseSingletonHandler<AttachLogoutRequestForgeryProtection>()
.SetOrder(EvaluateGeneratedLogoutTokens.Descriptor.Order + 1_000)
.SetOrder(AttachSignOutHostProperties.Descriptor.Order + 1_000)
.Build();
/// <inheritdoc/>

179
src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.cs
View File

@ -7,7 +7,6 @@
using System.Collections.Immutable;
using System.ComponentModel;
using System.Diagnostics;
using System.Security.Claims;
using System.Text;
using System.Text.Encodings.Web;
using System.Text.Json;
@ -38,18 +37,18 @@ public static partial class OpenIddictServerAspNetCoreHandlers
/*
* Challenge processing:
*/
ResolveHostChallengeProperties.Descriptor,
AttachHostChallengeError.Descriptor,
ResolveHostChallengeParameters.Descriptor,
/*
* Sign-in processing:
*/
ResolveHostSignInParameters.Descriptor,
ResolveHostSignInProperties.Descriptor,
/*
* Sign-out processing:
*/
ResolveHostSignOutParameters.Descriptor)
ResolveHostSignOutProperties.Descriptor)
.AddRange(Authentication.DefaultHandlers)
.AddRange(Device.DefaultHandlers)
.AddRange(Discovery.DefaultHandlers)
@ -279,10 +278,11 @@ public static partial class OpenIddictServerAspNetCoreHandlers
}
/// <summary>
/// Contains the logic responsible for attaching the error details using the ASP.NET Core authentication properties.
/// Contains the logic responsible for resolving the context-specific properties and parameters stored in the
/// ASP.NET Core authentication properties specified by the application that triggered the challenge operation.
/// Note: this handler is not used when the OpenID Connect request is not initially handled by ASP.NET Core.
/// </summary>
public class AttachHostChallengeError : IOpenIddictServerHandler<ProcessChallengeContext>
public class ResolveHostChallengeProperties : IOpenIddictServerHandler<ProcessChallengeContext>
{
/// <summary>
/// Gets the default descriptor definition assigned to this handler.
@ -290,8 +290,8 @@ public static partial class OpenIddictServerAspNetCoreHandlers
public static OpenIddictServerHandlerDescriptor Descriptor { get; }
= OpenIddictServerHandlerDescriptor.CreateBuilder<ProcessChallengeContext>()
.AddFilter<RequireHttpRequest>()
.UseSingletonHandler<AttachHostChallengeError>()
.SetOrder(AttachDefaultChallengeError.Descriptor.Order - 500)
.UseSingletonHandler<ResolveHostChallengeProperties>()
.SetOrder(ValidateChallengeDemand.Descriptor.Order - 500)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();
@ -304,12 +304,34 @@ public static partial class OpenIddictServerAspNetCoreHandlers
}
var properties = context.Transaction.GetProperty<AuthenticationProperties>(typeof(AuthenticationProperties).FullName!);
if (properties is not null)
if (properties is { Items.Count: > 0 })
{
context.Response.Error = properties.GetString(Properties.Error);
context.Response.ErrorDescription = properties.GetString(Properties.ErrorDescription);
context.Response.ErrorUri = properties.GetString(Properties.ErrorUri);
context.Response.Scope = properties.GetString(Properties.Scope);
foreach (var property in properties.Items)
{
context.Properties[property.Key] = property.Value;
}
}
if (properties is { Parameters.Count: > 0 })
{
foreach (var parameter in properties.Parameters)
{
context.Parameters[parameter.Key] = parameter.Value switch
{
OpenIddictParameter value => value,
JsonElement value => new OpenIddictParameter(value),
bool value => new OpenIddictParameter(value),
int value => new OpenIddictParameter(value),
long value => new OpenIddictParameter(value),
string value => new OpenIddictParameter(value),
string[] value => new OpenIddictParameter(value),
#if SUPPORTS_JSON_NODES
JsonNode value => new OpenIddictParameter(value),
#endif
_ => throw new InvalidOperationException(SR.GetResourceString(SR.ID0115))
};
}
}
return default;
@ -317,11 +339,10 @@ public static partial class OpenIddictServerAspNetCoreHandlers
}
/// <summary>
/// Contains the logic responsible for resolving the additional challenge parameters stored in the ASP.NET
/// Core authentication properties specified by the application that triggered the sign-in operation.
/// Contains the logic responsible for attaching the error details using the ASP.NET Core authentication properties.
/// Note: this handler is not used when the OpenID Connect request is not initially handled by ASP.NET Core.
/// </summary>
public class ResolveHostChallengeParameters : IOpenIddictServerHandler<ProcessChallengeContext>
public class AttachHostChallengeError : IOpenIddictServerHandler<ProcessChallengeContext>
{
/// <summary>
/// Gets the default descriptor definition assigned to this handler.
@ -329,8 +350,8 @@ public static partial class OpenIddictServerAspNetCoreHandlers
public static OpenIddictServerHandlerDescriptor Descriptor { get; }
= OpenIddictServerHandlerDescriptor.CreateBuilder<ProcessChallengeContext>()
.AddFilter<RequireHttpRequest>()
.UseSingletonHandler<ResolveHostChallengeParameters>()
.SetOrder(AttachCustomChallengeParameters.Descriptor.Order - 500)
.UseSingletonHandler<AttachHostChallengeError>()
.SetOrder(AttachDefaultChallengeError.Descriptor.Order - 500)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();
@ -343,28 +364,12 @@ public static partial class OpenIddictServerAspNetCoreHandlers
}
var properties = context.Transaction.GetProperty<AuthenticationProperties>(typeof(AuthenticationProperties).FullName!);
if (properties is null)
{
return default;
}
foreach (var parameter in properties.Parameters)
if (properties is not null)
{
context.Parameters[parameter.Key] = parameter.Value switch
{
OpenIddictParameter value => value,
JsonElement value => new OpenIddictParameter(value),
bool value => new OpenIddictParameter(value),
int value => new OpenIddictParameter(value),
long value => new OpenIddictParameter(value),
string value => new OpenIddictParameter(value),
string[] value => new OpenIddictParameter(value),
#if SUPPORTS_JSON_NODES
JsonNode value => new OpenIddictParameter(value),
#endif
_ => throw new InvalidOperationException(SR.GetResourceString(SR.ID0115))
};
context.Response.Error = properties.GetString(Properties.Error);
context.Response.ErrorDescription = properties.GetString(Properties.ErrorDescription);
context.Response.ErrorUri = properties.GetString(Properties.ErrorUri);
context.Response.Scope = properties.GetString(Properties.Scope);
}
return default;
@ -372,11 +377,11 @@ public static partial class OpenIddictServerAspNetCoreHandlers
}
/// <summary>
/// Contains the logic responsible for resolving the additional sign-in parameters stored in the ASP.NET
/// Core authentication properties specified by the application that triggered the sign-in operation.
/// Contains the logic responsible for resolving the context-specific properties and parameters stored in the
/// ASP.NET Core authentication properties specified by the application that triggered the sign-in operation.
/// Note: this handler is not used when the OpenID Connect request is not initially handled by ASP.NET Core.
/// </summary>
public class ResolveHostSignInParameters : IOpenIddictServerHandler<ProcessSignInContext>
public class ResolveHostSignInProperties : IOpenIddictServerHandler<ProcessSignInContext>
{
/// <summary>
/// Gets the default descriptor definition assigned to this handler.
@ -384,8 +389,8 @@ public static partial class OpenIddictServerAspNetCoreHandlers
public static OpenIddictServerHandlerDescriptor Descriptor { get; }
= OpenIddictServerHandlerDescriptor.CreateBuilder<ProcessSignInContext>()
.AddFilter<RequireHttpRequest>()
.UseSingletonHandler<ResolveHostSignInParameters>()
.SetOrder(AttachCustomSignInParameters.Descriptor.Order - 500)
.UseSingletonHandler<ResolveHostSignInProperties>()
.SetOrder(ValidateSignInDemand.Descriptor.Order - 500)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();
@ -397,37 +402,35 @@ public static partial class OpenIddictServerAspNetCoreHandlers
throw new ArgumentNullException(nameof(context));
}
Debug.Assert(context.Principal is { Identity: ClaimsIdentity }, SR.GetResourceString(SR.ID4006));
var properties = context.Transaction.GetProperty<AuthenticationProperties>(typeof(AuthenticationProperties).FullName!);
if (properties is null)
if (properties is { Items.Count: > 0 })
{
return default;
}
// Preserve the host properties in the principal.
if (properties.Items.Count is not 0)
{
context.Principal.SetClaim(Claims.Private.HostProperties, properties.Items);
foreach (var property in properties.Items)
{
context.Properties[property.Key] = property.Value;
}
}
foreach (var parameter in properties.Parameters)
if (properties is { Parameters.Count: > 0 })
{
context.Parameters[parameter.Key] = parameter.Value switch
foreach (var parameter in properties.Parameters)
{
OpenIddictParameter value => value,
JsonElement value => new OpenIddictParameter(value),
bool value => new OpenIddictParameter(value),
int value => new OpenIddictParameter(value),
long value => new OpenIddictParameter(value),
string value => new OpenIddictParameter(value),
string[] value => new OpenIddictParameter(value),
context.Parameters[parameter.Key] = parameter.Value switch
{
OpenIddictParameter value => value,
JsonElement value => new OpenIddictParameter(value),
bool value => new OpenIddictParameter(value),
int value => new OpenIddictParameter(value),
long value => new OpenIddictParameter(value),
string value => new OpenIddictParameter(value),
string[] value => new OpenIddictParameter(value),
#if SUPPORTS_JSON_NODES
JsonNode value => new OpenIddictParameter(value),
JsonNode value => new OpenIddictParameter(value),
#endif
_ => throw new InvalidOperationException(SR.GetResourceString(SR.ID0115))
};
_ => throw new InvalidOperationException(SR.GetResourceString(SR.ID0115))
};
}
}
return default;
@ -435,11 +438,11 @@ public static partial class OpenIddictServerAspNetCoreHandlers
}
/// <summary>
/// Contains the logic responsible for resolving the additional sign-out parameters stored in the ASP.NET
/// Core authentication properties specified by the application that triggered the sign-out operation.
/// Contains the logic responsible for resolving the context-specific properties and parameters stored in the
/// ASP.NET Core authentication properties specified by the application that triggered the sign-out operation.
/// Note: this handler is not used when the OpenID Connect request is not initially handled by ASP.NET Core.
/// </summary>
public class ResolveHostSignOutParameters : IOpenIddictServerHandler<ProcessSignOutContext>
public class ResolveHostSignOutProperties : IOpenIddictServerHandler<ProcessSignOutContext>
{
/// <summary>
/// Gets the default descriptor definition assigned to this handler.
@ -447,8 +450,8 @@ public static partial class OpenIddictServerAspNetCoreHandlers
public static OpenIddictServerHandlerDescriptor Descriptor { get; }
= OpenIddictServerHandlerDescriptor.CreateBuilder<ProcessSignOutContext>()
.AddFilter<RequireHttpRequest>()
.UseSingletonHandler<ResolveHostSignOutParameters>()
.SetOrder(AttachCustomSignOutParameters.Descriptor.Order - 500)
.UseSingletonHandler<ResolveHostSignOutProperties>()
.SetOrder(ValidateSignOutDemand.Descriptor.Order - 500)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();
@ -461,28 +464,34 @@ public static partial class OpenIddictServerAspNetCoreHandlers
}
var properties = context.Transaction.GetProperty<AuthenticationProperties>(typeof(AuthenticationProperties).FullName!);
if (properties is null)
if (properties is { Items.Count: > 0 })
{
return default;
foreach (var property in properties.Items)
{
context.Properties[property.Key] = property.Value;
}
}
foreach (var parameter in properties.Parameters)
if (properties is { Parameters.Count: > 0 })
{
context.Parameters[parameter.Key] = parameter.Value switch
foreach (var parameter in properties.Parameters)
{
OpenIddictParameter value => value,
JsonElement value => new OpenIddictParameter(value),
bool value => new OpenIddictParameter(value),
int value => new OpenIddictParameter(value),
long value => new OpenIddictParameter(value),
string value => new OpenIddictParameter(value),
string[] value => new OpenIddictParameter(value),
context.Parameters[parameter.Key] = parameter.Value switch
{
OpenIddictParameter value => value,
JsonElement value => new OpenIddictParameter(value),
bool value => new OpenIddictParameter(value),
int value => new OpenIddictParameter(value),
long value => new OpenIddictParameter(value),
string value => new OpenIddictParameter(value),
string[] value => new OpenIddictParameter(value),
#if SUPPORTS_JSON_NODES
JsonNode value => new OpenIddictParameter(value),
JsonNode value => new OpenIddictParameter(value),
#endif
_ => throw new InvalidOperationException(SR.GetResourceString(SR.ID0115))
};
_ => throw new InvalidOperationException(SR.GetResourceString(SR.ID0115))
};
}
}
return default;

150
src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.cs
View File

@ -8,7 +8,6 @@ using System.Collections.Immutable;
using System.ComponentModel;
using System.Diagnostics;
using System.Globalization;
using System.Security.Claims;
using System.Text;
using System.Text.Encodings.Web;
using System.Text.Json;
@ -34,18 +33,18 @@ public static partial class OpenIddictServerOwinHandlers
/*
* Challenge processing:
*/
ResolveHostChallengeProperties.Descriptor,
AttachHostChallengeError.Descriptor,
ResolveHostChallengeParameters.Descriptor,
/*
* Sign-in processing:
*/
ResolveHostSignInParameters.Descriptor,
ResolveHostSignInProperties.Descriptor,
/*
* Sign-out processing:
*/
ResolveHostSignOutParameters.Descriptor)
ResolveHostSignOutProperties.Descriptor)
.AddRange(Authentication.DefaultHandlers)
.AddRange(Device.DefaultHandlers)
.AddRange(Discovery.DefaultHandlers)
@ -277,52 +276,11 @@ public static partial class OpenIddictServerOwinHandlers
}
/// <summary>
/// Contains the logic responsible for attaching the error details using the OWIN authentication properties.
/// Note: this handler is not used when the OpenID Connect request is not initially handled by OWIN.
/// </summary>
public class AttachHostChallengeError : IOpenIddictServerHandler<ProcessChallengeContext>
{
/// <summary>
/// Gets the default descriptor definition assigned to this handler.
/// </summary>
public static OpenIddictServerHandlerDescriptor Descriptor { get; }
= OpenIddictServerHandlerDescriptor.CreateBuilder<ProcessChallengeContext>()
.AddFilter<RequireOwinRequest>()
.UseSingletonHandler<AttachHostChallengeError>()
.SetOrder(AttachDefaultChallengeError.Descriptor.Order - 500)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();
/// <inheritdoc/>
public ValueTask HandleAsync(ProcessChallengeContext context)
{
if (context is null)
{
throw new ArgumentNullException(nameof(context));
}
var properties = context.Transaction.GetProperty<AuthenticationProperties>(typeof(AuthenticationProperties).FullName!);
if (properties is not null)
{
context.Response.Error = GetProperty(properties, Properties.Error);
context.Response.ErrorDescription = GetProperty(properties, Properties.ErrorDescription);
context.Response.ErrorUri = GetProperty(properties, Properties.ErrorUri);
context.Response.Scope = GetProperty(properties, Properties.Scope);
}
return default;
static string? GetProperty(AuthenticationProperties properties, string name)
=> properties.Dictionary.TryGetValue(name, out string? value) ? value : null;
}
}
/// <summary>
/// Contains the logic responsible for resolving the additional challenge parameters stored in the
/// OWIN authentication properties specified by the application that triggered the sign-in operation.
/// Contains the logic responsible for resolving the context-specific properties and parameters stored in the
/// OWIN authentication properties specified by the application that triggered the challenge operation.
/// Note: this handler is not used when the OpenID Connect request is not initially handled by OWIN.
/// </summary>
public class ResolveHostChallengeParameters : IOpenIddictServerHandler<ProcessChallengeContext>
public class ResolveHostChallengeProperties : IOpenIddictServerHandler<ProcessChallengeContext>
{
/// <summary>
/// Gets the default descriptor definition assigned to this handler.
@ -330,8 +288,8 @@ public static partial class OpenIddictServerOwinHandlers
public static OpenIddictServerHandlerDescriptor Descriptor { get; }
= OpenIddictServerHandlerDescriptor.CreateBuilder<ProcessChallengeContext>()
.AddFilter<RequireOwinRequest>()
.UseSingletonHandler<ResolveHostChallengeParameters>()
.SetOrder(AttachCustomChallengeParameters.Descriptor.Order - 500)
.UseSingletonHandler<ResolveHostChallengeProperties>()
.SetOrder(ValidateChallengeDemand.Descriptor.Order - 500)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();
@ -344,12 +302,12 @@ public static partial class OpenIddictServerOwinHandlers
}
var properties = context.Transaction.GetProperty<AuthenticationProperties>(typeof(AuthenticationProperties).FullName!);
if (properties is null)
if (properties is not { Dictionary.Count: > 0 })
{
return default;
}
// Note: unlike ASP.NET Core, Owin's AuthenticationProperties doesn't offer a strongly-typed
// Note: unlike ASP.NET Core, OWIN's AuthenticationProperties doesn't offer a strongly-typed
// dictionary that allows flowing parameters while preserving their original types. To allow
// returning custom parameters, the OWIN host allows using AuthenticationProperties.Dictionary
// but requires suffixing the properties that are meant to be used as parameters using a special
@ -385,18 +343,64 @@ public static partial class OpenIddictServerOwinHandlers
{
context.Parameters[name] = value;
}
else
{
context.Properties[property.Key] = property.Value;
}
}
return default;
}
}
/// <summary>
/// Contains the logic responsible for attaching the error details using the OWIN authentication properties.
/// Note: this handler is not used when the OpenID Connect request is not initially handled by OWIN.
/// </summary>
public class AttachHostChallengeError : IOpenIddictServerHandler<ProcessChallengeContext>
{
/// <summary>
/// Gets the default descriptor definition assigned to this handler.
/// </summary>
public static OpenIddictServerHandlerDescriptor Descriptor { get; }
= OpenIddictServerHandlerDescriptor.CreateBuilder<ProcessChallengeContext>()
.AddFilter<RequireOwinRequest>()
.UseSingletonHandler<AttachHostChallengeError>()
.SetOrder(AttachDefaultChallengeError.Descriptor.Order - 500)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();
/// <inheritdoc/>
public ValueTask HandleAsync(ProcessChallengeContext context)
{
if (context is null)
{
throw new ArgumentNullException(nameof(context));
}
var properties = context.Transaction.GetProperty<AuthenticationProperties>(typeof(AuthenticationProperties).FullName!);
if (properties is not null)
{
context.Response.Error = GetProperty(properties, Properties.Error);
context.Response.ErrorDescription = GetProperty(properties, Properties.ErrorDescription);
context.Response.ErrorUri = GetProperty(properties, Properties.ErrorUri);
context.Response.Scope = GetProperty(properties, Properties.Scope);
}
return default;
static string? GetProperty(AuthenticationProperties properties, string name)
=> properties.Dictionary.TryGetValue(name, out string? value) ? value : null;
}
}
/// <summary>
/// Contains the logic responsible for resolving the additional sign-in parameters stored in the
/// Contains the logic responsible for resolving the context-specific properties and parameters stored in the
/// OWIN authentication properties specified by the application that triggered the sign-in operation.
/// Note: this handler is not used when the OpenID Connect request is not initially handled by OWIN.
/// </summary>
public class ResolveHostSignInParameters : IOpenIddictServerHandler<ProcessSignInContext>
public class ResolveHostSignInProperties : IOpenIddictServerHandler<ProcessSignInContext>
{
/// <summary>
/// Gets the default descriptor definition assigned to this handler.
@ -404,8 +408,8 @@ public static partial class OpenIddictServerOwinHandlers
public static OpenIddictServerHandlerDescriptor Descriptor { get; }
= OpenIddictServerHandlerDescriptor.CreateBuilder<ProcessSignInContext>()
.AddFilter<RequireOwinRequest>()
.UseSingletonHandler<ResolveHostSignInParameters>()
.SetOrder(AttachCustomSignInParameters.Descriptor.Order - 500)
.UseSingletonHandler<ResolveHostSignInProperties>()
.SetOrder(ValidateSignInDemand.Descriptor.Order - 500)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();
@ -417,21 +421,13 @@ public static partial class OpenIddictServerOwinHandlers
throw new ArgumentNullException(nameof(context));
}
Debug.Assert(context.Principal is { Identity: ClaimsIdentity }, SR.GetResourceString(SR.ID4006));
var properties = context.Transaction.GetProperty<AuthenticationProperties>(typeof(AuthenticationProperties).FullName!);
if (properties is null)
if (properties is not { Dictionary.Count: > 0 })
{
return default;
}
// Preserve the host properties in the principal.
if (properties.Dictionary.Count is not 0)
{
context.Principal.SetClaim(Claims.Private.HostProperties, properties.Dictionary);
}
// Note: unlike ASP.NET Core, Owin's AuthenticationProperties doesn't offer a strongly-typed
// Note: unlike ASP.NET Core, OWIN's AuthenticationProperties doesn't offer a strongly-typed
// dictionary that allows flowing parameters while preserving their original types. To allow
// returning custom parameters, the OWIN host allows using AuthenticationProperties.Dictionary
// but requires suffixing the properties that are meant to be used as parameters using a special
@ -467,6 +463,11 @@ public static partial class OpenIddictServerOwinHandlers
{
context.Parameters[name] = value;
}
else
{
context.Properties[property.Key] = property.Value;
}
}
return default;
@ -474,11 +475,11 @@ public static partial class OpenIddictServerOwinHandlers
}
/// <summary>
/// Contains the logic responsible for resolving the additional sign-out parameters stored in the
/// Contains the logic responsible for resolving the context-specific properties and parameters stored in the
/// OWIN authentication properties specified by the application that triggered the sign-out operation.
/// Note: this handler is not used when the OpenID Connect request is not initially handled by OWIN.
/// </summary>
public class ResolveHostSignOutParameters : IOpenIddictServerHandler<ProcessSignOutContext>
public class ResolveHostSignOutProperties : IOpenIddictServerHandler<ProcessSignOutContext>
{
/// <summary>
/// Gets the default descriptor definition assigned to this handler.
@ -486,8 +487,8 @@ public static partial class OpenIddictServerOwinHandlers
public static OpenIddictServerHandlerDescriptor Descriptor { get; }
= OpenIddictServerHandlerDescriptor.CreateBuilder<ProcessSignOutContext>()
.AddFilter<RequireOwinRequest>()
.UseSingletonHandler<ResolveHostSignOutParameters>()
.SetOrder(AttachCustomSignOutParameters.Descriptor.Order - 500)
.UseSingletonHandler<ResolveHostSignOutProperties>()
.SetOrder(ValidateSignOutDemand.Descriptor.Order - 500)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();
@ -500,12 +501,12 @@ public static partial class OpenIddictServerOwinHandlers
}
var properties = context.Transaction.GetProperty<AuthenticationProperties>(typeof(AuthenticationProperties).FullName!);
if (properties is null)
if (properties is not { Dictionary.Count: > 0 })
{
return default;
}
// Note: unlike ASP.NET Core, Owin's AuthenticationProperties doesn't offer a strongly-typed
// Note: unlike ASP.NET Core, OWIN's AuthenticationProperties doesn't offer a strongly-typed
// dictionary that allows flowing parameters while preserving their original types. To allow
// returning custom parameters, the OWIN host allows using AuthenticationProperties.Dictionary
// but requires suffixing the properties that are meant to be used as parameters using a special
@ -541,6 +542,11 @@ public static partial class OpenIddictServerOwinHandlers
{
context.Parameters[name] = value;
}
else
{
context.Properties[property.Key] = property.Value;
}
}
return default;

21
src/OpenIddict.Server/OpenIddictServerEvents.cs
View File

@ -565,7 +565,12 @@ public static partial class OpenIddictServerEvents
}
/// <summary>
/// Gets the additional parameters returned to caller.
/// Gets the user-defined authentication properties, if available.
/// </summary>
public Dictionary<string, string?> Properties { get; } = new(StringComparer.Ordinal);
/// <summary>
/// Gets the additional parameters returned to the caller.
/// </summary>
public Dictionary<string, OpenIddictParameter> Parameters { get; } = new(StringComparer.Ordinal);
}
@ -602,7 +607,12 @@ public static partial class OpenIddictServerEvents
}
/// <summary>
/// Gets the additional parameters returned to caller.
/// Gets the user-defined authentication properties, if available.
/// </summary>
public Dictionary<string, string?> Properties { get; } = new(StringComparer.Ordinal);
/// <summary>
/// Gets the additional parameters returned to the caller.
/// </summary>
public Dictionary<string, OpenIddictParameter> Parameters { get; } = new(StringComparer.Ordinal);
@ -813,7 +823,12 @@ public static partial class OpenIddictServerEvents
}
/// <summary>
/// Gets the additional parameters returned to caller.
/// Gets the user-defined authentication properties, if available.
/// </summary>
public Dictionary<string, string?> Properties { get; } = new(StringComparer.Ordinal);
/// <summary>
/// Gets the additional parameters returned to the caller.
/// </summary>
public Dictionary<string, OpenIddictParameter> Parameters { get; } = new(StringComparer.Ordinal);
}

34
src/OpenIddict.Server/OpenIddictServerHandlers.cs
View File

@ -49,6 +49,7 @@ public static partial class OpenIddictServerHandlers
ValidateSignInDemand.Descriptor,
RedeemTokenEntry.Descriptor,
RestoreInternalClaims.Descriptor,
AttachHostProperties.Descriptor,
AttachDefaultScopes.Descriptor,
AttachDefaultPresenters.Descriptor,
InferResources.Descriptor,
@ -1382,6 +1383,37 @@ public static partial class OpenIddictServerHandlers
}
}
/// <summary>
/// Contains the logic responsible for attaching the user-defined properties to the authentication principal.
/// </summary>
public class AttachHostProperties : IOpenIddictServerHandler<ProcessSignInContext>
{
/// <summary>
/// Gets the default descriptor definition assigned to this handler.
/// </summary>
public static OpenIddictServerHandlerDescriptor Descriptor { get; }
= OpenIddictServerHandlerDescriptor.CreateBuilder<ProcessSignInContext>()
.UseSingletonHandler<AttachHostProperties>()
.SetOrder(RestoreInternalClaims.Descriptor.Order + 1_000)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();
/// <inheritdoc/>
public ValueTask HandleAsync(ProcessSignInContext context)
{
if (context is null)
{
throw new ArgumentNullException(nameof(context));
}
Debug.Assert(context.Principal is { Identity: ClaimsIdentity }, SR.GetResourceString(SR.ID4006));
context.Principal.SetClaim(Claims.Private.HostProperties, context.Properties);
return default;
}
}
/// <summary>
/// Contains the logic responsible for attaching default scopes to the authentication principal.
/// </summary>
@ -1393,7 +1425,7 @@ public static partial class OpenIddictServerHandlers
public static OpenIddictServerHandlerDescriptor Descriptor { get; }
= OpenIddictServerHandlerDescriptor.CreateBuilder<ProcessSignInContext>()
.UseSingletonHandler<AttachDefaultScopes>()
.SetOrder(RestoreInternalClaims.Descriptor.Order + 1_000)
.SetOrder(AttachHostProperties.Descriptor.Order + 1_000)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();

79
src/OpenIddict.Validation.AspNetCore/OpenIddictValidationAspNetCoreHandlers.cs
View File

@ -8,7 +8,6 @@ using System.Collections.Immutable;
using System.ComponentModel;
using System.Diagnostics;
using System.Text;
using System.Text.Encodings.Web;
using System.Text.Json;
using Microsoft.AspNetCore;
using Microsoft.Extensions.Logging;
@ -42,8 +41,8 @@ public static partial class OpenIddictValidationAspNetCoreHandlers
/*
* Challenge processing:
*/
ResolveHostChallengeProperties.Descriptor,
AttachHostChallengeError.Descriptor,
ResolveHostChallengeParameters.Descriptor,
/*
* Response processing:
@ -279,10 +278,11 @@ public static partial class OpenIddictValidationAspNetCoreHandlers
}
/// <summary>
/// Contains the logic responsible for attaching the error details using the ASP.NET Core authentication properties.
/// Contains the logic responsible for resolving the context-specific properties and parameters stored in the
/// ASP.NET Core authentication properties specified by the application that triggered the challenge operation.
/// Note: this handler is not used when the OpenID Connect request is not initially handled by ASP.NET Core.
/// </summary>
public class AttachHostChallengeError : IOpenIddictValidationHandler<ProcessChallengeContext>
public class ResolveHostChallengeProperties : IOpenIddictValidationHandler<ProcessChallengeContext>
{
/// <summary>
/// Gets the default descriptor definition assigned to this handler.
@ -290,8 +290,8 @@ public static partial class OpenIddictValidationAspNetCoreHandlers
public static OpenIddictValidationHandlerDescriptor Descriptor { get; }
= OpenIddictValidationHandlerDescriptor.CreateBuilder<ProcessChallengeContext>()
.AddFilter<RequireHttpRequest>()
.UseSingletonHandler<AttachHostChallengeError>()
.SetOrder(AttachDefaultChallengeError.Descriptor.Order - 500)
.UseSingletonHandler<ResolveHostChallengeProperties>()
.SetOrder(AttachHostChallengeError.Descriptor.Order - 500)
.SetType(OpenIddictValidationHandlerType.BuiltIn)
.Build();
@ -304,12 +304,34 @@ public static partial class OpenIddictValidationAspNetCoreHandlers
}
var properties = context.Transaction.GetProperty<AuthenticationProperties>(typeof(AuthenticationProperties).FullName!);
if (properties is not null)
if (properties is { Items.Count: > 0 })
{
context.Response.Error = properties.GetString(Properties.Error);
context.Response.ErrorDescription = properties.GetString(Properties.ErrorDescription);
context.Response.ErrorUri = properties.GetString(Properties.ErrorUri);
context.Response.Scope = properties.GetString(Properties.Scope);
foreach (var property in properties.Items)
{
context.Properties[property.Key] = property.Value;
}
}
if (properties is { Parameters.Count: > 0 })
{
foreach (var parameter in properties.Parameters)
{
context.Parameters[parameter.Key] = parameter.Value switch
{
OpenIddictParameter value => value,
JsonElement value => new OpenIddictParameter(value),
bool value => new OpenIddictParameter(value),
int value => new OpenIddictParameter(value),
long value => new OpenIddictParameter(value),
string value => new OpenIddictParameter(value),
string[] value => new OpenIddictParameter(value),
#if SUPPORTS_JSON_NODES
JsonNode value => new OpenIddictParameter(value),
#endif
_ => throw new InvalidOperationException(SR.GetResourceString(SR.ID0115))
};
}
}
return default;
@ -317,11 +339,10 @@ public static partial class OpenIddictValidationAspNetCoreHandlers
}
/// <summary>
/// Contains the logic responsible for resolving the additional sign-in parameters stored in the ASP.NET
/// Core authentication properties specified by the application that triggered the sign-in operation.
/// Contains the logic responsible for attaching the error details using the ASP.NET Core authentication properties.
/// Note: this handler is not used when the OpenID Connect request is not initially handled by ASP.NET Core.
/// </summary>
public class ResolveHostChallengeParameters : IOpenIddictValidationHandler<ProcessChallengeContext>
public class AttachHostChallengeError : IOpenIddictValidationHandler<ProcessChallengeContext>
{
/// <summary>
/// Gets the default descriptor definition assigned to this handler.
@ -329,8 +350,8 @@ public static partial class OpenIddictValidationAspNetCoreHandlers
public static OpenIddictValidationHandlerDescriptor Descriptor { get; }
= OpenIddictValidationHandlerDescriptor.CreateBuilder<ProcessChallengeContext>()
.AddFilter<RequireHttpRequest>()
.UseSingletonHandler<ResolveHostChallengeParameters>()
.SetOrder(AttachCustomChallengeParameters.Descriptor.Order - 500)
.UseSingletonHandler<AttachHostChallengeError>()
.SetOrder(AttachDefaultChallengeError.Descriptor.Order - 500)
.SetType(OpenIddictValidationHandlerType.BuiltIn)
.Build();
@ -343,28 +364,12 @@ public static partial class OpenIddictValidationAspNetCoreHandlers
}
var properties = context.Transaction.GetProperty<AuthenticationProperties>(typeof(AuthenticationProperties).FullName!);
if (properties is null)
{
return default;
}
foreach (var parameter in properties.Parameters)
if (properties is not null)
{
context.Parameters[parameter.Key] = parameter.Value switch
{
OpenIddictParameter value => value,
JsonElement value => new OpenIddictParameter(value),
bool value => new OpenIddictParameter(value),
int value => new OpenIddictParameter(value),
long value => new OpenIddictParameter(value),
string value => new OpenIddictParameter(value),
string[] value => new OpenIddictParameter(value),
#if SUPPORTS_JSON_NODES
JsonNode value => new OpenIddictParameter(value),
#endif
_ => throw new InvalidOperationException(SR.GetResourceString(SR.ID0115))
};
context.Response.Error = properties.GetString(Properties.Error);
context.Response.ErrorDescription = properties.GetString(Properties.ErrorDescription);
context.Response.ErrorUri = properties.GetString(Properties.ErrorUri);
context.Response.Scope = properties.GetString(Properties.Scope);
}
return default;

8
src/OpenIddict.Validation.Owin/OpenIddictValidationOwinConstants.cs
View File

@ -36,4 +36,12 @@ public static class OpenIddictValidationOwinConstants
public const string ErrorUri = ".error_uri";
public const string Scope = ".scope";
}
public static class PropertyTypes
{
public const string Boolean = "#boolean";
public const string Integer = "#integer";
public const string Json = "#json";
public const string String = "#string";
}
}

82
src/OpenIddict.Validation.Owin/OpenIddictValidationOwinHandlers.cs
View File

@ -7,7 +7,9 @@
using System.Collections.Immutable;
using System.ComponentModel;
using System.Diagnostics;
using System.Globalization;
using System.Text;
using System.Text.Json;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using Owin;
@ -35,6 +37,7 @@ public static partial class OpenIddictValidationOwinHandlers
/*
* Challenge processing:
*/
ResolveHostChallengeProperties.Descriptor,
AttachHostChallengeError.Descriptor,
/*
@ -276,6 +279,85 @@ public static partial class OpenIddictValidationOwinHandlers
}
}
/// <summary>
/// Contains the logic responsible for resolving the context-specific properties and parameters stored in the
/// OWIN authentication properties specified by the application that triggered the challenge operation.
/// Note: this handler is not used when the OpenID Connect request is not initially handled by OWIN.
/// </summary>
public class ResolveHostChallengeProperties : IOpenIddictValidationHandler<ProcessChallengeContext>
{
/// <summary>
/// Gets the default descriptor definition assigned to this handler.
/// </summary>
public static OpenIddictValidationHandlerDescriptor Descriptor { get; }
= OpenIddictValidationHandlerDescriptor.CreateBuilder<ProcessChallengeContext>()
.AddFilter<RequireOwinRequest>()
.UseSingletonHandler<ResolveHostChallengeProperties>()
.SetOrder(AttachHostChallengeError.Descriptor.Order - 500)
.SetType(OpenIddictValidationHandlerType.BuiltIn)
.Build();
/// <inheritdoc/>
public ValueTask HandleAsync(ProcessChallengeContext context)
{
if (context is null)
{
throw new ArgumentNullException(nameof(context));
}
var properties = context.Transaction.GetProperty<AuthenticationProperties>(typeof(AuthenticationProperties).FullName!);
if (properties is not { Dictionary.Count: > 0 })
{
return default;
}
// Note: unlike ASP.NET Core, OWIN's AuthenticationProperties doesn't offer a strongly-typed
// dictionary that allows flowing parameters while preserving their original types. To allow
// returning custom parameters, the OWIN host allows using AuthenticationProperties.Dictionary
// but requires suffixing the properties that are meant to be used as parameters using a special
// suffix that indicates that the property is public and determines its actual representation.
foreach (var property in properties.Dictionary)
{
var (name, value) = property.Key switch
{
// If the property ends with #string, represent it as a string parameter.
string key when key.EndsWith(PropertyTypes.String, StringComparison.OrdinalIgnoreCase) => (
Name: key.Substring(0, key.Length - PropertyTypes.String.Length),
Value: new OpenIddictParameter(property.Value)),
// If the property ends with #boolean, return it as a boolean parameter.
string key when key.EndsWith(PropertyTypes.Boolean, StringComparison.OrdinalIgnoreCase) => (
Name: key.Substring(0, key.Length - PropertyTypes.Boolean.Length),
Value: new OpenIddictParameter(bool.Parse(property.Value))),
// If the property ends with #integer, return it as an integer parameter.
string key when key.EndsWith(PropertyTypes.Integer, StringComparison.OrdinalIgnoreCase) => (
Name: key.Substring(0, key.Length - PropertyTypes.Integer.Length),
Value: new OpenIddictParameter(long.Parse(property.Value, CultureInfo.InvariantCulture))),
// If the property ends with #json, return it as a JSON parameter.
string key when key.EndsWith(PropertyTypes.Json, StringComparison.OrdinalIgnoreCase) => (
Name: key.Substring(0, key.Length - PropertyTypes.Json.Length),
Value: new OpenIddictParameter(JsonSerializer.Deserialize<JsonElement>(property.Value))),
_ => default
};
if (!string.IsNullOrEmpty(name))
{
context.Parameters[name] = value;
}
else
{
context.Properties[property.Key] = property.Value;
}
}
return default;
}
}
/// <summary>
/// Contains the logic responsible for attaching the error details using the OWIN authentication properties.
/// Note: this handler is not used when the OpenID Connect request is not initially handled by OWIN.

7
src/OpenIddict.Validation/OpenIddictValidationEvents.cs
View File

@ -331,7 +331,12 @@ public static partial class OpenIddictValidationEvents
}
/// <summary>
/// Gets the additional parameters returned to caller.
/// Gets the user-defined authentication properties, if available.
/// </summary>
public Dictionary<string, string?> Properties { get; } = new(StringComparer.Ordinal);
/// <summary>
/// Gets the additional parameters returned to the caller.
/// </summary>
public Dictionary<string, OpenIddictParameter> Parameters { get; } = new(StringComparer.Ordinal);
}

135
test/OpenIddict.Server.AspNetCore.IntegrationTests/OpenIddictServerAspNetCoreIntegrationTests.cs
View File

@ -136,6 +136,48 @@ public partial class OpenIddictServerAspNetCoreIntegrationTests : OpenIddictServ
Assert.Equal(new DateTimeOffset(2120, 01, 01, 00, 00, 00, TimeSpan.Zero), properties.ExpiresUtc);
}
[Fact]
public async Task ProcessChallenge_ImportsAuthenticationProperties()
{
// Arrange
await using var server = await CreateServerAsync(options =>
{
options.EnableDegradedMode();
options.SetTokenEndpointUris("/challenge/custom");
options.AddEventHandler<HandleTokenRequestContext>(builder =>
builder.UseInlineHandler(context =>
{
context.SkipRequest();
return default;
}));
options.AddEventHandler<ProcessChallengeContext>(builder =>
builder.UseInlineHandler(context =>
{
Assert.Equal("value", context.Properties["custom_property"]);
return default;
}));
});
await using var client = await server.CreateClientAsync();
// Act
var response = await client.PostAsync("/challenge/custom", new OpenIddictRequest
{
GrantType = GrantTypes.Password,
Username = "johndoe",
Password = "A3ddj3w"
});
// Assert
Assert.NotEmpty(response.Error);
Assert.NotEmpty(response.ErrorDescription);
Assert.NotEmpty(response.ErrorUri);
}
[Fact]
public async Task ProcessChallenge_ReturnsParametersFromAuthenticationProperties()
{
@ -734,6 +776,46 @@ public partial class OpenIddictServerAspNetCoreIntegrationTests : OpenIddictServ
Assert.Equal("Bob le Magnifique", (string?) response["name"]);
}
[Fact]
public async Task ProcessSignIn_ImportsAuthenticationProperties()
{
// Arrange
await using var server = await CreateServerAsync(options =>
{
options.EnableDegradedMode();
options.SetTokenEndpointUris("/signin/custom");
options.AddEventHandler<HandleTokenRequestContext>(builder =>
builder.UseInlineHandler(context =>
{
context.SkipRequest();
return default;
}));
options.AddEventHandler<ProcessSignInContext>(builder =>
builder.UseInlineHandler(context =>
{
Assert.Equal("value", context.Properties["custom_property"]);
return default;
}));
});
await using var client = await server.CreateClientAsync();
// Act
var response = await client.PostAsync("/signin/custom", new OpenIddictRequest
{
GrantType = GrantTypes.Password,
Username = "johndoe",
Password = "A3ddj3w"
});
// Assert
Assert.NotEmpty(response.AccessToken);
}
[Fact]
public async Task ProcessSignIn_ReturnsParametersFromAuthenticationProperties()
{
@ -782,6 +864,45 @@ public partial class OpenIddictServerAspNetCoreIntegrationTests : OpenIddictServ
#endif
}
[Fact]
public async Task ProcessSignOut_ImportsAuthenticationProperties()
{
// Arrange
await using var server = await CreateServerAsync(options =>
{
options.EnableDegradedMode();
options.SetLogoutEndpointUris("/signout/custom");
options.AddEventHandler<HandleLogoutRequestContext>(builder =>
builder.UseInlineHandler(context =>
{
context.SkipRequest();
return default;
}));
options.AddEventHandler<ProcessSignOutContext>(builder =>
builder.UseInlineHandler(context =>
{
Assert.Equal("value", context.Properties["custom_property"]);
return default;
}));
});
await using var client = await server.CreateClientAsync();
// Act
var response = await client.PostAsync("/signout/custom", new OpenIddictRequest
{
PostLogoutRedirectUri = "http://www.fabrikam.com/path",
State = "af0ifjsldkj"
});
// Assert
Assert.NotEmpty(response.State);
}
[Fact]
public async Task ProcessSignOut_ReturnsParametersFromAuthenticationProperties()
{
@ -904,7 +1025,10 @@ public partial class OpenIddictServerAspNetCoreIntegrationTests : OpenIddictServ
var principal = new ClaimsPrincipal(identity);
var properties = new AuthenticationProperties(
items: new Dictionary<string, string?>(),
items: new Dictionary<string, string?>
{
["custom_property"] = "value"
},
parameters: new Dictionary<string, object?>
{
["boolean_parameter"] = true,
@ -931,7 +1055,10 @@ public partial class OpenIddictServerAspNetCoreIntegrationTests : OpenIddictServ
else if (context.Request.Path == "/signout/custom")
{
var properties = new AuthenticationProperties(
items: new Dictionary<string, string?>(),
items: new Dictionary<string, string?>
{
["custom_property"] = "value"
},
parameters: new Dictionary<string, object?>
{
["boolean_parameter"] = true,
@ -956,7 +1083,9 @@ public partial class OpenIddictServerAspNetCoreIntegrationTests : OpenIddictServ
{
[OpenIddictServerAspNetCoreConstants.Properties.Error] = "custom_error",
[OpenIddictServerAspNetCoreConstants.Properties.ErrorDescription] = "custom_error_description",
[OpenIddictServerAspNetCoreConstants.Properties.ErrorUri] = "custom_error_uri"
[OpenIddictServerAspNetCoreConstants.Properties.ErrorUri] = "custom_error_uri",
["custom_property"] = "value"
},
parameters: new Dictionary<string, object?>
{

127
test/OpenIddict.Server.Owin.IntegrationTests/OpenIddictServerOwinIntegrationTests.cs
View File

@ -130,6 +130,48 @@ public partial class OpenIddictServerOwinIntegrationTests : OpenIddictServerInte
Assert.Equal(new DateTimeOffset(2120, 01, 01, 00, 00, 00, TimeSpan.Zero), properties.ExpiresUtc);
}
[Fact]
public async Task ProcessChallenge_ImportsAuthenticationProperties()
{
// Arrange
await using var server = await CreateServerAsync(options =>
{
options.EnableDegradedMode();
options.SetTokenEndpointUris("/challenge/custom");
options.AddEventHandler<HandleTokenRequestContext>(builder =>
builder.UseInlineHandler(context =>
{
context.SkipRequest();
return default;
}));
options.AddEventHandler<ProcessChallengeContext>(builder =>
builder.UseInlineHandler(context =>
{
Assert.Equal("value", context.Properties["custom_property"]);
return default;
}));
});
await using var client = await server.CreateClientAsync();
// Act
var response = await client.PostAsync("/challenge/custom", new OpenIddictRequest
{
GrantType = GrantTypes.Password,
Username = "johndoe",
Password = "A3ddj3w"
});
// Assert
Assert.NotEmpty(response.Error);
Assert.NotEmpty(response.ErrorDescription);
Assert.NotEmpty(response.ErrorUri);
}
[Fact]
public async Task ProcessChallenge_ReturnsParametersFromAuthenticationProperties()
{
@ -719,6 +761,46 @@ public partial class OpenIddictServerOwinIntegrationTests : OpenIddictServerInte
Assert.Equal("Bob le Magnifique", (string?) response["name"]);
}
[Fact]
public async Task ProcessSignIn_ImportsAuthenticationProperties()
{
// Arrange
await using var server = await CreateServerAsync(options =>
{
options.EnableDegradedMode();
options.SetTokenEndpointUris("/signin/custom");
options.AddEventHandler<HandleTokenRequestContext>(builder =>
builder.UseInlineHandler(context =>
{
context.SkipRequest();
return default;
}));
options.AddEventHandler<ProcessSignInContext>(builder =>
builder.UseInlineHandler(context =>
{
Assert.Equal("value", context.Properties["custom_property"]);
return default;
}));
});
await using var client = await server.CreateClientAsync();
// Act
var response = await client.PostAsync("/signin/custom", new OpenIddictRequest
{
GrantType = GrantTypes.Password,
Username = "johndoe",
Password = "A3ddj3w"
});
// Assert
Assert.NotEmpty(response.AccessToken);
}
[Fact]
public async Task ProcessSignIn_ReturnsParametersFromAuthenticationProperties()
{
@ -758,6 +840,45 @@ public partial class OpenIddictServerOwinIntegrationTests : OpenIddictServerInte
Assert.Equal(JsonValueKind.Array, ((JsonElement) response["json_parameter"]).ValueKind);
}
[Fact]
public async Task ProcessSignOut_ImportsAuthenticationProperties()
{
// Arrange
await using var server = await CreateServerAsync(options =>
{
options.EnableDegradedMode();
options.SetLogoutEndpointUris("/signout/custom");
options.AddEventHandler<HandleLogoutRequestContext>(builder =>
builder.UseInlineHandler(context =>
{
context.SkipRequest();
return default;
}));
options.AddEventHandler<ProcessSignOutContext>(builder =>
builder.UseInlineHandler(context =>
{
Assert.Equal("value", context.Properties["custom_property"]);
return default;
}));
});
await using var client = await server.CreateClientAsync();
// Act
var response = await client.PostAsync("/signout/custom", new OpenIddictRequest
{
PostLogoutRedirectUri = "http://www.fabrikam.com/path",
State = "af0ifjsldkj"
});
// Assert
Assert.NotEmpty(response.State);
}
[Fact]
public async Task ProcessSignOut_ReturnsParametersFromAuthenticationProperties()
{
@ -866,6 +987,8 @@ public partial class OpenIddictServerOwinIntegrationTests : OpenIddictServerInte
var properties = new AuthenticationProperties(new Dictionary<string, string?>
{
["custom_property"] = "value",
["boolean_parameter#boolean"] = "true",
["integer_parameter#integer"] = "42",
["string_parameter#string"] = "Bob l'Eponge",
@ -887,6 +1010,8 @@ public partial class OpenIddictServerOwinIntegrationTests : OpenIddictServerInte
var properties = new AuthenticationProperties(new Dictionary<string, string?>
{
["custom_property"] = "value",
["boolean_parameter#boolean"] = "true",
["integer_parameter#integer"] = "42",
["string_parameter#string"] = "Bob l'Eponge"
@ -910,6 +1035,8 @@ public partial class OpenIddictServerOwinIntegrationTests : OpenIddictServerInte
[OpenIddictServerOwinConstants.Properties.ErrorDescription] = "custom_error_description",
[OpenIddictServerOwinConstants.Properties.ErrorUri] = "custom_error_uri",
["custom_property"] = "value",
["boolean_parameter#boolean"] = "true",
["integer_parameter#integer"] = "42",
["string_parameter#string"] = "Bob l'Eponge",

Write Preview
Loading…
Cancel
Save