From 491cf85d1650b8a9799e4598be4af25cb720f41e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C3=A9vin=20Chalet?= <kevinchalet@gmail.com>
Date: Wed, 21 Feb 2024 17:02:55 +0100
Subject: [PATCH] Add DocuSign to the list of supported providers

---
 .../Startup.cs                                 |  2 +-
 .../InteractiveService.cs                      |  5 +++--
 .../OpenIddictClientAspNetCoreHandlers.cs      |  4 ++--
 ...ctClientWebIntegrationHandlers.Discovery.cs | 14 +++++++++++---
 .../OpenIddictClientWebIntegrationHandlers.cs  |  6 +++---
 ...OpenIddictClientWebIntegrationProviders.xml | 14 ++++++++++++++
 .../OpenIddictClientHandlers.cs                | 18 +++++++++---------
 7 files changed, 43 insertions(+), 20 deletions(-)

diff --git a/sandbox/OpenIddict.Sandbox.AspNetCore.Server/Startup.cs b/sandbox/OpenIddict.Sandbox.AspNetCore.Server/Startup.cs
index cdfaf4d2..2289a1e9 100644
--- a/sandbox/OpenIddict.Sandbox.AspNetCore.Server/Startup.cs
+++ b/sandbox/OpenIddict.Sandbox.AspNetCore.Server/Startup.cs
@@ -181,7 +181,7 @@ public class Startup
                 //        .SetClientId("resource_server")
                 //        .SetClientSecret("80B552BB-4CD8-48DA-946E-0815E0147DD2");
                 //
-                // When introspection is used, System.Net.Http integration must be enabled.
+                // When introspection is used, the System.Net.Http integration must be enabled.
                 //
                 // options.UseSystemNetHttp();
 
diff --git a/sandbox/OpenIddict.Sandbox.Console.Client/InteractiveService.cs b/sandbox/OpenIddict.Sandbox.Console.Client/InteractiveService.cs
index 58bdf13d..06b5a97c 100644
--- a/sandbox/OpenIddict.Sandbox.Console.Client/InteractiveService.cs
+++ b/sandbox/OpenIddict.Sandbox.Console.Client/InteractiveService.cs
@@ -207,9 +207,10 @@ public class InteractiveService : BackgroundService
                 AnsiConsole.MarkupLine("[yellow]The authorization was denied by the end user.[/]");
             }
 
-            catch
+            catch (Exception exception)
             {
-                AnsiConsole.MarkupLine("[red]An error occurred while trying to authenticate the user.[/]");
+                AnsiConsole.MarkupLine("[red]An error occurred while trying to authenticate the user:[/]");
+                AnsiConsole.WriteException(exception);
             }
         }
 
diff --git a/src/OpenIddict.Client.AspNetCore/OpenIddictClientAspNetCoreHandlers.cs b/src/OpenIddict.Client.AspNetCore/OpenIddictClientAspNetCoreHandlers.cs
index 3b190f99..709d96b5 100644
--- a/src/OpenIddict.Client.AspNetCore/OpenIddictClientAspNetCoreHandlers.cs
+++ b/src/OpenIddict.Client.AspNetCore/OpenIddictClientAspNetCoreHandlers.cs
@@ -72,8 +72,8 @@ public static partial class OpenIddictClientAspNetCoreHandlers
         ProcessStatusCodePagesErrorResponse<ProcessErrorContext>.Descriptor,
         ProcessLocalErrorResponse<ProcessErrorContext>.Descriptor,
 
-        ..Authentication.DefaultHandlers,
-        ..Session.DefaultHandlers
+        .. Authentication.DefaultHandlers,
+        .. Session.DefaultHandlers
     ];
 
     /// <summary>
diff --git a/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.Discovery.cs b/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.Discovery.cs
index bb217bbb..e1f67e3c 100644
--- a/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.Discovery.cs
+++ b/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.Discovery.cs
@@ -136,7 +136,8 @@ public static partial class OpenIddictClientWebIntegrationHandlers
                     context.Configuration.GrantTypesSupported.Add(GrantTypes.Implicit);
                 }
 
-                else if (context.Registration.ProviderType is ProviderTypes.Asana or ProviderTypes.Slack)
+                else if (context.Registration.ProviderType is
+                    ProviderTypes.DocuSign or ProviderTypes.Asana or ProviderTypes.Slack)
                 {
                     context.Configuration.GrantTypesSupported.Add(GrantTypes.RefreshToken);
                 }
@@ -181,7 +182,7 @@ public static partial class OpenIddictClientWebIntegrationHandlers
                     context.Configuration.CodeChallengeMethodsSupported.Add(CodeChallengeMethods.Sha256);
                 }
 
-                else if (context.Registration.ProviderType is ProviderTypes.Salesforce)
+                else if (context.Registration.ProviderType is ProviderTypes.DocuSign or ProviderTypes.Salesforce)
                 {
                     context.Configuration.CodeChallengeMethodsSupported.Add(CodeChallengeMethods.Sha256);
                 }
@@ -216,7 +217,14 @@ public static partial class OpenIddictClientWebIntegrationHandlers
                 // While it is a recommended node, some providers don't include "scopes_supported" in their
                 // configuration and thus are treated as OAuth 2.0-only providers by the OpenIddict client.
                 // To avoid that, the "openid" scope is manually added to indicate OpenID Connect is supported.
-                if (context.Registration.ProviderType is ProviderTypes.EpicGames or ProviderTypes.Xero)
+
+                if (context.Registration.ProviderType is ProviderTypes.DocuSign)
+                {
+                    context.Configuration.ScopesSupported.Remove("OpenId");
+                    context.Configuration.ScopesSupported.Add(Scopes.OpenId);
+                }
+
+                else if (context.Registration.ProviderType is ProviderTypes.EpicGames or ProviderTypes.Xero)
                 {
                     context.Configuration.ScopesSupported.Add(Scopes.OpenId);
                 }
diff --git a/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.cs b/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.cs
index 4082cfb8..ce88ef40 100644
--- a/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.cs
+++ b/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.cs
@@ -649,9 +649,9 @@ public static partial class OpenIddictClientWebIntegrationHandlers
             context.DisableBackchannelIdentityTokenNonceValidation = context.Registration.ProviderType switch
             {
                 // These providers don't include the nonce in their identity tokens:
-                ProviderTypes.Asana    or ProviderTypes.Dropbox          or
-                ProviderTypes.LinkedIn or ProviderTypes.QuickBooksOnline or
-                ProviderTypes.WorldId => true,
+                ProviderTypes.Asana            or ProviderTypes.DocuSign or
+                ProviderTypes.Dropbox          or ProviderTypes.LinkedIn or
+                ProviderTypes.QuickBooksOnline or ProviderTypes.WorldId => true,
 
                 _ => context.DisableBackchannelIdentityTokenNonceValidation
             };
diff --git a/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationProviders.xml b/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationProviders.xml
index 24791638..33c27983 100644
--- a/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationProviders.xml
+++ b/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationProviders.xml
@@ -338,6 +338,20 @@
     </Environment>
   </Provider>
 
+  <!--
+                                        ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
+                                        ██ ▄▄▀██ ▄▄▄ ██ ▄▄▀██ ██ ██ ▄▄▄ █▄ ▄██ ▄▄ ██ ▀██ ██
+                                        ██ ██ ██ ███ ██ █████ ██ ██▄▄▄▀▀██ ███ █▀▀██ █ █ ██
+                                        ██ ▀▀ ██ ▀▀▀ ██ ▀▀▄██▄▀▀▄██ ▀▀▀ █▀ ▀██ ▀▀▄██ ██▄ ██
+                                        ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+  -->
+
+  <Provider Name="DocuSign" Id="3133a058-b516-4d21-be9a-96c62fff7862"
+            Documentation="https://developers.docusign.com/platform/auth/authcode/authcode-get-token/">
+    <Environment Name="Production"  Issuer="https://account.docusign.com/" />
+    <Environment Name="Development" Issuer="https://account-d.docusign.com" />
+  </Provider>
+
   <!--
                                           ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
                                           ██ ▄▄▀██ ▄▄▀██ ▄▄▄ ██ ▄▄ ██ ▄▄▀██ ▄▄▄ █▄▀█▀▄██
diff --git a/src/OpenIddict.Client/OpenIddictClientHandlers.cs b/src/OpenIddict.Client/OpenIddictClientHandlers.cs
index 8227a1e0..327944d2 100644
--- a/src/OpenIddict.Client/OpenIddictClientHandlers.cs
+++ b/src/OpenIddict.Client/OpenIddictClientHandlers.cs
@@ -183,15 +183,15 @@ public static partial class OpenIddictClientHandlers
         AttachErrorParameters.Descriptor,
         AttachCustomErrorParameters.Descriptor,
 
-        ..Authentication.DefaultHandlers,
-        ..Device.DefaultHandlers,
-        ..Discovery.DefaultHandlers,
-        ..Exchange.DefaultHandlers,
-        ..Introspection.DefaultHandlers,
-        ..Protection.DefaultHandlers,
-        ..Revocation.DefaultHandlers,
-        ..Session.DefaultHandlers,
-        ..Userinfo.DefaultHandlers
+        .. Authentication.DefaultHandlers,
+        .. Device.DefaultHandlers,
+        .. Discovery.DefaultHandlers,
+        .. Exchange.DefaultHandlers,
+        .. Introspection.DefaultHandlers,
+        .. Protection.DefaultHandlers,
+        .. Revocation.DefaultHandlers,
+        .. Session.DefaultHandlers,
+        .. Userinfo.DefaultHandlers
     ];
 
     /// <summary>