From cf9f132b1386817c691749d0fe0b1dfc7b5c5ee7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Chalet?= Date: Thu, 16 Feb 2023 11:30:07 +0100 Subject: [PATCH] Remove leftovers from the OpenIddict.Client.Windows/OpenIddict.Client.SystemIntegration replacement --- ...ictClientWindowsHandlers.Authentication.cs | 108 -- .../OpenIddictClientWindowsHandlers.cs | 1304 ----------------- 2 files changed, 1412 deletions(-) delete mode 100644 src/OpenIddict.Client.Windows/OpenIddictClientWindowsHandlers.Authentication.cs delete mode 100644 src/OpenIddict.Client.Windows/OpenIddictClientWindowsHandlers.cs diff --git a/src/OpenIddict.Client.Windows/OpenIddictClientWindowsHandlers.Authentication.cs b/src/OpenIddict.Client.Windows/OpenIddictClientWindowsHandlers.Authentication.cs deleted file mode 100644 index 9e539524..00000000 --- a/src/OpenIddict.Client.Windows/OpenIddictClientWindowsHandlers.Authentication.cs +++ /dev/null @@ -1,108 +0,0 @@ -/* - * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0) - * See https://github.com/openiddict/openiddict-core for more information concerning - * the license and the contributors participating to this project. - */ - -using System.Collections.Immutable; -using System.Diagnostics; -using Microsoft.Extensions.Primitives; -using OpenIddict.Extensions; - -namespace OpenIddict.Client.Windows; - -public static partial class OpenIddictClientWindowsHandlers -{ - public static class Authentication - { - public static ImmutableArray DefaultHandlers { get; } = ImmutableArray.Create( - /* - * Authorization request processing: - */ - LaunchSystemBrowser.Descriptor, - - /* - * Redirection request extraction: - */ - ExtractRequestUriParameters.Descriptor, - - /* - * Redirection request handling: - */ - ProcessResponse.Descriptor, - - /* - * Redirection response handling: - */ - ProcessResponse.Descriptor); - - /// - /// Contains the logic responsible for initiating authorization requests using the system browser. - /// Note: this handler is not used when the OpenID Connect request is not initially handled by Windows. - /// - public class LaunchSystemBrowser : IOpenIddictClientHandler - { - /// - /// Gets the default descriptor definition assigned to this handler. - /// - public static OpenIddictClientHandlerDescriptor Descriptor { get; } - = OpenIddictClientHandlerDescriptor.CreateBuilder() - .AddFilter() - .UseSingletonHandler() - .SetOrder(50_000) - .SetType(OpenIddictClientHandlerType.BuiltIn) - .Build(); - - /// - public async ValueTask HandleAsync(ApplyAuthorizationRequestContext context) - { - if (context is null) - { - throw new ArgumentNullException(nameof(context)); - } - - // Note: the OpenIddict Windows integration is designed to work as a universal Windows package. - // As such, multiple types of application models must be supported to cover most scenarios. E.g: - // - // - Classical Win32 applications, for which no application-specific restriction is enforced. - // - Win32 applications running in an AppContainer, that are very similar to UWP applications. - // - Classical UWP applications, for which strict application restrictions are enforced. - // - Full-trust UWP applications, that are rare but very similar to classical Win32 applications. - // - Modern/hybrid Windows applications, that can be sandboxed or run as full-trust applications. - // - // Since .NET Standard 2.0 support for UWP was only introduced in Windows 10 1709 (also known - // as Fall Creators Update) and OpenIddict requires Windows 10 1809 as the minimum supported - // version, Windows 8/8.1's Metro-style/universal applications are deliberately not supported. - - Debug.Assert(context.Transaction.Request is not null, SR.GetResourceString(SR.ID4008)); - - var uri = OpenIddictHelpers.AddQueryStringParameters( - uri: new Uri(context.AuthorizationEndpoint, UriKind.Absolute), - parameters: context.Transaction.Request.GetParameters().ToDictionary( - parameter => parameter.Key, - parameter => new StringValues((string?[]?) parameter.Value))); - -#if SUPPORTS_WINDOWS_RUNTIME - // While Process.Start()/ShellExecuteEx() can typically be used without any particular restriction - // by non-sandboxed desktop applications to launch the default system browser, calling these - // APIs in sandboxed applications will result in an UnauthorizedAccessException being thrown. - // - // To avoid that, the OpenIddict host needs to determine whether the platform supports Windows - // Runtime APIs and favor the Launcher.LaunchUriAsync() API when it's offered by the platform. - - if (OpenIddictClientWindowsHelpers.IsWindowsRuntimeSupported() && await - OpenIddictClientWindowsHelpers.TryLaunchBrowserWithWindowsRuntimeAsync(uri)) - { - return; - } -#endif - if (await OpenIddictClientWindowsHelpers.TryLaunchBrowserWithShellExecuteAsync(uri)) - { - return; - } - - throw new InvalidOperationException(SR.GetResourceString(SR.ID0385)); - } - } - } -} diff --git a/src/OpenIddict.Client.Windows/OpenIddictClientWindowsHandlers.cs b/src/OpenIddict.Client.Windows/OpenIddictClientWindowsHandlers.cs deleted file mode 100644 index 1b772467..00000000 --- a/src/OpenIddict.Client.Windows/OpenIddictClientWindowsHandlers.cs +++ /dev/null @@ -1,1304 +0,0 @@ -/* - * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0) - * See https://github.com/openiddict/openiddict-core for more information concerning - * the license and the contributors participating to this project. - */ - -using System.Collections.Immutable; -using System.ComponentModel; -using System.Diagnostics; -using System.IO.Pipes; -using System.Security.Claims; -using System.Security.Principal; -using Microsoft.Extensions.Hosting; -using Microsoft.Extensions.Options; -using OpenIddict.Extensions; - -#if !SUPPORTS_HOST_APPLICATION_LIFETIME -using IHostApplicationLifetime = Microsoft.Extensions.Hosting.IApplicationLifetime; -#endif - -namespace OpenIddict.Client.Windows; - -[EditorBrowsable(EditorBrowsableState.Never)] -public static partial class OpenIddictClientWindowsHandlers -{ - public static ImmutableArray DefaultHandlers { get; } = ImmutableArray.Create( - /* - * Top-level request processing: - */ - ResolveRequestUri.Descriptor, - - /* - * Authentication processing: - */ - WaitMarshalledAuthentication.Descriptor, - RestoreStateTokenFromMarshalledAuthentication.Descriptor, - RestoreStateTokenPrincipalFromMarshalledAuthentication.Descriptor, - RestoreClientRegistrationFromMarshalledContext.Descriptor, - RedirectProtocolActivation.Descriptor, - ResolveRequestForgeryProtection.Descriptor, - RestoreFrontchannelTokensFromMarshalledAuthentication.Descriptor, - RestoreFrontchannelIdentityTokenPrincipalFromMarshalledAuthentication.Descriptor, - RestoreFrontchannelAccessTokenPrincipalFromMarshalledAuthentication.Descriptor, - RestoreAuthorizationCodePrincipalFromMarshalledAuthentication.Descriptor, - RestoreBackchannelTokensFromMarshalledAuthentication.Descriptor, - RestoreBackchannelIdentityTokenPrincipalFromMarshalledAuthentication.Descriptor, - RestoreBackchannelAccessTokenPrincipalFromMarshalledAuthentication.Descriptor, - RestoreRefreshTokenPrincipalFromMarshalledAuthentication.Descriptor, - RestoreUserinfoDetailsFromMarshalledAuthentication.Descriptor, - CompleteAuthenticationOperation.Descriptor, - UntrackMarshalledAuthenticationOperation.Descriptor, - - /* - * Challenge processing: - */ - InferBaseUriFromClientUri.Descriptor, - AttachInstanceIdentifier.Descriptor, - TrackAuthenticationOperation.Descriptor, - - /* - * Error processing: - */ - AbortAuthenticationDemand.Descriptor) - .AddRange(Authentication.DefaultHandlers); - - /// - /// Contains the logic responsible for resolving the request URI from the protocol activation details. - /// Note: this handler is not used when the OpenID Connect request is not initially handled by Windows. - /// - public sealed class ResolveRequestUri : IOpenIddictClientHandler - { - /// - /// Gets the default descriptor definition assigned to this handler. - /// - public static OpenIddictClientHandlerDescriptor Descriptor { get; } - = OpenIddictClientHandlerDescriptor.CreateBuilder() - .AddFilter() - .UseSingletonHandler() - .SetOrder(int.MinValue + 50_000) - .SetType(OpenIddictClientHandlerType.BuiltIn) - .Build(); - - /// - public ValueTask HandleAsync(ProcessRequestContext context) - { - if (context is null) - { - throw new ArgumentNullException(nameof(context)); - } - - (context.BaseUri, context.RequestUri) = context.Transaction.GetWindowsActivation() switch - { - { ActivationUri: Uri uri } => ( - BaseUri : new Uri(uri.GetLeftPart(UriPartial.Authority), UriKind.Absolute), - RequestUri: uri), - - _ => throw new InvalidOperationException(SR.GetResourceString(SR.ID0375)) - }; - - return default; - } - } - - /// - /// Contains the logic responsible for extracting OpenID Connect requests from the request URI. - /// Note: this handler is not used when the OpenID Connect request is not initially handled by Windows. - /// - public sealed class ExtractRequestUriParameters : IOpenIddictClientHandler where TContext : BaseValidatingContext - { - /// - /// Gets the default descriptor definition assigned to this handler. - /// - public static OpenIddictClientHandlerDescriptor Descriptor { get; } - = OpenIddictClientHandlerDescriptor.CreateBuilder() - .AddFilter() - .UseSingletonHandler>() - .SetOrder(int.MinValue + 100_000) - .SetType(OpenIddictClientHandlerType.BuiltIn) - .Build(); - - /// - public ValueTask HandleAsync(TContext context) - { - if (context is null) - { - throw new ArgumentNullException(nameof(context)); - } - - // Extract the parameters from the query string present in the request URI. - context.Transaction.Request = new OpenIddictRequest(context.RequestUri switch - { - { IsAbsoluteUri: true } uri => OpenIddictHelpers.ParseQuery(uri.Query), - - _ => throw new InvalidOperationException(SR.GetResourceString(SR.ID0127)) - }); - - return default; - } - } - - /// - /// Contains the logic responsible for waiting for the marshalled authentication operation to complete, if applicable. - /// - public sealed class WaitMarshalledAuthentication : IOpenIddictClientHandler - { - private readonly OpenIddictClientWindowsMarshal _marshal; - private readonly IOptionsMonitor _options; - - public WaitMarshalledAuthentication( - OpenIddictClientWindowsMarshal marshal, - IOptionsMonitor options) - { - _marshal = marshal ?? throw new ArgumentNullException(nameof(marshal)); - _options = options ?? throw new ArgumentNullException(nameof(options)); - } - - /// - /// Gets the default descriptor definition assigned to this handler. - /// - public static OpenIddictClientHandlerDescriptor Descriptor { get; } - = OpenIddictClientHandlerDescriptor.CreateBuilder() - .AddFilter() - .UseSingletonHandler() - .SetOrder(ValidateAuthenticationDemand.Descriptor.Order + 500) - .SetType(OpenIddictClientHandlerType.BuiltIn) - .Build(); - - /// - public async ValueTask HandleAsync(ProcessAuthenticationContext context) - { - if (context is null) - { - throw new ArgumentNullException(nameof(context)); - } - - Debug.Assert(!string.IsNullOrEmpty(context.Nonce), SR.GetResourceString(SR.ID4019)); - - // Skip the marshalling logic entirely if the operation is not tracked. - if (!_marshal.IsTracked(context.Nonce)) - { - return; - } - - // Allow a single authentication operation at the same time with the same nonce. - if (!_marshal.TryAcquireLock(context.Nonce)) - { - throw new InvalidOperationException(SR.GetResourceString(SR.ID0379)); - } - - // At this point, user authentication demands cannot complete until the authorization response has been - // returned to the redirection endpoint (materialized as a registered protocol activation URI) and handled - // by OpenIddict via the ProcessRequest event. Since it is asynchronous by nature, this process requires - // using a signal mechanism to unblock the authentication operation once it is complete. For that, the - // marshal uses a TaskCompletionSource (one per authentication) that will be automatically completed - // or aborted by a specialized event handler as part of the ProcessRequest/ProcessError events processing. - - try - { - // To ensure pending authentication operations for which no response is received are not tracked - // indefinitely, a CancellationTokenSource with a static timeout is used even if the cancellation - // token specified by the user is never marked as canceled: if the authentication is not completed - // when the timeout is reached, the operation will be considered canceled and removed from the list. - using var source = CancellationTokenSource.CreateLinkedTokenSource(context.CancellationToken); - source.CancelAfter(_options.CurrentValue.AuthenticationTimeout); - - if (!await _marshal.TryWaitForCompletionAsync(context.Nonce, source.Token) || - !_marshal.TryGetResult(context.Nonce, out ProcessAuthenticationContext? notification)) - { - throw new InvalidOperationException(SR.GetResourceString(SR.ID0383)); - } - - if (notification.IsRequestHandled) - { - context.HandleRequest(); - return; - } - - else if (notification.IsRequestSkipped) - { - context.SkipRequest(); - return; - } - - else if (notification.IsRejected) - { - context.Reject( - error: notification.Error ?? Errors.InvalidRequest, - description: notification.ErrorDescription, - uri: notification.ErrorUri); - return; - } - } - - // If the operation failed due to the timeout, it's likely the TryRemove() method - // won't be called, so the tracked context is manually removed before re-throwing. - catch (OperationCanceledException) when (_marshal.TryRemove(context.Nonce)) - { - throw; - } - } - } - - /// - /// Contains the logic responsible for restoring the state token from the marshalled authentication context, if applicable. - /// - public sealed class RestoreStateTokenFromMarshalledAuthentication : IOpenIddictClientHandler - { - private readonly OpenIddictClientWindowsMarshal _marshal; - - public RestoreStateTokenFromMarshalledAuthentication(OpenIddictClientWindowsMarshal marshal) - => _marshal = marshal ?? throw new ArgumentNullException(nameof(marshal)); - - /// - /// Gets the default descriptor definition assigned to this handler. - /// - public static OpenIddictClientHandlerDescriptor Descriptor { get; } - = OpenIddictClientHandlerDescriptor.CreateBuilder() - .AddFilter() - .UseSingletonHandler() - .SetOrder(ResolveValidatedStateToken.Descriptor.Order + 500) - .SetType(OpenIddictClientHandlerType.BuiltIn) - .Build(); - - /// - public ValueTask HandleAsync(ProcessAuthenticationContext context) - { - if (context is null) - { - throw new ArgumentNullException(nameof(context)); - } - - Debug.Assert(!string.IsNullOrEmpty(context.Nonce), SR.GetResourceString(SR.ID4019)); - - context.StateToken = context.EndpointType switch - { - // When the authentication context is marshalled, restore the state token from the other instance. - OpenIddictClientEndpointType.Unknown when _marshal.TryGetResult(context.Nonce, out var notification) - => notification.StateToken, - - // Otherwise, don't alter the current context. - _ => context.StateToken - }; - - return default; - } - } - - /// - /// Contains the logic responsible for restoring the state token - /// principal from the marshalled authentication context, if applicable. - /// - public sealed class RestoreStateTokenPrincipalFromMarshalledAuthentication : IOpenIddictClientHandler - { - private readonly OpenIddictClientWindowsMarshal _marshal; - - public RestoreStateTokenPrincipalFromMarshalledAuthentication(OpenIddictClientWindowsMarshal marshal) - => _marshal = marshal ?? throw new ArgumentNullException(nameof(marshal)); - - /// - /// Gets the default descriptor definition assigned to this handler. - /// - public static OpenIddictClientHandlerDescriptor Descriptor { get; } - = OpenIddictClientHandlerDescriptor.CreateBuilder() - .AddFilter() - .UseSingletonHandler() - .SetOrder(ValidateStateToken.Descriptor.Order + 500) - .SetType(OpenIddictClientHandlerType.BuiltIn) - .Build(); - - /// - public ValueTask HandleAsync(ProcessAuthenticationContext context) - { - if (context is null) - { - throw new ArgumentNullException(nameof(context)); - } - - Debug.Assert(!string.IsNullOrEmpty(context.Nonce), SR.GetResourceString(SR.ID4019)); - - context.StateTokenPrincipal = context.EndpointType switch - { - // When the authentication context is marshalled, restore - // the state token principal from the other instance. - OpenIddictClientEndpointType.Unknown when _marshal.TryGetResult(context.Nonce, out var notification) - => notification.StateTokenPrincipal, - - // Otherwise, don't alter the current context. - _ => context.StateTokenPrincipal - }; - - return default; - } - } - - /// - /// Contains the logic responsible for restoring the client registration and - /// configuration from the marshalled authentication context, if applicable. - /// - public sealed class RestoreClientRegistrationFromMarshalledContext : IOpenIddictClientHandler - { - private readonly OpenIddictClientWindowsMarshal _marshal; - - public RestoreClientRegistrationFromMarshalledContext(OpenIddictClientWindowsMarshal marshal) - => _marshal = marshal ?? throw new ArgumentNullException(nameof(marshal)); - - /// - /// Gets the default descriptor definition assigned to this handler. - /// - public static OpenIddictClientHandlerDescriptor Descriptor { get; } - = OpenIddictClientHandlerDescriptor.CreateBuilder() - .AddFilter() - .UseSingletonHandler() - .SetOrder(ResolveClientRegistrationFromStateToken.Descriptor.Order + 500) - .SetType(OpenIddictClientHandlerType.BuiltIn) - .Build(); - - /// - public ValueTask HandleAsync(ProcessAuthenticationContext context) - { - if (context is null) - { - throw new ArgumentNullException(nameof(context)); - } - - Debug.Assert(!string.IsNullOrEmpty(context.Nonce), SR.GetResourceString(SR.ID4019)); - - (context.Issuer, context.Configuration, context.Registration) = context.EndpointType switch - { - // When the authentication context is marshalled, restore the - // issuer registration and configuration from the other instance. - OpenIddictClientEndpointType.Unknown when _marshal.TryGetResult(context.Nonce, out var notification) - => (notification.Issuer, notification.Configuration, notification.Registration), - - _ => (context.Issuer, context.Configuration, context.Registration) - }; - - return default; - } - } - - /// - /// Contains the logic responsible for redirecting the Windows protocol activation - /// to the instance that initially started the authentication demand, if applicable. - /// Note: this handler is not used when the OpenID Connect request is not initially handled by Windows. - /// - public sealed class RedirectProtocolActivation : IOpenIddictClientHandler - { - private readonly IHostApplicationLifetime _lifetime; - private readonly IOptionsMonitor _options; - - public RedirectProtocolActivation( - IHostApplicationLifetime lifetime, - IOptionsMonitor options) - { - _lifetime = lifetime ?? throw new ArgumentNullException(nameof(lifetime)); - _options = options ?? throw new ArgumentNullException(nameof(options)); - } - - /// - /// Gets the default descriptor definition assigned to this handler. - /// - public static OpenIddictClientHandlerDescriptor Descriptor { get; } - = OpenIddictClientHandlerDescriptor.CreateBuilder() - .AddFilter() - .AddFilter() - .UseSingletonHandler() - .SetOrder(ResolveNonceFromStateToken.Descriptor.Order + 500) - .SetType(OpenIddictClientHandlerType.BuiltIn) - .Build(); - - /// - public async ValueTask HandleAsync(ProcessAuthenticationContext context) - { - if (context is null) - { - throw new ArgumentNullException(nameof(context)); - } - - Debug.Assert(context.StateTokenPrincipal is { Identity: ClaimsIdentity }, SR.GetResourceString(SR.ID4006)); - - var identifier = context.StateTokenPrincipal.GetClaim(Claims.Private.InstanceId); - if (string.IsNullOrEmpty(identifier)) - { - throw new InvalidOperationException(SR.GetResourceString(SR.ID0376)); - } - - // If the identifier stored in the state token doesn't match the identifier of the - // current instance, stop processing the authentication demand in this process and - // redirect the protocol activation to the correct instance. Once the redirection - // has been received by the other instance, ask the host to stop the application. - if (!string.Equals(identifier, _options.CurrentValue.InstanceIdentifier, StringComparison.OrdinalIgnoreCase)) - { - using (var buffer = new MemoryStream()) - using (var writer = new BinaryWriter(buffer)) - using (var source = new CancellationTokenSource(delay: TimeSpan.FromSeconds(10))) - using (var stream = new NamedPipeClientStream( - serverName : ".", - pipeName : $@"{_options.CurrentValue.PipeName}\{identifier}", - direction : PipeDirection.Out, - options : PipeOptions.Asynchronous, - impersonationLevel: TokenImpersonationLevel.None, - inheritability : HandleInheritability.None)) - { - // Wait for the target to accept the pipe connection. - await stream.ConnectAsync(source.Token); - - // Write the type of message stored in the shared memory and the - // version used to identify the binary serialization format. - writer.Write(0x01); - writer.Write(0x01); - - // Write the protocol activation URI. - writer.Write(context.Transaction.GetWindowsActivation() switch - { - { ActivationUri: Uri uri } => uri.AbsoluteUri, - - _ => throw new InvalidOperationException(SR.GetResourceString(SR.ID0375)) - }); - - // Transfer the payload to the target. - buffer.Seek(0L, SeekOrigin.Begin); - await buffer.CopyToAsync(stream, bufferSize: 81_920, source.Token); - } - - // Inform the host that the application should stop and mark the authentication context as handled - // to prevent the other event handlers from being invoked while the application is shutting down. - _lifetime.StopApplication(); - context.HandleRequest(); - - return; - } - } - } - - /// - /// Contains the logic responsible for resolving the request forgery protection that serves as a - /// protection against state token injection, forged requests and session fixation attacks. - /// Note: this handler is not used when the OpenID Connect request is not initially handled by Windows. - /// - public sealed class ResolveRequestForgeryProtection : IOpenIddictClientHandler - { - private readonly OpenIddictClientWindowsMarshal _marshal; - - public ResolveRequestForgeryProtection(OpenIddictClientWindowsMarshal marshal) - => _marshal = marshal ?? throw new ArgumentNullException(nameof(marshal)); - - /// - /// Gets the default descriptor definition assigned to this handler. - /// - public static OpenIddictClientHandlerDescriptor Descriptor { get; } - = OpenIddictClientHandlerDescriptor.CreateBuilder() - .AddFilter() - .AddFilter() - .UseSingletonHandler() - .SetOrder(ValidateRequestForgeryProtection.Descriptor.Order - 500) - .SetType(OpenIddictClientHandlerType.BuiltIn) - .Build(); - - /// - public ValueTask HandleAsync(ProcessAuthenticationContext context) - { - if (context is null) - { - throw new ArgumentNullException(nameof(context)); - } - - Debug.Assert(!string.IsNullOrEmpty(context.Nonce), SR.GetResourceString(SR.ID4019)); - - // Ensure the authentication demand is tracked by the OpenIddict client Windows marshal - // and resolve the corresponding request forgery protection. If it can't be found, this may - // indicate a session fixation attack: in this case, reject the authentication demand. - if (!_marshal.TryGetRequestForgeryProtection(context.Nonce, out string? protection)) - { - context.Reject( - error: Errors.InvalidRequest, - description: SR.GetResourceString(SR.ID2139), - uri: SR.FormatID8000(SR.ID2139)); - - return default; - } - - context.RequestForgeryProtection = protection; - - return default; - } - } - - /// - /// Contains the logic responsible for restoring the frontchannel tokens from the marshalled authentication context, if applicable. - /// - public sealed class RestoreFrontchannelTokensFromMarshalledAuthentication : IOpenIddictClientHandler - { - private readonly OpenIddictClientWindowsMarshal _marshal; - - public RestoreFrontchannelTokensFromMarshalledAuthentication(OpenIddictClientWindowsMarshal marshal) - => _marshal = marshal ?? throw new ArgumentNullException(nameof(marshal)); - - /// - /// Gets the default descriptor definition assigned to this handler. - /// - public static OpenIddictClientHandlerDescriptor Descriptor { get; } - = OpenIddictClientHandlerDescriptor.CreateBuilder() - .AddFilter() - .UseSingletonHandler() - .SetOrder(ResolveValidatedFrontchannelTokens.Descriptor.Order + 500) - .SetType(OpenIddictClientHandlerType.BuiltIn) - .Build(); - - /// - public ValueTask HandleAsync(ProcessAuthenticationContext context) - { - if (context is null) - { - throw new ArgumentNullException(nameof(context)); - } - - Debug.Assert(!string.IsNullOrEmpty(context.Nonce), SR.GetResourceString(SR.ID4019)); - - (context.AuthorizationCode, - context.FrontchannelAccessToken, - context.FrontchannelIdentityToken) = context.EndpointType switch - { - // When the authentication context is marshalled, restore the tokens from the other instance. - OpenIddictClientEndpointType.Unknown when _marshal.TryGetResult(context.Nonce, out var notification) - => (notification.AuthorizationCode, notification.FrontchannelAccessToken, notification.FrontchannelIdentityToken), - - // Otherwise, don't alter the current context. - _ => (context.AuthorizationCode, context.FrontchannelAccessToken, context.FrontchannelIdentityToken) - }; - - return default; - } - } - - /// - /// Contains the logic responsible for restoring the frontchannel identity - /// token principal from the marshalled authentication context, if applicable. - /// - public sealed class RestoreFrontchannelIdentityTokenPrincipalFromMarshalledAuthentication : IOpenIddictClientHandler - { - private readonly OpenIddictClientWindowsMarshal _marshal; - - public RestoreFrontchannelIdentityTokenPrincipalFromMarshalledAuthentication(OpenIddictClientWindowsMarshal marshal) - => _marshal = marshal ?? throw new ArgumentNullException(nameof(marshal)); - - /// - /// Gets the default descriptor definition assigned to this handler. - /// - public static OpenIddictClientHandlerDescriptor Descriptor { get; } - = OpenIddictClientHandlerDescriptor.CreateBuilder() - .AddFilter() - .UseSingletonHandler() - .SetOrder(ValidateFrontchannelIdentityToken.Descriptor.Order + 500) - .SetType(OpenIddictClientHandlerType.BuiltIn) - .Build(); - - /// - public ValueTask HandleAsync(ProcessAuthenticationContext context) - { - if (context is null) - { - throw new ArgumentNullException(nameof(context)); - } - - Debug.Assert(!string.IsNullOrEmpty(context.Nonce), SR.GetResourceString(SR.ID4019)); - - context.FrontchannelIdentityTokenPrincipal = context.EndpointType switch - { - // When the authentication context is marshalled, restore the - // frontchannel identity token principal from the other instance. - OpenIddictClientEndpointType.Unknown when _marshal.TryGetResult(context.Nonce, out var notification) - => notification.FrontchannelIdentityTokenPrincipal, - - // Otherwise, don't alter the current context. - _ => context.FrontchannelIdentityTokenPrincipal - }; - - return default; - } - } - - /// - /// Contains the logic responsible for restoring the frontchannel access - /// token principal from the marshalled authentication context, if applicable. - /// - public sealed class RestoreFrontchannelAccessTokenPrincipalFromMarshalledAuthentication : IOpenIddictClientHandler - { - private readonly OpenIddictClientWindowsMarshal _marshal; - - public RestoreFrontchannelAccessTokenPrincipalFromMarshalledAuthentication(OpenIddictClientWindowsMarshal marshal) - => _marshal = marshal ?? throw new ArgumentNullException(nameof(marshal)); - - /// - /// Gets the default descriptor definition assigned to this handler. - /// - public static OpenIddictClientHandlerDescriptor Descriptor { get; } - = OpenIddictClientHandlerDescriptor.CreateBuilder() - .AddFilter() - .UseSingletonHandler() - .SetOrder(ValidateFrontchannelAccessToken.Descriptor.Order + 500) - .SetType(OpenIddictClientHandlerType.BuiltIn) - .Build(); - - /// - public ValueTask HandleAsync(ProcessAuthenticationContext context) - { - if (context is null) - { - throw new ArgumentNullException(nameof(context)); - } - - Debug.Assert(!string.IsNullOrEmpty(context.Nonce), SR.GetResourceString(SR.ID4019)); - - context.FrontchannelAccessTokenPrincipal = context.EndpointType switch - { - // When the authentication context is marshalled, restore the - // frontchannel access token principal from the other instance. - OpenIddictClientEndpointType.Unknown when _marshal.TryGetResult(context.Nonce, out var notification) - => notification.FrontchannelAccessTokenPrincipal, - - // Otherwise, don't alter the current context. - _ => context.FrontchannelAccessTokenPrincipal - }; - - return default; - } - } - - /// - /// Contains the logic responsible for restoring the authorization code - /// principal from the marshalled authentication context, if applicable. - /// - public sealed class RestoreAuthorizationCodePrincipalFromMarshalledAuthentication : IOpenIddictClientHandler - { - private readonly OpenIddictClientWindowsMarshal _marshal; - - public RestoreAuthorizationCodePrincipalFromMarshalledAuthentication(OpenIddictClientWindowsMarshal marshal) - => _marshal = marshal ?? throw new ArgumentNullException(nameof(marshal)); - - /// - /// Gets the default descriptor definition assigned to this handler. - /// - public static OpenIddictClientHandlerDescriptor Descriptor { get; } - = OpenIddictClientHandlerDescriptor.CreateBuilder() - .AddFilter() - .UseSingletonHandler() - .SetOrder(ValidateAuthorizationCode.Descriptor.Order + 500) - .SetType(OpenIddictClientHandlerType.BuiltIn) - .Build(); - - /// - public ValueTask HandleAsync(ProcessAuthenticationContext context) - { - if (context is null) - { - throw new ArgumentNullException(nameof(context)); - } - - Debug.Assert(!string.IsNullOrEmpty(context.Nonce), SR.GetResourceString(SR.ID4019)); - - context.AuthorizationCodePrincipal = context.EndpointType switch - { - // When the authentication context is marshalled, restore the - // authorization code principal from the other instance. - OpenIddictClientEndpointType.Unknown when _marshal.TryGetResult(context.Nonce, out var notification) - => notification.AuthorizationCodePrincipal, - - // Otherwise, don't alter the current context. - _ => context.AuthorizationCodePrincipal - }; - - return default; - } - } - - /// - /// Contains the logic responsible for restoring the token response from the marshalled authentication context, if applicable. - /// - public sealed class RestoreTokenResponseFromMarshalledAuthentication : IOpenIddictClientHandler - { - private readonly OpenIddictClientWindowsMarshal _marshal; - - public RestoreTokenResponseFromMarshalledAuthentication(OpenIddictClientWindowsMarshal marshal) - => _marshal = marshal ?? throw new ArgumentNullException(nameof(marshal)); - - /// - /// Gets the default descriptor definition assigned to this handler. - /// - public static OpenIddictClientHandlerDescriptor Descriptor { get; } - = OpenIddictClientHandlerDescriptor.CreateBuilder() - .AddFilter() - .UseSingletonHandler() - .SetOrder(SendTokenRequest.Descriptor.Order + 500) - .SetType(OpenIddictClientHandlerType.BuiltIn) - .Build(); - - /// - public ValueTask HandleAsync(ProcessAuthenticationContext context) - { - if (context is null) - { - throw new ArgumentNullException(nameof(context)); - } - - Debug.Assert(!string.IsNullOrEmpty(context.Nonce), SR.GetResourceString(SR.ID4019)); - - context.TokenResponse = context.EndpointType switch - { - // When the authentication context is marshalled, restore the token response from the other instance. - OpenIddictClientEndpointType.Unknown when _marshal.TryGetResult(context.Nonce, out var notification) - => notification.TokenResponse, - - // Otherwise, don't alter the current context. - _ => context.TokenResponse - }; - - return default; - } - } - - /// - /// Contains the logic responsible for restoring the backchannel tokens from the marshalled authentication context, if applicable. - /// - public sealed class RestoreBackchannelTokensFromMarshalledAuthentication : IOpenIddictClientHandler - { - private readonly OpenIddictClientWindowsMarshal _marshal; - - public RestoreBackchannelTokensFromMarshalledAuthentication(OpenIddictClientWindowsMarshal marshal) - => _marshal = marshal ?? throw new ArgumentNullException(nameof(marshal)); - - /// - /// Gets the default descriptor definition assigned to this handler. - /// - public static OpenIddictClientHandlerDescriptor Descriptor { get; } - = OpenIddictClientHandlerDescriptor.CreateBuilder() - .AddFilter() - .UseSingletonHandler() - .SetOrder(ResolveValidatedBackchannelTokens.Descriptor.Order + 500) - .SetType(OpenIddictClientHandlerType.BuiltIn) - .Build(); - - /// - public ValueTask HandleAsync(ProcessAuthenticationContext context) - { - if (context is null) - { - throw new ArgumentNullException(nameof(context)); - } - - Debug.Assert(!string.IsNullOrEmpty(context.Nonce), SR.GetResourceString(SR.ID4019)); - - (context.BackchannelAccessToken, - context.BackchannelIdentityToken, - context.RefreshToken) = context.EndpointType switch - { - // When the authentication context is marshalled, restore the tokens from the other instance. - OpenIddictClientEndpointType.Unknown when _marshal.TryGetResult(context.Nonce, out var notification) - => (notification.BackchannelAccessToken, notification.BackchannelIdentityToken, notification.RefreshToken), - - // Otherwise, don't alter the current context. - _ => (context.BackchannelAccessToken, context.BackchannelIdentityToken, context.RefreshToken) - }; - - return default; - } - } - - /// - /// Contains the logic responsible for restoring the backchannel identity - /// token principal from the marshalled authentication context, if applicable. - /// - public sealed class RestoreBackchannelIdentityTokenPrincipalFromMarshalledAuthentication : IOpenIddictClientHandler - { - private readonly OpenIddictClientWindowsMarshal _marshal; - - public RestoreBackchannelIdentityTokenPrincipalFromMarshalledAuthentication(OpenIddictClientWindowsMarshal marshal) - => _marshal = marshal ?? throw new ArgumentNullException(nameof(marshal)); - - /// - /// Gets the default descriptor definition assigned to this handler. - /// - public static OpenIddictClientHandlerDescriptor Descriptor { get; } - = OpenIddictClientHandlerDescriptor.CreateBuilder() - .AddFilter() - .UseSingletonHandler() - .SetOrder(ValidateBackchannelIdentityToken.Descriptor.Order + 500) - .SetType(OpenIddictClientHandlerType.BuiltIn) - .Build(); - - /// - public ValueTask HandleAsync(ProcessAuthenticationContext context) - { - if (context is null) - { - throw new ArgumentNullException(nameof(context)); - } - - Debug.Assert(!string.IsNullOrEmpty(context.Nonce), SR.GetResourceString(SR.ID4019)); - - context.BackchannelIdentityTokenPrincipal = context.EndpointType switch - { - // When the authentication context is marshalled, restore the - // frontchannel identity token principal from the other instance. - OpenIddictClientEndpointType.Unknown when _marshal.TryGetResult(context.Nonce, out var notification) - => notification.BackchannelIdentityTokenPrincipal, - - // Otherwise, don't alter the current context. - _ => context.BackchannelIdentityTokenPrincipal - }; - - return default; - } - } - - /// - /// Contains the logic responsible for restoring the frontchannel access - /// token principal from the marshalled authentication context, if applicable. - /// - public sealed class RestoreBackchannelAccessTokenPrincipalFromMarshalledAuthentication : IOpenIddictClientHandler - { - private readonly OpenIddictClientWindowsMarshal _marshal; - - public RestoreBackchannelAccessTokenPrincipalFromMarshalledAuthentication(OpenIddictClientWindowsMarshal marshal) - => _marshal = marshal ?? throw new ArgumentNullException(nameof(marshal)); - - /// - /// Gets the default descriptor definition assigned to this handler. - /// - public static OpenIddictClientHandlerDescriptor Descriptor { get; } - = OpenIddictClientHandlerDescriptor.CreateBuilder() - .AddFilter() - .UseSingletonHandler() - .SetOrder(ValidateBackchannelAccessToken.Descriptor.Order + 500) - .SetType(OpenIddictClientHandlerType.BuiltIn) - .Build(); - - /// - public ValueTask HandleAsync(ProcessAuthenticationContext context) - { - if (context is null) - { - throw new ArgumentNullException(nameof(context)); - } - - Debug.Assert(!string.IsNullOrEmpty(context.Nonce), SR.GetResourceString(SR.ID4019)); - - context.BackchannelAccessTokenPrincipal = context.EndpointType switch - { - // When the authentication context is marshalled, restore the - // frontchannel access token principal from the other instance. - OpenIddictClientEndpointType.Unknown when _marshal.TryGetResult(context.Nonce, out var notification) - => notification.BackchannelAccessTokenPrincipal, - - // Otherwise, don't alter the current context. - _ => context.BackchannelAccessTokenPrincipal - }; - - return default; - } - } - - /// - /// Contains the logic responsible for restoring the refresh token - /// principal from the marshalled authentication context, if applicable. - /// - public sealed class RestoreRefreshTokenPrincipalFromMarshalledAuthentication : IOpenIddictClientHandler - { - private readonly OpenIddictClientWindowsMarshal _marshal; - - public RestoreRefreshTokenPrincipalFromMarshalledAuthentication(OpenIddictClientWindowsMarshal marshal) - => _marshal = marshal ?? throw new ArgumentNullException(nameof(marshal)); - - /// - /// Gets the default descriptor definition assigned to this handler. - /// - public static OpenIddictClientHandlerDescriptor Descriptor { get; } - = OpenIddictClientHandlerDescriptor.CreateBuilder() - .AddFilter() - .UseSingletonHandler() - .SetOrder(ValidateRefreshToken.Descriptor.Order + 500) - .SetType(OpenIddictClientHandlerType.BuiltIn) - .Build(); - - /// - public ValueTask HandleAsync(ProcessAuthenticationContext context) - { - if (context is null) - { - throw new ArgumentNullException(nameof(context)); - } - - Debug.Assert(!string.IsNullOrEmpty(context.Nonce), SR.GetResourceString(SR.ID4019)); - - context.RefreshTokenPrincipal = context.EndpointType switch - { - // When the authentication context is marshalled, restore - // the refresh token principal from the other instance. - OpenIddictClientEndpointType.Unknown when _marshal.TryGetResult(context.Nonce, out var notification) - => notification.RefreshTokenPrincipal, - - // Otherwise, don't alter the current context. - _ => context.RefreshTokenPrincipal - }; - - return default; - } - } - - /// - /// Contains the logic responsible for restoring the userinfo details - /// from the marshalled authentication context, if applicable. - /// - public sealed class RestoreUserinfoDetailsFromMarshalledAuthentication : IOpenIddictClientHandler - { - private readonly OpenIddictClientWindowsMarshal _marshal; - - public RestoreUserinfoDetailsFromMarshalledAuthentication(OpenIddictClientWindowsMarshal marshal) - => _marshal = marshal ?? throw new ArgumentNullException(nameof(marshal)); - - /// - /// Gets the default descriptor definition assigned to this handler. - /// - public static OpenIddictClientHandlerDescriptor Descriptor { get; } - = OpenIddictClientHandlerDescriptor.CreateBuilder() - .AddFilter() - .UseSingletonHandler() - .SetOrder(SendUserinfoRequest.Descriptor.Order + 500) - .SetType(OpenIddictClientHandlerType.BuiltIn) - .Build(); - - /// - public ValueTask HandleAsync(ProcessAuthenticationContext context) - { - if (context is null) - { - throw new ArgumentNullException(nameof(context)); - } - - Debug.Assert(!string.IsNullOrEmpty(context.Nonce), SR.GetResourceString(SR.ID4019)); - - (context.UserinfoResponse, context.UserinfoTokenPrincipal, context.UserinfoToken) = context.EndpointType switch - { - // When the authentication context is marshalled, restore the userinfo details from the other instance. - OpenIddictClientEndpointType.Unknown when _marshal.TryGetResult(context.Nonce, out var notification) - => (notification.UserinfoResponse, notification.UserinfoTokenPrincipal, notification.UserinfoToken), - - // Otherwise, don't alter the current context. - _ => (context.UserinfoResponse, context.UserinfoTokenPrincipal, context.UserinfoToken) - }; - - return default; - } - } - - /// - /// Contains the logic responsible for informing the authentication service the operation is complete. - /// Note: this handler is not used when the OpenID Connect request is not initially handled by Windows. - /// - public sealed class CompleteAuthenticationOperation : IOpenIddictClientHandler - { - private readonly OpenIddictClientWindowsMarshal _marshal; - - public CompleteAuthenticationOperation(OpenIddictClientWindowsMarshal marshal) - => _marshal = marshal ?? throw new ArgumentNullException(nameof(marshal)); - - /// - /// Gets the default descriptor definition assigned to this handler. - /// - public static OpenIddictClientHandlerDescriptor Descriptor { get; } - = OpenIddictClientHandlerDescriptor.CreateBuilder() - .AddFilter() - .AddFilter() - .AddFilter() - .UseSingletonHandler() - .SetOrder(int.MaxValue - 50_000) - .SetType(OpenIddictClientHandlerType.BuiltIn) - .Build(); - - /// - public ValueTask HandleAsync(ProcessAuthenticationContext context) - { - if (context is null) - { - throw new ArgumentNullException(nameof(context)); - } - - Debug.Assert(!string.IsNullOrEmpty(context.Nonce), SR.GetResourceString(SR.ID4019)); - - // Inform the marshal that the authentication demand is complete. - if (!_marshal.TryComplete(context.Nonce, context)) - { - throw new InvalidOperationException(SR.GetResourceString(SR.ID0380)); - } - - return default; - } - } - - /// - /// Contains the logic responsible for informing the marshal that the context - /// associated with the authentication operation can be discarded, if applicable. - /// - public sealed class UntrackMarshalledAuthenticationOperation : IOpenIddictClientHandler - { - private readonly OpenIddictClientWindowsMarshal _marshal; - - public UntrackMarshalledAuthenticationOperation(OpenIddictClientWindowsMarshal marshal) - => _marshal = marshal ?? throw new ArgumentNullException(nameof(marshal)); - - /// - /// Gets the default descriptor definition assigned to this handler. - /// - public static OpenIddictClientHandlerDescriptor Descriptor { get; } - = OpenIddictClientHandlerDescriptor.CreateBuilder() - .AddFilter() - .UseSingletonHandler() - .SetOrder(int.MaxValue) - .SetType(OpenIddictClientHandlerType.BuiltIn) - .Build(); - - /// - public ValueTask HandleAsync(ProcessAuthenticationContext context) - { - if (context is null) - { - throw new ArgumentNullException(nameof(context)); - } - - Debug.Assert(!string.IsNullOrEmpty(context.Nonce), SR.GetResourceString(SR.ID4019)); - - // If applicable, inform the marshal that the authentication demand can be discarded. - if (context.EndpointType is OpenIddictClientEndpointType.Unknown && - _marshal.IsTracked(context.Nonce) && !_marshal.TryRemove(context.Nonce)) - { - throw new InvalidOperationException(SR.GetResourceString(SR.ID0381)); - } - - return default; - } - } - - /// - /// Contains the logic responsible for inferring the base URI from the client URI set in the options. - /// Note: this handler is not used when the OpenID Connect request is not initially handled by Windows. - /// - public sealed class InferBaseUriFromClientUri : IOpenIddictClientHandler - { - /// - /// Gets the default descriptor definition assigned to this handler. - /// - public static OpenIddictClientHandlerDescriptor Descriptor { get; } - = OpenIddictClientHandlerDescriptor.CreateBuilder() - .AddFilter() - .UseSingletonHandler() - .SetOrder(ValidateChallengeDemand.Descriptor.Order + 500) - .SetType(OpenIddictClientHandlerType.BuiltIn) - .Build(); - - /// - public ValueTask HandleAsync(ProcessChallengeContext context) - { - if (context is null) - { - throw new ArgumentNullException(nameof(context)); - } - - context.BaseUri ??= context.Options.ClientUri; - - return default; - } - } - - /// - /// Contains the logic responsible for storing the identifier of the current instance in the state token. - /// Note: this handler is not used when the OpenID Connect request is not initially handled by Windows. - /// - public sealed class AttachInstanceIdentifier : IOpenIddictClientHandler - { - private readonly IOptionsMonitor _options; - - public AttachInstanceIdentifier(IOptionsMonitor options) - => _options = options ?? throw new ArgumentNullException(nameof(options)); - - /// - /// Gets the default descriptor definition assigned to this handler. - /// - public static OpenIddictClientHandlerDescriptor Descriptor { get; } - = OpenIddictClientHandlerDescriptor.CreateBuilder() - .AddFilter() - .AddFilter() - .UseSingletonHandler() - .SetOrder(PrepareLoginStateTokenPrincipal.Descriptor.Order + 500) - .SetType(OpenIddictClientHandlerType.BuiltIn) - .Build(); - - /// - public ValueTask HandleAsync(ProcessChallengeContext context) - { - if (context is null) - { - throw new ArgumentNullException(nameof(context)); - } - - Debug.Assert(context.StateTokenPrincipal is { Identity: ClaimsIdentity }, SR.GetResourceString(SR.ID4006)); - - // Most Windows applications (except UWP applications) are multi-instanced. As such, any protocol activation - // triggered by launching one of the URI schemes associated with the application will create a new instance, - // different from the one that initially started the authentication flow. To deal with that without having to - // share persistent state between instances, OpenIddict stores the identifier of the instance that starts the - // authentication process and uses it when handling the callback to determine whether the protocol activation - // should be redirected to a different instance using inter-process communication. - context.StateTokenPrincipal.SetClaim(Claims.Private.InstanceId, _options.CurrentValue.InstanceIdentifier); - - return default; - } - } - - /// - /// Contains the logic responsible for asking the marshal to track the authentication operation. - /// Note: this handler is not used when the OpenID Connect request is not initially handled by Windows. - /// - public sealed class TrackAuthenticationOperation : IOpenIddictClientHandler - { - private readonly OpenIddictClientWindowsMarshal _marshal; - - public TrackAuthenticationOperation(OpenIddictClientWindowsMarshal marshal) - => _marshal = marshal ?? throw new ArgumentNullException(nameof(marshal)); - - /// - /// Gets the default descriptor definition assigned to this handler. - /// - public static OpenIddictClientHandlerDescriptor Descriptor { get; } - = OpenIddictClientHandlerDescriptor.CreateBuilder() - .AddFilter() - .AddFilter() - .UseSingletonHandler() - .SetOrder(int.MaxValue - 50_000) - .SetType(OpenIddictClientHandlerType.BuiltIn) - .Build(); - - /// - public ValueTask HandleAsync(ProcessChallengeContext context) - { - if (context is null) - { - throw new ArgumentNullException(nameof(context)); - } - - if (string.IsNullOrEmpty(context.Nonce)) - { - throw new InvalidOperationException(SR.GetResourceString(SR.ID0352)); - } - - if (string.IsNullOrEmpty(context.RequestForgeryProtection)) - { - throw new InvalidOperationException(SR.GetResourceString(SR.ID0343)); - } - - if (!_marshal.TryAdd(context.Nonce, context.RequestForgeryProtection)) - { - throw new InvalidOperationException(SR.GetResourceString(SR.ID0378)); - } - - return default; - } - } - - /// - /// Contains the logic responsible for informing the authentication service the demand is aborted. - /// Note: this handler is not used when the OpenID Connect request is not initially handled by Windows. - /// - public sealed class AbortAuthenticationDemand : IOpenIddictClientHandler - { - private readonly OpenIddictClientWindowsMarshal _marshal; - private readonly IHostApplicationLifetime _lifetime; - - public AbortAuthenticationDemand( - OpenIddictClientWindowsMarshal marshal, - IHostApplicationLifetime lifetime) - { - _marshal = marshal ?? throw new ArgumentNullException(nameof(marshal)); - _lifetime = lifetime ?? throw new ArgumentNullException(nameof(lifetime)); - } - - /// - /// Gets the default descriptor definition assigned to this handler. - /// - public static OpenIddictClientHandlerDescriptor Descriptor { get; } - = OpenIddictClientHandlerDescriptor.CreateBuilder() - .AddFilter() - .UseSingletonHandler() - .SetOrder(ProcessResponse.Descriptor.Order - 1_000) - .SetType(OpenIddictClientHandlerType.BuiltIn) - .Build(); - - /// - public ValueTask HandleAsync(ProcessErrorContext context) - { - if (context is null) - { - throw new ArgumentNullException(nameof(context)); - } - - // Try to resolve the authentication context from the transaction, if available. - var notification = context.Transaction.GetProperty( - typeof(ProcessAuthenticationContext).FullName!); - - // If the context is available, resolve the nonce used to track the marshalled authentication - // and inform the marshal so that the context can be marshalled back to the initiator. - if (!string.IsNullOrEmpty(notification?.Nonce) && !_marshal.TryComplete(notification.Nonce, notification)) - { - throw new InvalidOperationException(SR.GetResourceString(SR.ID0382)); - } - - var activation = context.Transaction.GetWindowsActivation() ?? - throw new InvalidOperationException(SR.GetResourceString(SR.ID0375)); - - // If the current application instance was created to react to a protocol activation (assumed to be - // managed by OpenIddict at this stage), terminate it to prevent the UI thread from being started. - // By doing that, unsolicited requests will be discarded without the user seeing flashing windows. - if (!activation.IsActivationRedirected) - { - _lifetime.StopApplication(); - context.HandleRequest(); - - return default; - } - - return default; - } - } - - /// - /// Contains the logic responsible for marking context responses as handled. - /// Note: this handler is not used when the OpenID Connect request is not initially handled by Windows. - /// - public sealed class ProcessResponse : IOpenIddictClientHandler - where TContext : BaseRequestContext - { - /// - /// Gets the default descriptor definition assigned to this handler. - /// - public static OpenIddictClientHandlerDescriptor Descriptor { get; } - = OpenIddictClientHandlerDescriptor.CreateBuilder() - .AddFilter() - .UseSingletonHandler>() - .SetOrder(100_000) - .SetType(OpenIddictClientHandlerType.BuiltIn) - .Build(); - - /// - public ValueTask HandleAsync(TContext context) - { - if (context is null) - { - throw new ArgumentNullException(nameof(context)); - } - - context.HandleRequest(); - - return default; - } - } -}