/* * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0) * See https://github.com/openiddict/openiddict-core for more information concerning * the license and the contributors participating to this project. */ using System.Collections.Immutable; using System.Diagnostics; using System.Net.Http; using System.Net.Http.Headers; using static OpenIddict.Client.SystemNetHttp.OpenIddictClientSystemNetHttpConstants; namespace OpenIddict.Client.SystemNetHttp; public static partial class OpenIddictClientSystemNetHttpHandlers { public static class Userinfo { public static ImmutableArray DefaultHandlers { get; } = ImmutableArray.Create( /* * Userinfo request processing: */ CreateHttpClient.Descriptor, PrepareGetHttpRequest.Descriptor, AttachHttpVersion.Descriptor, AttachJsonAcceptHeaders.Descriptor, AttachUserAgentHeader.Descriptor, AttachFromHeader.Descriptor, AttachBearerAccessToken.Descriptor, AttachHttpParameters.Descriptor, SendHttpRequest.Descriptor, DisposeHttpRequest.Descriptor, /* * Userinfo response processing: */ DecompressResponseContent.Descriptor, ExtractUserinfoTokenHttpResponse.Descriptor, ExtractJsonHttpResponse.Descriptor, ExtractWwwAuthenticateHeader.Descriptor, ValidateHttpResponse.Descriptor, DisposeHttpResponse.Descriptor); ///

/// Contains the logic responsible for attaching the access token to the HTTP Authorization header. ///

public sealed class AttachBearerAccessToken : IOpenIddictClientHandler { ///

/// Gets the default descriptor definition assigned to this handler. ///

/// Contains the logic responsible for extracting the response from the userinfo response. ///

public sealed class ExtractUserinfoTokenHttpResponse : IOpenIddictClientHandler { ///

/// Gets the default descriptor definition assigned to this handler. ///

public static OpenIddictClientHandlerDescriptor Descriptor { get; } = OpenIddictClientHandlerDescriptor.CreateBuilder() .AddFilter() .UseSingletonHandler() .SetOrder(ExtractJsonHttpResponse.Descriptor.Order - 500) .SetType(OpenIddictClientHandlerType.BuiltIn) .Build(); /// public async ValueTask HandleAsync(ExtractUserinfoResponseContext context) { if (context is null) { throw new ArgumentNullException(nameof(context)); } // Don't overwrite the response if one was already provided. if (context.Response is not null || !string.IsNullOrEmpty(context.UserinfoToken)) { return; } // This handler only applies to System.Net.Http requests. If the HTTP response cannot be resolved, // this may indicate that the request was incorrectly processed by another client stack. var response = context.Transaction.GetHttpResponseMessage() ?? throw new InvalidOperationException(SR.GetResourceString(SR.ID0173)); // The status code is deliberately not validated to ensure even errored responses // (typically in the 4xx range) can be deserialized and handled by the event handlers. // Note: userinfo responses can be of two types: // - application/json responses containing a JSON object listing the user claims as-is. // - application/jwt responses containing a signed/encrypted JSON Web Token containing the user claims. // // To support both types, this handler will try to extract the userinfo token as-is if the media type // is application/jwt and will rely on other handlers in the pipeline to process regular JSON responses. if (string.Equals(response.Content.Headers.ContentType?.MediaType, MediaTypes.JsonWebToken, StringComparison.OrdinalIgnoreCase)) { context.Response = new OpenIddictResponse(); context.UserinfoToken = await response.Content.ReadAsStringAsync(); return; } } } } }