Move deriving OAuth client options from OpenId connect authentication scheme to separate library.

Author: prochnowc

AppCore.Extensions.sln

@@ -61,6 +61,10 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "WorkerService", "Http\sampl
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AppCore.Extensions.Http.Authentication.OAuth.AspNetCore", "Http\src\AppCore.Extensions.Http.Authentication.OAuth.AspNetCore\AppCore.Extensions.Http.Authentication.OAuth.AspNetCore.csproj", "{9301436D-85F6-4845-AAD6-33103F49F018}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AppCore.Extensions.Http.Authentication.OAuth.AspNetCore.OpenIdConnect", "Http\src\AppCore.Extensions.Http.Authentication.OAuth.AspNetCore.OpenIdConnect\AppCore.Extensions.Http.Authentication.OAuth.AspNetCore.OpenIdConnect.csproj", "{91754F75-CC7A-48C8-A133-9F087BE10CFE}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Web", "Http\samples\Web\Web.csproj", "{7D72ABA6-5EBE-491A-A599-65D15FD10308}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -143,6 +147,14 @@ Global
 		{9301436D-85F6-4845-AAD6-33103F49F018}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{9301436D-85F6-4845-AAD6-33103F49F018}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{9301436D-85F6-4845-AAD6-33103F49F018}.Release|Any CPU.Build.0 = Release|Any CPU
+		{91754F75-CC7A-48C8-A133-9F087BE10CFE}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{91754F75-CC7A-48C8-A133-9F087BE10CFE}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{91754F75-CC7A-48C8-A133-9F087BE10CFE}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{91754F75-CC7A-48C8-A133-9F087BE10CFE}.Release|Any CPU.Build.0 = Release|Any CPU
+		{7D72ABA6-5EBE-491A-A599-65D15FD10308}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{7D72ABA6-5EBE-491A-A599-65D15FD10308}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{7D72ABA6-5EBE-491A-A599-65D15FD10308}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{7D72ABA6-5EBE-491A-A599-65D15FD10308}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -177,5 +189,7 @@ Global
 		{B093F9C1-5054-4198-AE1D-38510FA0547A} = {9416DF99-18D3-4373-A517-00A65E7CC32A}
 		{FCE07DAA-08DC-41E0-B091-4A24F1538551} = {B093F9C1-5054-4198-AE1D-38510FA0547A}
 		{9301436D-85F6-4845-AAD6-33103F49F018} = {B2F9DC67-6D7B-4070-8580-F401050445A9}
+		{91754F75-CC7A-48C8-A133-9F087BE10CFE} = {B2F9DC67-6D7B-4070-8580-F401050445A9}
+		{7D72ABA6-5EBE-491A-A599-65D15FD10308} = {B093F9C1-5054-4198-AE1D-38510FA0547A}
 	EndGlobalSection
 EndGlobal

Http/samples/Web/Controllers/HomeController.cs

@@ -0,0 +1,49 @@
+using System.Diagnostics;
+using System.Net.Http;
+using System.Text.Json.Nodes;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.Logging;
+using Web.Models;
+
+namespace Web.Controllers;
+
+public class HomeController : Controller
+{
+    private readonly IHttpClientFactory _httpClientFactory;
+    private readonly ILogger<HomeController> _logger;
+
+    public HomeController(IHttpClientFactory httpClientFactory, ILogger<HomeController> logger)
+    {
+        _httpClientFactory = httpClientFactory;
+        _logger = logger;
+    }
+
+    public IActionResult Index()
+    {
+        return View();
+    }
+
+    public IActionResult Privacy()
+    {
+        return View();
+    }
+
+    [ResponseCache(Duration = 0, Location = ResponseCacheLocation.None, NoStore = true)]
+    public IActionResult Error()
+    {
+        return View(new ErrorViewModel { RequestId = Activity.Current?.Id ?? HttpContext.TraceIdentifier });
+    }
+
+    [AllowAnonymous]
+    public async Task<IActionResult> CallApiAsClient()
+    {
+        HttpClient client = _httpClientFactory.CreateClient("api-client");
+
+        string response = await client.GetStringAsync("test");
+        ViewBag.Json = JsonNode.Parse(response)!.ToString();
+
+        return View("CallApi");
+    }
+}

Http/samples/Web/Models/ErrorViewModel.cs

@@ -0,0 +1,8 @@
+namespace Web.Models;
+
+public class ErrorViewModel
+{
+    public string? RequestId { get; set; }
+
+    public bool ShowRequestId => !string.IsNullOrEmpty(RequestId);
+}

Http/samples/Web/Program.cs

@@ -0,0 +1,105 @@
+using System;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Hosting;
+using Microsoft.IdentityModel.Tokens;
+
+WebApplicationBuilder builder = WebApplication.CreateBuilder(args);
+
+// Add services to the container.
+builder.Services.AddControllersWithViews();
+builder.Services
+       .AddAuthentication(
+           options =>
+           {
+               options.DefaultScheme = "cookie";
+               options.DefaultChallengeScheme = "oidc";
+           })
+       .AddCookie(
+           "cookie",
+           options =>
+           {
+               options.Cookie.Name = "mvccode";
+
+               options.Events.OnSigningOut = async e =>
+               {
+                   //await e.HttpContext.RevokeUserRefreshTokenAsync();
+               };
+           })
+       .AddOpenIdConnect(
+           "oidc",
+           options =>
+           {
+               options.Authority = "https://demo.duendesoftware.com";
+
+               options.ClientId = "interactive.confidential.short";
+               options.ClientSecret = "secret";
+
+               // code flow + PKCE (PKCE is turned on by default)
+               options.ResponseType = "code";
+               options.UsePkce = true;
+
+               options.Scope.Clear();
+               options.Scope.Add("openid");
+               options.Scope.Add("profile");
+               options.Scope.Add("email");
+               options.Scope.Add("offline_access");
+               options.Scope.Add("api");
+
+               // not mapped by default
+               options.ClaimActions.MapJsonKey("website", "website");
+
+               // keeps id_token smaller
+               options.GetClaimsFromUserInfoEndpoint = true;
+               options.SaveTokens = true;
+
+               options.TokenValidationParameters = new TokenValidationParameters
+               {
+                   NameClaimType = "name",
+                   RoleClaimType = "role"
+               };
+           });
+
+// add OAuth HTTP client authentication for OpenID connect scheme
+builder.Services
+       .AddHttpClientAuthentication()
+       .AddOAuthClientForScheme(
+           c => c.OpenIdConnect(
+               o =>
+               {
+                   o.Scope = "api";
+               }));
+
+// add HTTP client with OAuth client authentication
+builder.Services
+       .AddHttpClient(
+           "api-client",
+           client =>
+           {
+               client.BaseAddress = new Uri("https://demo.duendesoftware.com/api/");
+           })
+       .AddOAuthClientAuthentication();
+
+WebApplication app = builder.Build();
+
+// Configure the HTTP request pipeline.
+if (!app.Environment.IsDevelopment())
+{
+    app.UseExceptionHandler("/Home/Error");
+    // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
+    app.UseHsts();
+}
+
+app.UseHttpsRedirection();
+app.UseStaticFiles();
+
+app.UseRouting();
+
+app.UseAuthorization();
+
+app.MapControllerRoute(
+    name: "default",
+    pattern: "{controller=Home}/{action=Index}/{id?}");
+
+app.Run();

Http/samples/Web/Properties/launchSettings.json

@@ -0,0 +1,28 @@
+{
+  "iisSettings": {
+    "windowsAuthentication": false,
+    "anonymousAuthentication": true,
+    "iisExpress": {
+      "applicationUrl": "http://localhost:4797",
+      "sslPort": 44305
+    }
+  },
+  "profiles": {
+    "WebApplication": {
+      "commandName": "Project",
+      "dotnetRunMessages": true,
+      "launchBrowser": true,
+      "applicationUrl": "https://localhost:7017;http://localhost:5017",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    },
+    "IIS Express": {
+      "commandName": "IISExpress",
+      "launchBrowser": true,
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    }
+  }
+}

Http/samples/Web/Views/Home/CallApi.cshtml

@@ -0,0 +1,3 @@
+<h1>API Response</h1>
+
+<pre>@ViewBag.Json</pre>

Http/samples/Web/Views/Home/Index.cshtml

@@ -0,0 +1,8 @@
+@{
+    ViewData["Title"] = "Home Page";
+}
+
+<div class="text-center">
+    <h1 class="display-4">Welcome</h1>
+    <p>Learn about <a href="https://docs.microsoft.com/aspnet/core">building Web apps with ASP.NET Core</a>.</p>
+</div>

Http/samples/Web/Views/Home/Privacy.cshtml

@@ -0,0 +1,6 @@
+@{
+    ViewData["Title"] = "Privacy Policy";
+}
+<h1>@ViewData["Title"]</h1>
+
+<p>Use this page to detail your site's privacy policy.</p>

Http/samples/Web/Views/Shared/Error.cshtml

@@ -0,0 +1,25 @@
+@model Web.Models.ErrorViewModel
+@{
+    ViewData["Title"] = "Error";
+}
+
+<h1 class="text-danger">Error.</h1>
+<h2 class="text-danger">An error occurred while processing your request.</h2>
+
+@if (Model?.ShowRequestId ?? false)
+{
+    <p>
+        <strong>Request ID:</strong> <code>@Model?.RequestId</code>
+    </p>
+}
+
+<h3>Development Mode</h3>
+<p>
+    Swapping to <strong>Development</strong> environment will display more detailed information about the error that occurred.
+</p>
+<p>
+    <strong>The Development environment shouldn't be enabled for deployed applications.</strong>
+    It can result in displaying sensitive information from exceptions to end users.
+    For local debugging, enable the <strong>Development</strong> environment by setting the <strong>ASPNETCORE_ENVIRONMENT</strong> environment variable to <strong>Development</strong>
+    and restarting the app.
+</p>

Http/samples/Web/Views/Shared/_Layout.cshtml

@@ -0,0 +1,52 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="utf-8"/>
+    <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
+    <title>@ViewData["Title"] - WebApplication</title>
+    <link rel="stylesheet" href="~/lib/bootstrap/dist/css/bootstrap.min.css"/>
+    <link rel="stylesheet" href="~/css/site.css" asp-append-version="true"/>
+    <link rel="stylesheet" href="~/WebApplication.styles.css" asp-append-version="true"/>
+</head>
+<body>
+<header>
+    <nav class="navbar navbar-expand-sm navbar-toggleable-sm navbar-light bg-white border-bottom box-shadow mb-3">
+        <div class="container-fluid">
+            <a class="navbar-brand" asp-area="" asp-controller="Home" asp-action="Index">WebApplication</a>
+            <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target=".navbar-collapse" aria-controls="navbarSupportedContent"
+                    aria-expanded="false" aria-label="Toggle navigation">
+                <span class="navbar-toggler-icon"></span>
+            </button>
+            <div class="navbar-collapse collapse d-sm-inline-flex justify-content-between">
+                <ul class="navbar-nav flex-grow-1">
+                    <li class="nav-item">
+                        <a class="nav-link text-dark" asp-area="" asp-controller="Home" asp-action="Index">Home</a>
+                    </li>
+                    <li class="nav-item">
+                        <a class="nav-link text-dark" asp-area="" asp-controller="Home" asp-action="Privacy">Privacy</a>
+                    </li>
+                    <li class="nav-item">
+                        <a class="nav-link text-dark" asp-area="" asp-controller="Home" asp-action="CallApiAsClient">Call API</a>
+                    </li>
+                </ul>
+            </div>
+        </div>
+    </nav>
+</header>
+<div class="container">
+    <main role="main" class="pb-3">
+        @RenderBody()
+    </main>
+</div>
+
+<footer class="border-top footer text-muted">
+    <div class="container">
+        &copy; 2022 - WebApplication - <a asp-area="" asp-controller="Home" asp-action="Privacy">Privacy</a>
+    </div>
+</footer>
+<script src="~/lib/jquery/dist/jquery.min.js"></script>
+<script src="~/lib/bootstrap/dist/js/bootstrap.bundle.min.js"></script>
+<script src="~/js/site.js" asp-append-version="true"></script>
+@await RenderSectionAsync("Scripts", required: false)
+</body>
+</html>