Added HttpClient user authentication using OpenID connect.

Author: prochnowc

Http/samples/Web/Controllers/HomeController.cs

@@ -46,4 +46,15 @@ public async Task<IActionResult> CallApiAsClient()
 
         return View("CallApi");
     }
+
+    [Authorize]
+    public async Task<IActionResult> CallApiAsUser()
+    {
+        HttpClient client = _httpClientFactory.CreateClient("api-user-client");
+
+        string response = await client.GetStringAsync("test");
+        ViewBag.Json = JsonNode.Parse(response)!.ToString();
+
+        return View("CallApi");
+    }
 }

Http/samples/Web/Program.cs

@@ -69,7 +69,8 @@
                o =>
                {
                    o.Scope = "api";
-               }));
+               }))
+       .AddOpenIdConnect();
 
 // add HTTP client with OAuth client authentication
 builder.Services
@@ -81,6 +82,16 @@
            })
        .AddOAuthClientAuthentication();
 
+// add HTTP client with OAuth user authentication
+builder.Services
+       .AddHttpClient(
+           "api-user-client",
+           client =>
+           {
+               client.BaseAddress = new Uri("https://demo.duendesoftware.com/api/");
+           })
+       .AddOpenIdConnectAuthentication();
+
 WebApplication app = builder.Build();
 
 // Configure the HTTP request pipeline.
@@ -96,6 +107,7 @@
 
 app.UseRouting();
 
+app.UseAuthentication();
 app.UseAuthorization();
 
 app.MapControllerRoute(

Http/samples/Web/appsettings.Development.json

@@ -1,7 +1,7 @@
 {
   "Logging": {
     "LogLevel": {
-      "Default": "Information",
+      "Default": "Debug",
       "Microsoft.AspNetCore": "Warning"
     }
   }

Http/src/AppCore.Extensions.Http.Authentication.OAuth.AspNetCore.OpenIdConnect/DependencyInjection/OAuthHttpClientAuthenticationBuilderExtensions.cs

@@ -0,0 +1,101 @@
+// Licensed under the MIT License.
+// Copyright (c) 2018-2022 the AppCore .NET project.
+
+using System;
+using AppCore.Diagnostics;
+using AppCore.Extensions.Http.Authentication.OAuth;
+using AppCore.Extensions.Http.Authentication.OAuth.AspNetCore.OpenIdConnect;
+using Microsoft.Extensions.DependencyInjection.Extensions;
+
+// ReSharper disable once CheckNamespace
+namespace Microsoft.Extensions.DependencyInjection;
+
+/// <summary>
+/// Provides extension methods to register OAuth authentication.
+/// </summary>
+public static class OpenIdConnectHttpClientAuthenticationBuilderExtensions
+{
+    /// <summary>
+    /// Adds OAuth client credentials authentication scheme by inferring the configuration from a OpenID connect
+    /// authentication scheme.
+    /// </summary>
+    /// <param name="builder">The <see cref="IOAuthClientFromAuthenticationSchemeBuilder"/>.</param>
+    /// <param name="configure"></param>
+    /// <returns></returns>
+    public static void OpenIdConnect(
+        this IOAuthClientFromAuthenticationSchemeBuilder builder,
+        Action<OpenIdConnectClientOptions>? configure = null)
+    {
+        Ensure.Arg.NotNull(builder);
+
+        IServiceCollection services = builder.Services;
+
+        services.AddHttpClientAuthentication()
+                .AddScheme<
+                    OpenIdConnectClientOptions,
+                    OAuthParameters,
+                    OAuthClientHandler>(builder.Scheme, configure);
+
+        services.TryAddEnumerable(
+            new[]
+            {
+                ServiceDescriptor
+                    .Transient<IOAuthOptionsResolver,
+                        OpenIdConnectClientOptionsResolver>(),
+            });
+    }
+
+    /// <summary>
+    /// Adds OAuth user authentication by using authentication tokens from a ASP.NET Core
+    /// OpenID connect authentication scheme.
+    /// </summary>
+    /// <param name="builder">The <see cref="IHttpClientAuthenticationBuilder"/>.</param>
+    /// <param name="scheme">The name of the client authentication scheme.</param>
+    /// <param name="configure"></param>
+    /// <returns></returns>
+    public static IHttpClientAuthenticationBuilder AddOpenIdConnect(
+        this IHttpClientAuthenticationBuilder builder,
+        string scheme,
+        Action<OpenIdConnectUserOptions>? configure = null)
+    {
+        Ensure.Arg.NotNull(builder);
+
+        IServiceCollection services = builder.Services;
+
+        services.AddHttpContextAccessor();
+
+        services.AddHttpClientAuthentication()
+                .AddScheme<
+                    OpenIdConnectUserOptions,
+                    OpenIdConnectUserParameters,
+                    OpenIdConnectUserHandler>(scheme, configure);
+
+        services.TryAddEnumerable(
+            new[]
+            {
+                ServiceDescriptor.Transient<IOAuthOptionsResolver, OpenIdConnectUserOptionsResolver>(),
+            });
+
+        services.TryAdd(new[]
+        {
+            ServiceDescriptor.Scoped<OpenIdConnectUserTokenService, OpenIdConnectUserTokenService>(),
+            ServiceDescriptor.Scoped<OpenIdConnectUserTokenStore, OpenIdConnectUserTokenStore>()
+        });
+
+        return builder;
+    }
+
+    /// <summary>
+    /// Adds OAuth user authentication by using authentication tokens from a ASP.NET Core
+    /// OpenID connect authentication scheme.
+    /// </summary>
+    /// <param name="builder">The <see cref="IHttpClientAuthenticationBuilder"/>.</param>
+    /// <param name="configure"></param>
+    /// <returns></returns>
+    public static IHttpClientAuthenticationBuilder AddOpenIdConnect(
+        this IHttpClientAuthenticationBuilder builder,
+        Action<OpenIdConnectUserOptions>? configure = null)
+    {
+        return AddOpenIdConnect(builder, OpenIdConnectUserDefaults.AuthenticationScheme, configure);
+    }
+}

Http/src/AppCore.Extensions.Http.Authentication.OAuth.AspNetCore.OpenIdConnect/DependencyInjection/OpenIdConnectHttpClientAuthenticationBuilderExtensions.cs

@@ -0,0 +1,43 @@
+// Licensed under the MIT License.
+// Copyright (c) 2018-2022 the AppCore .NET project.
+
+using AppCore.Diagnostics;
+using AppCore.Extensions.Http.Authentication.OAuth.AspNetCore.OpenIdConnect;
+
+// ReSharper disable once CheckNamespace
+namespace Microsoft.Extensions.DependencyInjection;
+
+/// <summary>
+/// Provides extension methods to add OAuth authentication to a HttpClient.
+/// </summary>
+public static class OpenIdConnectHttpClientBuilderExtensions
+{
+    /// <summary>
+    /// Adds OpenID connect authentications.
+    /// </summary>
+    /// <param name="builder">The <see cref="IHttpClientBuilder"/>.</param>
+    /// <param name="scheme">The name of the client authentication scheme.</param>
+    /// <param name="parameters"></param>
+    /// <returns></returns>
+    public static IHttpClientBuilder AddOpenIdConnectAuthentication(
+        this IHttpClientBuilder builder,
+        string scheme,
+        OpenIdConnectUserParameters? parameters = null)
+    {
+        Ensure.Arg.NotNull(builder);
+        return builder.AddAuthentication<OpenIdConnectUserParameters, OpenIdConnectUserHandler>(scheme, parameters);
+    }
+
+    /// <summary>
+    /// Adds OpenID connect  authentications with the default scheme.
+    /// </summary>
+    /// <param name="builder">The <see cref="IHttpClientBuilder"/>.</param>
+    /// <param name="parameters"></param>
+    /// <returns></returns>
+    public static IHttpClientBuilder AddOpenIdConnectAuthentication(
+        this IHttpClientBuilder builder,
+        OpenIdConnectUserParameters? parameters = null)
+    {
+        return builder.AddOpenIdConnectAuthentication(OpenIdConnectUserDefaults.AuthenticationScheme, parameters);
+    }
+}

Http/src/AppCore.Extensions.Http.Authentication.OAuth.AspNetCore.OpenIdConnect/DependencyInjection/OpenIdConnectHttpClientBuilderExtensions.cs

@@ -8,7 +8,7 @@ namespace AppCore.Extensions.Http.Authentication.OAuth.AspNetCore.OpenIdConnect;
 /// <summary>
 /// Provides the options how to derive <see cref="OAuthClientOptions"/> from <see cref="OpenIdConnectOptions"/>.
 /// </summary>
-public class OpenIdConnectOAuthClientOptions : AuthenticationSchemeOAuthClientOptions
+public class OpenIdConnectClientOptions : AuthenticationSchemeOAuthClientOptions
 {
     /// <summary>
     /// Scope values as space separated list to use when client configuration is inferred from OpenID Connect scheme.

…nnect/OpenIdConnectOAuthClientOptions.cs …nIdConnect/OpenIdConnectClientOptions.csHttp/src/AppCore.Extensions.Http.Authentication.OAuth.AspNetCore.OpenIdConnect/OpenIdConnectOAuthClientOptions.cs renamed to Http/src/AppCore.Extensions.Http.Authentication.OAuth.AspNetCore.OpenIdConnect/OpenIdConnectClientOptions.cs Http/src/AppCore.Extensions.Http.Authentication.OAuth.AspNetCore.OpenIdConnect/OpenIdConnectOAuthClientOptions.cs renamed to Http/src/AppCore.Extensions.Http.Authentication.OAuth.AspNetCore.OpenIdConnect/OpenIdConnectClientOptions.cs

@@ -1,51 +1,37 @@
 // Licensed under the MIT License.
 // Copyright (c) 2018-2022 the AppCore .NET project.
 
-using System;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 using Microsoft.Extensions.Options;
-using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace AppCore.Extensions.Http.Authentication.OAuth.AspNetCore.OpenIdConnect;
 
-internal sealed class OpenIdConnectOAuthClientOptionsResolver
+internal sealed class OpenIdConnectClientOptionsResolver
     : AuthenticationSchemeOAuthClientOptionsResolver<
-        OpenIdConnectOAuthClientOptions,
+        OpenIdConnectClientOptions,
         OpenIdConnectOptions,
         OpenIdConnectHandler
     >
 {
-    public OpenIdConnectOAuthClientOptionsResolver(
+    public OpenIdConnectClientOptionsResolver(
         Microsoft.AspNetCore.Authentication.IAuthenticationSchemeProvider authenticationSchemeProvider,
-        IOptionsMonitor<OpenIdConnectOAuthClientOptions> clientOptions,
+        IOptionsMonitor<OpenIdConnectClientOptions> clientOptions,
         IOptionsMonitor<OpenIdConnectOptions> authenticationSchemeOptions)
         : base(authenticationSchemeProvider, authenticationSchemeOptions, clientOptions)
     {
     }
 
+    protected override string? GetSchemeName(OpenIdConnectClientOptions options)
+    {
+        return options.Scheme;
+    }
+
     protected override async Task<OAuthClientOptions> GetOptionsFromSchemeAsync(
-        OpenIdConnectOAuthClientOptions clientOptions,
+        OpenIdConnectClientOptions clientOptions,
         OpenIdConnectOptions oidcOptions)
     {
-        OpenIdConnectConfiguration oidcConfig;
-        try
-        {
-            oidcConfig = await oidcOptions.ConfigurationManager!.GetConfigurationAsync(default)
-                                          .ConfigureAwait(false);
-        }
-        catch (Exception e)
-        {
-            throw new InvalidOperationException(
-                $"Unable to load OpenID configuration for configured scheme: {e.Message}");
-        }
-
-        var result = new OAuthClientOptions
-        {
-            TokenEndpoint = new Uri(oidcConfig.TokenEndpoint),
-            ClientId = oidcOptions.ClientId,
-            ClientSecret = oidcOptions.ClientSecret
-        };
+        OAuthClientOptions result = await oidcOptions.GetOAuthClientOptionsAsync(default);
 
         if (!string.IsNullOrWhiteSpace(clientOptions.Scope))
         {

…enIdConnectOAuthClientOptionsResolver.cs …ct/OpenIdConnectClientOptionsResolver.csHttp/src/AppCore.Extensions.Http.Authentication.OAuth.AspNetCore.OpenIdConnect/OpenIdConnectOAuthClientOptionsResolver.cs renamed to Http/src/AppCore.Extensions.Http.Authentication.OAuth.AspNetCore.OpenIdConnect/OpenIdConnectClientOptionsResolver.cs Http/src/AppCore.Extensions.Http.Authentication.OAuth.AspNetCore.OpenIdConnect/OpenIdConnectOAuthClientOptionsResolver.cs renamed to Http/src/AppCore.Extensions.Http.Authentication.OAuth.AspNetCore.OpenIdConnect/OpenIdConnectClientOptionsResolver.cs

@@ -0,0 +1,44 @@
+using System;
+using System.Threading;
+using System.Threading.Tasks;
+using IdentityModel;
+using Microsoft.AspNetCore.Authentication.OpenIdConnect;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+
+namespace AppCore.Extensions.Http.Authentication.OAuth.AspNetCore.OpenIdConnect;
+
+internal static class OpenIdConnectOptionsExtensions
+{
+    public static async Task<OAuthClientOptions> GetOAuthClientOptionsAsync(
+        this OpenIdConnectOptions options,
+        CancellationToken cancellationToken = default)
+    {
+        OpenIdConnectConfiguration oidcConfig;
+        try
+        {
+            oidcConfig = await options.ConfigurationManager!.GetConfigurationAsync(cancellationToken)
+                                      .ConfigureAwait(false);
+        }
+        catch (Exception e)
+        {
+            throw new InvalidOperationException(
+                $"Unable to load OpenID configuration for configured scheme: {e.Message}");
+        }
+
+        string? tokenRevocationEndpoint = oidcConfig.AdditionalData.TryGetValue(
+            OidcConstants.Discovery.RevocationEndpoint,
+            out object? value)
+            ? value?.ToString()
+            : null;
+
+        var result = new OAuthClientOptions
+        {
+            TokenEndpoint = new Uri(oidcConfig.TokenEndpoint),
+            TokenRevocationEndpoint = tokenRevocationEndpoint != null ? new Uri(tokenRevocationEndpoint) : null,
+            ClientId = options.ClientId,
+            ClientSecret = options.ClientSecret
+        };
+
+        return result;
+    }
+}

Http/src/AppCore.Extensions.Http.Authentication.OAuth.AspNetCore.OpenIdConnect/OpenIdConnectOptionsExtensions.cs

@@ -0,0 +1,12 @@
+namespace AppCore.Extensions.Http.Authentication.OAuth.AspNetCore.OpenIdConnect;
+
+/// <summary>
+/// Provides default values for the OpenID Connect authentication.
+/// </summary>
+public class OpenIdConnectUserDefaults
+{
+    /// <summary>
+    /// The default value used for OpenID Connect scheme name.
+    /// </summary>
+    public const string AuthenticationScheme = "OpenIdConnect";
+}