Update return from validation steps to use M.I.Abstractions.OperationResult (#3284)

* ValidationResult -> OperationResult
Standardize validation across token types.

* Addressing PR comments.

---------

Co-authored-by: id4s <[email protected]>

Author: brentschmaltz

benchmark/Microsoft.IdentityModel.Benchmarks/ValidateTokenAsyncTests.cs

@@ -9,6 +9,7 @@
 using System.Threading.Tasks;
 using BenchmarkDotNet.Attributes;
 using BenchmarkDotNet.Configs;
+using Microsoft.Identity.Abstractions;
 using Microsoft.IdentityModel.JsonWebTokens;
 using Microsoft.IdentityModel.Tokens;
 using Microsoft.IdentityModel.Tokens.Experimental;
@@ -65,7 +66,7 @@ public void Setup()
             _validationParameters = new ValidationParameters();
             _validationParameters.ValidAudiences.Add(BenchmarkUtils.Audience);
             _validationParameters.ValidIssuers.Add(BenchmarkUtils.Issuer);
-            _validationParameters.IssuerSigningKeys.Add(BenchmarkUtils.SigningCredentialsRsaSha256.Key);
+            _validationParameters.SigningKeys.Add(BenchmarkUtils.SigningCredentialsRsaSha256.Key);
 
             _invalidTokenValidationParameters = new TokenValidationParameters()
             {
@@ -105,8 +106,8 @@ public async Task<bool> JsonWebTokenHandler_ValidateTokenAsyncWithVP()
         {
             // Because ValidationResult is an internal type, we cannot return it in the benchmark.
             // We return a boolean instead until the type is made public.
-            ValidationResult<ValidatedToken, ValidationError> result = await _jsonWebTokenHandler.ValidateTokenAsync(_jwsExtendedClaims, _validationParameters, _callContext, CancellationToken.None).ConfigureAwait(false);
-            return result.IsValid;
+            OperationResult<ValidatedToken, ValidationError> operationResult = await _jsonWebTokenHandler.ValidateTokenAsync(_jwsExtendedClaims, _validationParameters, _callContext, CancellationToken.None).ConfigureAwait(false);
+            return operationResult.Succeeded;
         }
 
         [BenchmarkCategory("ValidateTokenAsync_FailTwiceBeforeSuccess"), Benchmark(Baseline = true)]
@@ -132,11 +133,11 @@ public async Task<TokenValidationResult> JsonWebTokenHandler_ValidateTokenAsyncW
         [BenchmarkCategory("ValidateTokenAsync_FailTwiceBeforeSuccess"), Benchmark]
         public async Task<bool> JsonWebTokenHandler_ValidateTokenAsyncWithVP_SucceedOnThirdAttempt()
         {
-            ValidationResult<ValidatedToken, ValidationError> result = await _jsonWebTokenHandler.ValidateTokenAsync(_jwsExtendedClaims, _invalidValidationParameters, _callContext, CancellationToken.None).ConfigureAwait(false);
-            result = await _jsonWebTokenHandler.ValidateTokenAsync(_jwsExtendedClaims, _invalidValidationParameters, _callContext, CancellationToken.None).ConfigureAwait(false);
-            result = await _jsonWebTokenHandler.ValidateTokenAsync(_jwsExtendedClaims, _validationParameters, _callContext, CancellationToken.None).ConfigureAwait(false);
+            OperationResult<ValidatedToken, ValidationError> operationResult = await _jsonWebTokenHandler.ValidateTokenAsync(_jwsExtendedClaims, _invalidValidationParameters, _callContext, CancellationToken.None).ConfigureAwait(false);
+            operationResult = await _jsonWebTokenHandler.ValidateTokenAsync(_jwsExtendedClaims, _invalidValidationParameters, _callContext, CancellationToken.None).ConfigureAwait(false);
+            operationResult = await _jsonWebTokenHandler.ValidateTokenAsync(_jwsExtendedClaims, _validationParameters, _callContext, CancellationToken.None).ConfigureAwait(false);
 
-            return result.IsValid;
+            return operationResult.Succeeded;
         }
 
         [BenchmarkCategory("ValidateTokenAsync_FailFourTimesBeforeSuccess"), Benchmark(Baseline = true)]
@@ -166,13 +167,13 @@ public async Task<TokenValidationResult> JsonWebTokenHandler_ValidateTokenAsyncW
         [BenchmarkCategory("ValidateTokenAsync_FailFourTimesBeforeSuccess"), Benchmark]
         public async Task<bool> JsonWebTokenHandler_ValidateTokenAsyncWithVP_SucceedOnFifthAttempt()
         {
-            ValidationResult<ValidatedToken, ValidationError> result = await _jsonWebTokenHandler.ValidateTokenAsync(_jwsExtendedClaims, _invalidValidationParameters, _callContext, CancellationToken.None).ConfigureAwait(false);
-            result = await _jsonWebTokenHandler.ValidateTokenAsync(_jwsExtendedClaims, _invalidValidationParameters, _callContext, CancellationToken.None).ConfigureAwait(false);
-            result = await _jsonWebTokenHandler.ValidateTokenAsync(_jwsExtendedClaims, _invalidValidationParameters, _callContext, CancellationToken.None).ConfigureAwait(false);
-            result = await _jsonWebTokenHandler.ValidateTokenAsync(_jwsExtendedClaims, _invalidValidationParameters, _callContext, CancellationToken.None).ConfigureAwait(false);
-            result = await _jsonWebTokenHandler.ValidateTokenAsync(_jwsExtendedClaims, _validationParameters, _callContext, CancellationToken.None).ConfigureAwait(false);
+            OperationResult<ValidatedToken, ValidationError> operationResult = await _jsonWebTokenHandler.ValidateTokenAsync(_jwsExtendedClaims, _invalidValidationParameters, _callContext, CancellationToken.None).ConfigureAwait(false);
+            operationResult = await _jsonWebTokenHandler.ValidateTokenAsync(_jwsExtendedClaims, _invalidValidationParameters, _callContext, CancellationToken.None).ConfigureAwait(false);
+            operationResult = await _jsonWebTokenHandler.ValidateTokenAsync(_jwsExtendedClaims, _invalidValidationParameters, _callContext, CancellationToken.None).ConfigureAwait(false);
+            operationResult = await _jsonWebTokenHandler.ValidateTokenAsync(_jwsExtendedClaims, _invalidValidationParameters, _callContext, CancellationToken.None).ConfigureAwait(false);
+            operationResult = await _jsonWebTokenHandler.ValidateTokenAsync(_jwsExtendedClaims, _validationParameters, _callContext, CancellationToken.None).ConfigureAwait(false);
 
-            return result.IsValid;
+            return operationResult.Succeeded;
         }
 
         [BenchmarkCategory("ValidateTokenAsyncClaimAccess"), Benchmark(Baseline = true)]
@@ -187,8 +188,8 @@ public async Task<List<Claim>> JsonWebTokenHandler_ValidateTokenAsyncWithTVP_Cre
         [BenchmarkCategory("ValidateTokenAsyncClaimAccess"), Benchmark]
         public async Task<List<Claim>> JsonWebTokenHandler_ValidateTokenAsyncWithVP_CreateClaims()
         {
-            ValidationResult<ValidatedToken, ValidationError> result = await _jsonWebTokenHandler.ValidateTokenAsync(_jwsExtendedClaims, _validationParameters, _callContext, CancellationToken.None).ConfigureAwait(false);
-            var claimsIdentity = result.UnwrapResult().ClaimsIdentity;
+            OperationResult<ValidatedToken, ValidationError> operationResult = await _jsonWebTokenHandler.ValidateTokenAsync(_jwsExtendedClaims, _validationParameters, _callContext, CancellationToken.None).ConfigureAwait(false);
+            var claimsIdentity = operationResult.Result.ClaimsIdentity;
             var claims = claimsIdentity.Claims;
             return claims.ToList();
         }

build/dependencies.props

@@ -3,6 +3,7 @@
   <PropertyGroup>
     <AspNetCoreMinSupportedVersion>2.1.1</AspNetCoreMinSupportedVersion>
     <BannedApiAnalyzersVersion>4.14.0</BannedApiAnalyzersVersion>
+    <MicrosoftIdentityAbstractionsVersion>9.2.0</MicrosoftIdentityAbstractionsVersion>
     <MicrosoftBclTimeProviderVersion>8.0.1</MicrosoftBclTimeProviderVersion>
     <MicrosoftCSharpVersion>4.5.0</MicrosoftCSharpVersion>
     <MicrosoftSourceLinkGitHubVersion>1.0.0</MicrosoftSourceLinkGitHubVersion>

src/Microsoft.IdentityModel.JsonWebTokens/Experimental/JsonWebTokenHandler.ClaimsIdentity.cs

@@ -6,6 +6,7 @@
 using Microsoft.IdentityModel.Tokens;
 using Microsoft.IdentityModel.Logging;
 using Microsoft.IdentityModel.Tokens.Experimental;
+using System.Collections.Generic;
 
 #nullable enable
 namespace Microsoft.IdentityModel.JsonWebTokens
@@ -33,7 +34,10 @@ internal virtual ClaimsIdentity CreateClaimsIdentity(JsonWebToken? jwtToken, Val
         /// <param name="validationParameters">The <see cref="ValidationParameters"/> to be used for validating the token.</param>
         /// <param name="issuer">Specifies the issuer for the <see cref="ClaimsIdentity"/>.</param>
         /// <returns>A <see cref="ClaimsIdentity"/> containing the <see cref="JsonWebToken.Claims"/>.</returns>
-        internal virtual ClaimsIdentity CreateClaimsIdentity(JsonWebToken? jwtToken, ValidationParameters validationParameters, string issuer)
+        internal virtual ClaimsIdentity CreateClaimsIdentity(
+            JsonWebToken? jwtToken,
+            ValidationParameters validationParameters,
+            string issuer)
         {
             // TODO: Make protected once ValidationParameters is public.
             _ = jwtToken ?? throw LogHelper.LogArgumentNullException(nameof(jwtToken));
@@ -69,7 +73,9 @@ private ClaimsIdentity CreateClaimsIdentityWithMapping(JsonWebToken jwtToken, Va
                 if (claimType == ClaimTypes.Actor)
                 {
                     if (identity.Actor != null)
-                        throw LogHelper.LogExceptionMessage(new InvalidOperationException(LogHelper.FormatInvariant(
+                        throw LogHelper.LogExceptionMessage(
+                            new InvalidOperationException(
+                                LogHelper.FormatInvariant(
                                     LogMessages.IDX14112,
                                     LogHelper.MarkAsNonPII(JwtRegisteredClaimNames.Actort),
                                     jwtClaim.Value)));
@@ -115,7 +121,12 @@ private ClaimsIdentity CreateClaimsIdentityPrivate(JsonWebToken jwtToken, Valida
                 if (claimType == ClaimTypes.Actor)
                 {
                     if (identity.Actor != null)
-                        throw LogHelper.LogExceptionMessage(new InvalidOperationException(LogHelper.FormatInvariant(LogMessages.IDX14112, LogHelper.MarkAsNonPII(JwtRegisteredClaimNames.Actort), jwtClaim.Value)));
+                        throw LogHelper.LogExceptionMessage(
+                            new InvalidOperationException(
+                                LogHelper.FormatInvariant(
+                                    LogMessages.IDX14112,
+                                    LogHelper.MarkAsNonPII(JwtRegisteredClaimNames.Actort),
+                                    jwtClaim.Value)));
 
                     if (CanReadToken(jwtClaim.Value))
                     {
@@ -130,9 +141,9 @@ private ClaimsIdentity CreateClaimsIdentityPrivate(JsonWebToken jwtToken, Valida
                 }
                 else
                 {
-                    Claim claim = new Claim(claimType, jwtClaim.Value, jwtClaim.ValueType, issuer, issuer, identity);
+                    Claim claim = new(claimType, jwtClaim.Value, jwtClaim.ValueType, issuer, issuer, identity);
 
-                    foreach (var kv in jwtClaim.Properties)
+                    foreach (KeyValuePair<string, string> kv in jwtClaim.Properties)
                         claim.Properties[kv.Key] = kv.Value;
 
                     identity.AddClaim(claim);