v5.1.0

README.md

@@ -140,6 +140,22 @@ services.AddHttpClient<MyHttpService>(x=> x.BaseAddress = new Uri("https://MySer
         .AddAccessToken(config => config.AudienceResolver = request => request.RequestUri.GetLeftPart(UriPartial.Authority));
 ```
 
+### Enhanced Resilience
+
+The default rate-limit behaviour in Auth0.NET is suboptimal, as it uses random backoff rather than reading the rate limit headers returned by Auth0.
+This package includes an additional `.AddAuth0RateLimitResilience()` extension that adds improved rate limit handling to the Auth0 clients.
+If you're running into rate limit failures, I highly recommend adding this functionality:
+
+```csharp
+services.AddAuth0ManagementClient()
+    .AddManagementAccessToken()
+    .AddAuth0RateLimitResilience();
+```
+
+When a retry occurs, you should see a warning log similar to:
+
+`Resilience event occurred. EventName: '"OnRetry"', Source: '"IManagementConnection-RateLimitRetry"/""/"Retry"', Operation Key: 'null', Result: '429'`
+
 ### Client Lifetimes
 
 Both the authentication and authorization clients are registered as singletons and are suitable for injection into any other lifetime.

samples/Sample.AspNetCore/Sample.AspNetCore.csproj

@@ -8,7 +8,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Grpc.AspNetCore" Version="2.67.0" />
+    <PackageReference Include="Grpc.AspNetCore" Version="2.71.0" />
     <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="9.0.0" />
   </ItemGroup>
 

samples/Sample.ConsoleApp/Sample.ConsoleApp.csproj

@@ -9,9 +9,9 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Google.Protobuf" Version="3.29.2" />
-    <PackageReference Include="Grpc.Net.ClientFactory" Version="2.67.0" />
-    <PackageReference Include="Grpc.Tools" Version="2.68.1">
+    <PackageReference Include="Google.Protobuf" Version="3.30.2" />
+    <PackageReference Include="Grpc.Net.ClientFactory" Version="2.71.0" />
+    <PackageReference Include="Grpc.Tools" Version="2.72.0">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>

src/Auth0Net.DependencyInjection/Auth0Extensions.cs

@@ -92,6 +92,7 @@ private static IHttpClientBuilder AddAuth0AuthenticationClientInternal(this ISer
         services.AddSingleton<IAuthenticationApiClient, InjectableAuthenticationApiClient>();
         return services.AddHttpClient<IAuthenticationConnection, HttpClientAuthenticationConnection>()
 #if !NETFRAMEWORK
+            // TODO drop this code with the release of .NET 10
             .ConfigurePrimaryHttpMessageHandler(() =>
                 new SocketsHttpHandler()
                 {

src/Auth0Net.DependencyInjection/Auth0Net.DependencyInjection.csproj

@@ -5,7 +5,7 @@
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <Nullable>enable</Nullable>
     <ImplicitUsings>enable</ImplicitUsings>
-    <Version>5.0.0</Version>
+    <Version>5.1.0</Version>
     <Authors>Hawxy</Authors>
     <Description>Dependency Injection, HttpClientFactory &amp; ASP.NET Core extensions for Auth0.NET</Description>
 	<LangVersion>latest</LangVersion>
@@ -21,29 +21,29 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Auth0.AuthenticationApi" Version="7.32.0" />
-    <PackageReference Include="Auth0.ManagementApi" Version="7.32.0" />
+    <PackageReference Include="Auth0.AuthenticationApi" Version="7.36.0" />
+    <PackageReference Include="Auth0.ManagementApi" Version="7.36.0" />
     <PackageReference Include="DotNet.ReproducibleBuilds" Version="1.2.25" PrivateAssets="All" />
-    <PackageReference Include="ZiggyCreatures.FusionCache" Version="2.0.0" />
-    <PackageReference Include="Microsoft.Extensions.Caching.Memory" Version="9.0.1" />
+    <PackageReference Include="ZiggyCreatures.FusionCache" Version="2.2.0" />
+    <PackageReference Include="Microsoft.Extensions.Caching.Memory" Version="9.0.4" />
   </ItemGroup>
 
   <ItemGroup Condition=" '$(TargetFramework)' == 'net48' ">
-    <PackageReference Include="Microsoft.Extensions.Http" Version="6.0.0" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.Abstractions" Version="6.0.0" />
-    <PackageReference Include="Polyfill" Version="7.4.1" PrivateAssets="all" />
+    <PackageReference Include="Microsoft.Extensions.Http" Version="6.0.1" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.Abstractions" Version="6.0.1" />
+    <PackageReference Include="Polyfill" Version="7.31.0" PrivateAssets="all" />
   </ItemGroup>
 
   <ItemGroup Condition=" '$(TargetFramework)' == 'net8.0' ">
-    <PackageReference Include="Microsoft.Extensions.Http" Version="8.0.0" />
-    <PackageReference Include="Microsoft.Extensions.Http.Resilience" Version="8.0.0" />
+    <PackageReference Include="Microsoft.Extensions.Http" Version="8.0.1" />
+    <PackageReference Include="Microsoft.Extensions.Http.Resilience" Version="8.10.0" />
     <PackageReference Include="Microsoft.Extensions.Configuration.Abstractions" Version="8.0.0" />
   </ItemGroup>
 
   <ItemGroup Condition=" '$(TargetFramework)' == 'net9.0' ">
-    <PackageReference Include="Microsoft.Extensions.Http" Version="9.0.0" />
-    <PackageReference Include="Microsoft.Extensions.Http.Resilience" Version="9.0.0" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.Abstractions" Version="9.0.0" />
+    <PackageReference Include="Microsoft.Extensions.Http" Version="9.0.4" />
+    <PackageReference Include="Microsoft.Extensions.Http.Resilience" Version="9.4.0" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.Abstractions" Version="9.0.4" />
   </ItemGroup>
 
   <ItemGroup>

src/Auth0Net.DependencyInjection/HttpClient/Auth0ResilienceExtensions.cs → src/Auth0Net.DependencyInjection/Auth0ResilienceExtensions.cs

@@ -1,30 +1,28 @@
 #if NET8_0_OR_GREATER
-using System.Diagnostics.CodeAnalysis;
 using System.Net;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Http.Resilience;
 using Polly;
 
-namespace Auth0Net.DependencyInjection.HttpClient;
+namespace Auth0Net.DependencyInjection;
 
 /// <summary>
 /// Extensions used to enhance Auth0 client resilience.
 /// </summary>
 public static class Auth0ResilienceExtensions
 {
     /// <summary>
-    /// Adds enhanced rate limiting support to the Auth0 Client. This API is experimental.
+    /// Adds enhanced rate limiting support to the Auth0 Client.
     /// </summary>
-    /// <param name="builder"></param>
+    /// <param name="builder">The underlying <see cref="IHttpClientBuilder"/></param>
+    /// <param name="maxRetryAttempts">The max number of retry attempts to Auth0. Defaults to 10.</param>
     /// <returns></returns>
-    [Experimental("Auth0DIExperimental")]
-    public static IHttpResiliencePipelineBuilder AddAuth0RateLimitResilience(this IHttpClientBuilder builder)
+    public static IHttpResiliencePipelineBuilder AddAuth0RateLimitResilience(this IHttpClientBuilder builder, int maxRetryAttempts = 10)
     {
         return builder.AddResilienceHandler("RateLimitRetry",
-            static builder =>
+            pipelineBuilder =>
             {
-                // See: https://www.pollydocs.org/strategies/retry.html
-                builder.AddRetry(new HttpRetryStrategyOptions
+                pipelineBuilder.AddRetry(new HttpRetryStrategyOptions
                 {
                     // Disable the default handling of Retry-After header
                     ShouldRetryAfterHeader = false,
@@ -41,8 +39,7 @@ public static IHttpResiliencePipelineBuilder AddAuth0RateLimitResilience(this IH
 
                         return new ValueTask<TimeSpan?>((TimeSpan?)null);
                     },
-
-                    MaxRetryAttempts = 10,
+                    MaxRetryAttempts = maxRetryAttempts,
                     Delay = TimeSpan.FromSeconds(2)
                 });
             });

tests/Auth0Net.DependencyInjection.Tests/Auth0Net.DependencyInjection.Tests.csproj

@@ -9,8 +9,8 @@
   <ItemGroup>
     <PackageReference Include="FakeItEasy" Version="8.3.0" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.12.0" />
-    <PackageReference Include="xunit.v3" Version="1.0.1" />
-    <PackageReference Include="xunit.runner.visualstudio" Version="3.0.1">
+    <PackageReference Include="xunit.v3" Version="2.0.2" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="3.1.0">
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>

tests/Auth0Net.DependencyInjection.Tests/CacheTests.cs

@@ -40,9 +40,9 @@ public async Task Cache_WorksAsExpected()
         var cache = new Auth0TokenCache(authClient, new FusionCacheTestProvider(), new NullLogger<Auth0TokenCache>(), config);
 
         var key = "api://my-audience";
-        var resFirst = await cache.GetTokenAsync(key);
+        var resFirst = await cache.GetTokenAsync(key, TestContext.Current.CancellationToken);
         Assert.Equal(accessTokenFirst, resFirst);
-        await Task.Delay(1000);
+        await Task.Delay(1000, TestContext.Current.CancellationToken);
 
 
         var accessTokenSecond = Guid.NewGuid().ToString();
@@ -54,7 +54,7 @@ public async Task Cache_WorksAsExpected()
                 ExpiresIn = 1
             });
 
-        var resSecond = await cache.GetTokenAsync(key);
+        var resSecond = await cache.GetTokenAsync(key, TestContext.Current.CancellationToken);
         Assert.Equal(accessTokenSecond, resSecond);
 
         A.CallTo(() => authClient.GetTokenAsync(A<ClientCredentialsTokenRequest>.Ignored, A<CancellationToken>.Ignored))