Rename the RequestTokenIntrospection event to SendIntrospectionRequest

Author: kevinchalet

src/AspNet.Security.OAuth.Introspection/Events/RequestTokenIntrospectionContext.cs renamed to src/AspNet.Security.OAuth.Introspection/Events/SendIntrospectionRequestContext.cs

@@ -14,17 +14,17 @@ namespace AspNet.Security.OAuth.Introspection
     /// <summary>
     /// Allows for custom handling of the call to the Authorization Server's Introspection endpoint.
     /// </summary>
-    public class RequestTokenIntrospectionContext : BaseContext
+    public class SendIntrospectionRequestContext : BaseControlContext
     {
-        public RequestTokenIntrospectionContext(
+        public SendIntrospectionRequestContext(
             [NotNull] HttpContext context,
             [NotNull] OAuthIntrospectionOptions options,
-            [NotNull] HttpRequestMessage message,
+            [NotNull] HttpRequestMessage request,
             [NotNull] string token)
             : base(context)
         {
             Options = options;
-            Message = message;
+            Request = request;
             Token = token;
         }
 
@@ -39,9 +39,14 @@ public RequestTokenIntrospectionContext(
         public HttpClient Client => Options.HttpClient;
 
         /// <summary>
-        /// Gets the HTTP message sent to the introspection endpoint.
+        /// Gets the HTTP request sent to the introspection endpoint.
         /// </summary>
-        public HttpRequestMessage Message { get; }
+        public new HttpRequestMessage Request { get; }
+
+        /// <summary>
+        /// Gets or sets the HTTP response returned by the introspection endpoint.
+        /// </summary>
+        public new HttpResponseMessage Response { get; set; }
 
         /// <summary>
         /// The access token parsed from the client request.

src/AspNet.Security.OAuth.Introspection/OAuthIntrospectionEvents.cs

@@ -27,7 +27,7 @@ public class OAuthIntrospectionEvents
         /// <summary>
         /// Invoked when a token is to be sent to the authorization server for introspection.
         /// </summary>
-        public Func<RequestTokenIntrospectionContext, Task> OnRequestTokenIntrospection { get; set; } = context => Task.FromResult(0);
+        public Func<SendIntrospectionRequestContext, Task> OnSendIntrospectionRequest { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
         /// Invoked when a token is to be parsed from a newly-received request.
@@ -52,7 +52,7 @@ public class OAuthIntrospectionEvents
         /// <summary>
         /// Invoked when a token is to be sent to the authorization server for introspection.
         /// </summary>
-        public virtual Task RequestTokenIntrospection(RequestTokenIntrospectionContext context) => OnRequestTokenIntrospection(context);
+        public virtual Task SendIntrospectionRequest(SendIntrospectionRequestContext context) => OnSendIntrospectionRequest(context);
 
         /// <summary>
         /// Invoked when a token is to be parsed from a newly-received request.

src/AspNet.Security.OAuth.Introspection/OAuthIntrospectionHandler.cs

@@ -409,10 +409,37 @@ private async Task<JObject> GetIntrospectionPayloadAsync(string token)
 
             request.Content = new FormUrlEncodedContent(parameters);
 
-            var notification = new RequestTokenIntrospectionContext(Context, Options, request, token);
-            await Options.Events.RequestTokenIntrospection(notification);
+            var notification = new SendIntrospectionRequestContext(Context, Options, request, token);
+            await Options.Events.SendIntrospectionRequest(notification);
+
+            HttpResponseMessage response = null;
+
+            if (notification.HandledResponse)
+            {
+                // If no response has been provided, return a failed result to
+                // indicate that authentication was rejected by application code.
+                if (notification.Response == null)
+                {
+                    Logger.LogInformation("Authentication was stopped by application code.");
+
+                    return null;
+                }
+
+                response = notification.Response;
+            }
+
+            else if (notification.Skipped)
+            {
+                Logger.LogInformation("Authentication was skipped by application code.");
+
+                return null;
+            }
+
+            if (response == null)
+            {
+                response = await Options.HttpClient.SendAsync(request, HttpCompletionOption.ResponseHeadersRead, Context.RequestAborted);
+            }
 
-            var response = await Options.HttpClient.SendAsync(request, HttpCompletionOption.ResponseHeadersRead, Context.RequestAborted);
             if (!response.IsSuccessStatusCode)
             {
                 Logger.LogError("An error occurred while validating an access token: the remote server " +

src/Owin.Security.OAuth.Introspection/Events/RequestTokenIntrospectionContext.cs renamed to src/Owin.Security.OAuth.Introspection/Events/SendIntrospectionRequestContext.cs

@@ -7,23 +7,23 @@
 using System.Net.Http;
 using JetBrains.Annotations;
 using Microsoft.Owin;
-using Microsoft.Owin.Security.Provider;
+using Microsoft.Owin.Security.Notifications;
 
 namespace Owin.Security.OAuth.Introspection
 {
     /// <summary>
     /// Allows for custom handling of the call to the Authorization Server's Introspection endpoint.
     /// </summary>
-    public class RequestTokenIntrospectionContext : BaseContext<OAuthIntrospectionOptions>
+    public class SendIntrospectionRequestContext : BaseNotification<OAuthIntrospectionOptions>
     {
-        public RequestTokenIntrospectionContext(
+        public SendIntrospectionRequestContext(
             [NotNull] IOwinContext context,
             [NotNull] OAuthIntrospectionOptions options,
-            [NotNull] HttpRequestMessage message,
+            [NotNull] HttpRequestMessage request,
             [NotNull] string token)
             : base(context, options)
         {
-            Message = message;
+            Request = request;
             Token = token;
         }
 
@@ -33,9 +33,14 @@ public RequestTokenIntrospectionContext(
         public HttpClient Client => Options.HttpClient;
 
         /// <summary>
-        /// Gets the HTTP message sent to the introspection endpoint.
+        /// Gets the HTTP request sent to the introspection endpoint.
         /// </summary>
-        public HttpRequestMessage Message { get; }
+        public new HttpRequestMessage Request { get; }
+
+        /// <summary>
+        /// Gets or sets the HTTP response returned by the introspection endpoint.
+        /// </summary>
+        public new HttpResponseMessage Response { get; set; }
 
         /// <summary>
         /// The access token parsed from the client request.

src/Owin.Security.OAuth.Introspection/OAuthIntrospectionEvents.cs

@@ -32,7 +32,7 @@ public class OAuthIntrospectionEvents
         /// <summary>
         /// Invoked when a token is to be sent to the authorization server for introspection.
         /// </summary>
-        public Func<RequestTokenIntrospectionContext, Task> OnRequestTokenIntrospection { get; set; } = context => Task.FromResult(0);
+        public Func<SendIntrospectionRequestContext, Task> OnSendIntrospectionRequest { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
         /// Invoked when a token is to be validated, before final processing.
@@ -57,7 +57,7 @@ public class OAuthIntrospectionEvents
         /// <summary>
         /// Invoked when a token is to be sent to the authorization server for introspection.
         /// </summary>
-        public virtual Task RequestTokenIntrospection(RequestTokenIntrospectionContext context) => OnRequestTokenIntrospection(context);
+        public virtual Task SendIntrospectionRequest(SendIntrospectionRequestContext context) => OnSendIntrospectionRequest(context);
 
         /// <summary>
         /// Invoked when a token is to be validated, before final processing.

src/Owin.Security.OAuth.Introspection/OAuthIntrospectionHandler.cs

@@ -399,10 +399,37 @@ private async Task<JObject> GetIntrospectionPayloadAsync(string token)
 
             request.Content = new FormUrlEncodedContent(parameters);
 
-            var notification = new RequestTokenIntrospectionContext(Context, Options, request, token);
-            await Options.Events.RequestTokenIntrospection(notification);
+            var notification = new SendIntrospectionRequestContext(Context, Options, request, token);
+            await Options.Events.SendIntrospectionRequest(notification);
+
+            HttpResponseMessage response = null;
+
+            if (notification.HandledResponse)
+            {
+                // If no response has been provided, return a failed result to
+                // indicate that authentication was rejected by application code.
+                if (notification.Response == null)
+                {
+                    Logger.LogInformation("Authentication was stopped by application code.");
+
+                    return null;
+                }
+
+                response = notification.Response;
+            }
+
+            else if (notification.Skipped)
+            {
+                Logger.LogInformation("Authentication was skipped by application code.");
+
+                return null;
+            }
+
+            if (response == null)
+            {
+                response = await Options.HttpClient.SendAsync(request, HttpCompletionOption.ResponseHeadersRead, Request.CallCancelled);
+            }
 
-            var response = await Options.HttpClient.SendAsync(request, HttpCompletionOption.ResponseHeadersRead, Request.CallCancelled);
             if (!response.IsSuccessStatusCode)
             {
                 Logger.LogError("An error occurred while validating an access token: the remote server " +