Introduce events support in the introspection/validation middleware

Author: MonkeyJamboree

.gitignore

@@ -21,6 +21,7 @@ x64/
 build/
 [Bb]in/
 [Oo]bj/
+.build/
 
 # Enable "build/" folder in the NuGet Packages folder since NuGet packages use it for MSBuild targets
 !packages/*/build/

src/AspNet.Security.OAuth.Introspection/AspNet.Security.OAuth.Introspection.xproj

@@ -4,17 +4,15 @@
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
   </PropertyGroup>
-
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>a8569260-142c-427a-8b14-a8df56cc15b7</ProjectGuid>
-    <RootNamespace>AspNet.Security.OpenIdConnect.Introspection</RootNamespace>
+    <RootNamespace>AspNet.Security.OAuth.Introspection</RootNamespace>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
     <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
   </PropertyGroup>
-
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
+</Project>

src/AspNet.Security.OAuth.Introspection/Events/CreateTicketContext.cs

@@ -0,0 +1,49 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Extensions for more information
+ * concerning the license and the contributors participating to this project.
+ */
+
+using System.Security.Claims;
+using JetBrains.Annotations;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Http;
+using Newtonsoft.Json.Linq;
+
+namespace AspNet.Security.OAuth.Introspection {
+    /// <summary>
+    /// Allows interception of the AuthenticationTicket creation process.
+    /// </summary>
+    public class CreateTicketContext : BaseControlContext {
+        public CreateTicketContext(
+            [NotNull] HttpContext context,
+            [NotNull] OAuthIntrospectionOptions options,
+            [NotNull] AuthenticationTicket ticket,
+            [NotNull] JObject payload)
+            : base(context) {
+            Options = options;
+            Ticket = ticket;
+            Payload = payload;
+        }
+
+        /// <summary>
+        /// Gets the options used by the introspection middleware.
+        /// </summary>
+        public OAuthIntrospectionOptions Options { get; }
+
+        /// <summary>
+        /// Gets the identity containing the user claims.
+        /// </summary>
+        public ClaimsIdentity Identity => Principal?.Identity as ClaimsIdentity;
+
+        /// <summary>
+        /// Gets the principal containing the user claims.
+        /// </summary>
+        public ClaimsPrincipal Principal => Ticket?.Principal;
+
+        /// <summary>
+        /// Gets the payload extracted from the introspection response.
+        /// </summary>
+        public JObject Payload { get; }
+    }
+}

src/AspNet.Security.OAuth.Introspection/Events/RequestTokenIntrospectionContext.cs

@@ -0,0 +1,48 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Extensions for more information
+ * concerning the license and the contributors participating to this project.
+ */
+
+using System.Net.Http;
+using JetBrains.Annotations;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Http;
+
+namespace AspNet.Security.OAuth.Introspection {
+    /// <summary>
+    /// Allows for custom handling of the call to the Authorization Server's Introspection endpoint.
+    /// </summary>
+    public class RequestTokenIntrospectionContext : BaseContext {
+        public RequestTokenIntrospectionContext(
+            [NotNull] HttpContext context,
+            [NotNull] OAuthIntrospectionOptions options,
+            [NotNull] HttpRequestMessage message,
+            [NotNull] string token)
+            : base(context) {
+            Options = options;
+            Message = message;
+            Token = token;
+        }
+
+        /// <summary>
+        /// Gets the options used by the introspection middleware.
+        /// </summary>
+        public OAuthIntrospectionOptions Options { get; }
+
+        /// <summary>
+        /// An <see cref="HttpClient"/> for use by the application to call the authorization server.
+        /// </summary>
+        public HttpClient Client => Options.HttpClient;
+
+        /// <summary>
+        /// Gets the HTTP message sent to the introspection endpoint.
+        /// </summary>
+        public HttpRequestMessage Message { get; }
+
+        /// <summary>
+        /// The access token parsed from the client request.
+        /// </summary>
+        public string Token { get; }
+    }
+}

src/AspNet.Security.OAuth.Introspection/Events/RetrieveTokenContext.cs

@@ -0,0 +1,33 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Extensions for more information
+ * concerning the license and the contributors participating to this project.
+ */
+
+using JetBrains.Annotations;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Http;
+
+namespace AspNet.Security.OAuth.Introspection {
+    /// <summary>
+    /// Allows custom parsing of access tokens from requests.
+    /// </summary>
+    public class RetrieveTokenContext : BaseControlContext {
+        public RetrieveTokenContext(
+            [NotNull] HttpContext context,
+            [NotNull] OAuthIntrospectionOptions options)
+            : base(context) {
+            Options = options;
+        }
+
+        /// <summary>
+        /// Gets the options used by the introspection middleware.
+        /// </summary>
+        public OAuthIntrospectionOptions Options { get; }
+
+        /// <summary>
+        /// Gets or sets the access token.
+        /// </summary>
+        public string Token { get; set; }
+    }
+}

src/AspNet.Security.OAuth.Introspection/Events/ValidateTokenContext.cs

@@ -0,0 +1,30 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Extensions for more information
+ * concerning the license and the contributors participating to this project.
+ */
+
+using JetBrains.Annotations;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Http;
+
+namespace AspNet.Security.OAuth.Introspection {
+    /// <summary>
+    /// Allows customization of the token validation logic.
+    /// </summary>
+    public class ValidateTokenContext : BaseControlContext {
+        public ValidateTokenContext(
+            [NotNull] HttpContext context,
+            [NotNull] OAuthIntrospectionOptions options,
+            [NotNull] AuthenticationTicket ticket) 
+            : base(context) {
+            Options = options;
+            Ticket = ticket;
+        }
+
+        /// <summary>
+        /// Gets the options used by the introspection middleware.
+        /// </summary>
+        public OAuthIntrospectionOptions Options { get; }
+    }
+}

src/AspNet.Security.OAuth.Introspection/IOAuthIntrospectionEvents.cs

@@ -0,0 +1,34 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Extensions for more information
+ * concerning the license and the contributors participating to this project.
+ */
+
+using System.Threading.Tasks;
+
+namespace AspNet.Security.OAuth.Introspection {
+    /// <summary>
+    /// Allows customization of introspection handling within the middleware.
+    /// </summary>
+    public interface IOAuthIntrospectionEvents {
+        /// <summary>
+        /// Invoked when a token is to be parsed from a newly-received request.
+        /// </summary>
+        Task RetrieveToken(RetrieveTokenContext context);
+
+        /// <summary>
+        /// Invoked when a ticket is to be created from an introspection response.
+        /// </summary>
+        Task CreateTicket(CreateTicketContext context);
+
+        /// <summary>
+        /// Invoked when a token is to be sent to the authorization server for introspection.
+        /// </summary>
+        Task RequestTokenIntrospection(RequestTokenIntrospectionContext context);
+
+        /// <summary>
+        /// Invoked when a token is to be validated, before final processing.
+        /// </summary>
+        Task ValidateToken(ValidateTokenContext context);
+    }
+}

src/AspNet.Security.OAuth.Introspection/OAuthIntrospectionConstants.cs

@@ -27,6 +27,10 @@ public static class Parameters {
             public const string TokenTypeHint = "token_type_hint";
         }
 
+        public static class Properties {
+            public const string Audiences = ".audiences";
+        }
+
         public static class TokenTypes {
             public const string AccessToken = "access_token";
         }

src/AspNet.Security.OAuth.Introspection/OAuthIntrospectionEvents.cs

@@ -0,0 +1,55 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Extensions for more information
+ * concerning the license and the contributors participating to this project.
+ */
+
+using System;
+using System.Threading.Tasks;
+
+namespace AspNet.Security.OAuth.Introspection {
+    /// <summary>
+    /// Allows customization of introspection handling within the middleware.
+    /// </summary>
+    public class OAuthIntrospectionEvents : IOAuthIntrospectionEvents {
+        /// <summary>
+        /// Invoked when a ticket is to be created from an introspection response.
+        /// </summary>
+        public Func<CreateTicketContext, Task> OnCreateTicket { get; set; } = context => Task.FromResult(0);
+
+        /// <summary>
+        /// Invoked when a token is to be parsed from a newly-received request.
+        /// </summary>
+        public Func<RetrieveTokenContext, Task> OnRetrieveToken { get; set; } = context => Task.FromResult(0);
+
+        /// <summary>
+        /// Invoked when a token is to be sent to the authorization server for introspection.
+        /// </summary>
+        public Func<RequestTokenIntrospectionContext, Task> OnRequestTokenIntrospection { get; set; } = context => Task.FromResult(0);
+
+        /// <summary>
+        /// Invoked when a token is to be validated, before final processing.
+        /// </summary>
+        public Func<ValidateTokenContext, Task> OnValidateToken { get; set; } = context => Task.FromResult(0);
+
+        /// <summary>
+        /// Invoked when a ticket is to be created from an introspection response.
+        /// </summary>
+        public virtual Task CreateTicket(CreateTicketContext context) => OnCreateTicket(context);
+
+        /// <summary>
+        /// Invoked when a token is to be parsed from a newly-received request.
+        /// </summary>
+        public virtual Task RetrieveToken(RetrieveTokenContext context) => OnRetrieveToken(context);
+
+        /// <summary>
+        /// Invoked when a token is to be sent to the authorization server for introspection.
+        /// </summary>
+        public virtual Task RequestTokenIntrospection(RequestTokenIntrospectionContext context) => OnRequestTokenIntrospection(context);
+
+        /// <summary>
+        /// Invoked when a token is to be validated, before final processing.
+        /// </summary>
+        public virtual Task ValidateToken(ValidateTokenContext context) => OnValidateToken(context);
+    }
+}