Port the introspection/validation middleware to the new ASP.NET Core 2.0 authentication stack

Author: kevinchalet

.travis.yml

@@ -14,8 +14,6 @@ env:
   global:
     - DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
     - DOTNET_CLI_TELEMETRY_OPTOUT: 1
-    - KOREBUILD_DOTNET_VERSION: 2.0.0-preview1-005418
-    - KOREBUILD_DOTNET_SHARED_RUNTIME_VERSION: 2.0.0-preview1-001919-00
 mono: none
 os:
   - linux

NuGet.config

@@ -2,6 +2,7 @@
 <configuration>
   <packageSources>
     <add key="NuGet" value="https://api.nuget.org/v3/index.json" />
+    <add key="aspnetcore" value="https://dotnet.myget.org/F/aspnetcore-ci-dev/api/v3/index.json" />
     <add key="aspnet-contrib" value="https://www.myget.org/F/aspnet-contrib/api/v3/index.json" />
   </packageSources>
 </configuration>

build/common.props

@@ -12,4 +12,14 @@
     <DebugType Condition=" '$(OS)' != 'Windows_NT' ">portable</DebugType>
   </PropertyGroup>
 
+  <ItemGroup Condition=" '$(TargetFrameworkIdentifier)' == '.NETFramework' ">
+    <PackageReference Include="NETStandard.Library.NETFramework" Version="$(NetStandardLibraryNetFrameworkVersion)" />
+  </ItemGroup>
+
+  <Target Name="WorkaroundAppConfigPathTooLong" BeforeTargets="GenerateBindingRedirects">
+    <PropertyGroup>
+      <_GenerateBindingRedirectsIntermediateAppConfig>$(IntermediateOutputPath)$(TargetFileName).config</_GenerateBindingRedirectsIntermediateAppConfig>
+    </PropertyGroup>
+  </Target>
+
 </Project>

build/dependencies.props

@@ -1,17 +1,20 @@
 <Project>
 
   <PropertyGroup>
-    <AspNetCoreVersion>1.0.0</AspNetCoreVersion>
+    <AspNetCoreVersion>2.0.0-*</AspNetCoreVersion>
+    <CoreFxVersion>4.4.0-*</CoreFxVersion>
     <IdentityModelVersion>1.0.4.403061554</IdentityModelVersion>
-    <IdentityModelCoreVersion>2.0.0</IdentityModelCoreVersion>
+    <IdentityModelCoreVersion>2.1.3-*</IdentityModelCoreVersion>
     <JetBrainsVersion>10.3.0</JetBrainsVersion>
-    <JsonNetVersion>9.0.1</JsonNetVersion>
-    <NetStandardImplicitPackageVersion>1.6.0</NetStandardImplicitPackageVersion>
-    <MoqVersion>4.7.8</MoqVersion>
+    <JsonNetVersion>10.0.2</JsonNetVersion>
+    <MoqVersion>4.7.63</MoqVersion>
+    <NetHttpVersion>4.3.2</NetHttpVersion>
+    <NetStandardImplicitPackageVersion>2.0.0-*</NetStandardImplicitPackageVersion>
+    <NetStandardLibraryNetFrameworkVersion>2.0.0-*</NetStandardLibraryNetFrameworkVersion>
     <OwinVersion>3.0.1</OwinVersion>
-    <RuntimeFrameworkVersion>1.0.0</RuntimeFrameworkVersion>
-    <TestSdkVersion>15.0.0</TestSdkVersion>
-    <XunitVersion>2.2.0</XunitVersion>
+    <RuntimeFrameworkVersion>2.0.0-*</RuntimeFrameworkVersion>
+    <TestSdkVersion>15.3.0-*</TestSdkVersion>
+    <XunitVersion>2.3.0-*</XunitVersion>
   </PropertyGroup>
 
 </Project>

build/version.props

@@ -1,8 +1,8 @@
 <Project>
 
   <PropertyGroup>
-    <VersionPrefix>1.0.0</VersionPrefix>
-    <VersionSuffix>rtm</VersionSuffix>
+    <VersionPrefix>2.0.0</VersionPrefix>
+    <VersionSuffix>preview1</VersionSuffix>
     <VersionSuffix Condition=" '$(VersionSuffix)' != '' AND '$(BuildNumber)' != '' ">$(VersionSuffix)-$(BuildNumber)</VersionSuffix>
   </PropertyGroup>
 

src/AspNet.Security.OAuth.Introspection/AspNet.Security.OAuth.Introspection.csproj

@@ -3,7 +3,7 @@
   <Import Project="..\..\build\packages.props" />
 
   <PropertyGroup>
-    <TargetFrameworks>net451;netstandard1.4</TargetFrameworks>
+    <TargetFramework>netstandard2.0</TargetFramework>
   </PropertyGroup>
 
   <PropertyGroup>

src/AspNet.Security.OAuth.Introspection/Events/ApplyChallengeContext.cs

@@ -7,35 +7,23 @@
 using JetBrains.Annotations;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
 
 namespace AspNet.Security.OAuth.Introspection
 {
     /// <summary>
     /// Allows customization of the challenge process.
     /// </summary>
-    public class ApplyChallengeContext : BaseControlContext
+    public class ApplyChallengeContext : PropertiesContext<OAuthIntrospectionOptions>
     {
         public ApplyChallengeContext(
             [NotNull] HttpContext context,
+            [NotNull] AuthenticationScheme scheme,
             [NotNull] OAuthIntrospectionOptions options,
             [NotNull] AuthenticationProperties properties)
-            : base(context)
+            : base(context, scheme, options, properties)
         {
-            Options = options;
-            Properties = properties;
         }
 
-        /// <summary>
-        /// Gets the options used by the introspection middleware.
-        /// </summary>
-        public OAuthIntrospectionOptions Options { get; }
-
-        /// <summary>
-        /// Gets the authentication properties associated with the challenge.
-        /// </summary>
-        public AuthenticationProperties Properties { get; }
-
         /// <summary>
         /// Gets or sets the "error" value returned to the caller as part
         /// of the WWW-Authenticate header. This property may be null when
@@ -67,5 +55,15 @@ public ApplyChallengeContext(
         /// the caller as part of the WWW-Authenticate header.
         /// </summary>
         public string Scope { get; set; }
+
+        /// <summary>
+        /// Gets a boolean indicating if the operation was handled from user code.
+        /// </summary>
+        public bool Handled { get; private set; }
+
+        /// <summary>
+        /// Marks the operation as handled to prevent the default logic from being applied.
+        /// </summary>
+        public void HandleResponse() => Handled = true;
     }
 }

src/AspNet.Security.OAuth.Introspection/Events/CreateTicketContext.cs

@@ -15,35 +15,26 @@ namespace AspNet.Security.OAuth.Introspection
     /// <summary>
     /// Allows interception of the AuthenticationTicket creation process.
     /// </summary>
-    public class CreateTicketContext : BaseControlContext
+    public class CreateTicketContext : ResultContext<OAuthIntrospectionOptions>
     {
         public CreateTicketContext(
             [NotNull] HttpContext context,
+            [NotNull] AuthenticationScheme scheme,
             [NotNull] OAuthIntrospectionOptions options,
             [NotNull] AuthenticationTicket ticket,
             [NotNull] JObject payload)
-            : base(context)
+            : base(context, scheme, options)
         {
-            Options = options;
-            Ticket = ticket;
+            Principal = ticket.Principal;
+            Properties = ticket.Properties;
             Payload = payload;
         }
 
-        /// <summary>
-        /// Gets the options used by the introspection middleware.
-        /// </summary>
-        public OAuthIntrospectionOptions Options { get; }
-
         /// <summary>
         /// Gets the identity containing the user claims.
         /// </summary>
         public ClaimsIdentity Identity => Principal?.Identity as ClaimsIdentity;
 
-        /// <summary>
-        /// Gets the principal containing the user claims.
-        /// </summary>
-        public ClaimsPrincipal Principal => Ticket?.Principal;
-
         /// <summary>
         /// Gets the payload extracted from the introspection response.
         /// </summary>

src/AspNet.Security.OAuth.Introspection/Events/RetrieveTokenContext.cs

@@ -13,21 +13,16 @@ namespace AspNet.Security.OAuth.Introspection
     /// <summary>
     /// Allows custom parsing of access tokens from requests.
     /// </summary>
-    public class RetrieveTokenContext : BaseControlContext
+    public class RetrieveTokenContext : ResultContext<OAuthIntrospectionOptions>
     {
         public RetrieveTokenContext(
             [NotNull] HttpContext context,
+            [NotNull] AuthenticationScheme scheme,
             [NotNull] OAuthIntrospectionOptions options)
-            : base(context)
+            : base(context, scheme, options)
         {
-            Options = options;
         }
 
-        /// <summary>
-        /// Gets the options used by the introspection middleware.
-        /// </summary>
-        public OAuthIntrospectionOptions Options { get; }
-
         /// <summary>
         /// Gets or sets the access token.
         /// </summary>

src/AspNet.Security.OAuth.Introspection/Events/SendIntrospectionRequestContext.cs

@@ -14,25 +14,20 @@ namespace AspNet.Security.OAuth.Introspection
     /// <summary>
     /// Allows for custom handling of the call to the Authorization Server's Introspection endpoint.
     /// </summary>
-    public class SendIntrospectionRequestContext : BaseControlContext
+    public class SendIntrospectionRequestContext : BaseContext<OAuthIntrospectionOptions>
     {
         public SendIntrospectionRequestContext(
             [NotNull] HttpContext context,
+            [NotNull] AuthenticationScheme scheme,
             [NotNull] OAuthIntrospectionOptions options,
             [NotNull] HttpRequestMessage request,
             [NotNull] string token)
-            : base(context)
+            : base(context, scheme, options)
         {
-            Options = options;
             Request = request;
             Token = token;
         }
 
-        /// <summary>
-        /// Gets the options used by the introspection middleware.
-        /// </summary>
-        public OAuthIntrospectionOptions Options { get; }
-
         /// <summary>
         /// An <see cref="HttpClient"/> for use by the application to call the authorization server.
         /// </summary>
@@ -52,5 +47,15 @@ public SendIntrospectionRequestContext(
         /// The access token parsed from the client request.
         /// </summary>
         public string Token { get; }
+
+        /// <summary>
+        /// Gets a boolean indicating if the operation was handled from user code.
+        /// </summary>
+        public bool Handled { get; private set; }
+
+        /// <summary>
+        /// Marks the operation as handled to prevent the default logic from being applied.
+        /// </summary>
+        public void HandleResponse() => Handled = true;
     }
 }