Add QuickBooks provider (#593)

* Add the QuickBooks provider

* Change the author of QuickBooks property

* Change QuickBooks project property from TargetFramework to TargetFrameworks

* Update AspNet.Security.OAuth.Providers.sln

* Update AspNet.Security.OAuth.QuickBooks.csproj

* Changed the QuickBooks authentication options.
Add the test cases for all the mapped claims.
Change the email to a fake email address.

* Move the version from the csproj to pakcages.props.
Clean the QuickBooksAuthenticationHandler.

* Removed the unnecessary configuration and codes
Changed the QuickBooks provider URL from test to production.
Changed the scope implementation as recommended.

Author: yongshui

AspNet.Security.OAuth.Providers.sln

@@ -257,7 +257,9 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "AspNet.Security.OAuth.Mixcl
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "AspNet.Security.OAuth.AdobeIO", "src\AspNet.Security.OAuth.AdobeIO\AspNet.Security.OAuth.AdobeIO.csproj", "{91BB9A49-9C88-4132-96E4-2D6148ACDE77}"
 EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AspNet.Security.OAuth.Zendesk", "src\AspNet.Security.OAuth.Zendesk\AspNet.Security.OAuth.Zendesk.csproj", "{C90BA18B-E6C4-4E84-AFCC-58A4EE13BA40}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "AspNet.Security.OAuth.Zendesk", "src\AspNet.Security.OAuth.Zendesk\AspNet.Security.OAuth.Zendesk.csproj", "{C90BA18B-E6C4-4E84-AFCC-58A4EE13BA40}"
+EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "AspNet.Security.OAuth.QuickBooks", "src\AspNet.Security.OAuth.QuickBooks\AspNet.Security.OAuth.QuickBooks.csproj", "{815DA59A-E884-4BAD-B16C-D0B550B40A8D}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
@@ -585,6 +587,10 @@ Global
 		{C90BA18B-E6C4-4E84-AFCC-58A4EE13BA40}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{C90BA18B-E6C4-4E84-AFCC-58A4EE13BA40}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{C90BA18B-E6C4-4E84-AFCC-58A4EE13BA40}.Release|Any CPU.Build.0 = Release|Any CPU
+		{815DA59A-E884-4BAD-B16C-D0B550B40A8D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{815DA59A-E884-4BAD-B16C-D0B550B40A8D}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{815DA59A-E884-4BAD-B16C-D0B550B40A8D}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{815DA59A-E884-4BAD-B16C-D0B550B40A8D}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -676,6 +682,7 @@ Global
 		{7A2EC21F-D411-4B45-AA3B-70143C1A9E2F} = {C1352FD3-AE8B-43EE-B45B-F6E0B3FBAC6D}
 		{91BB9A49-9C88-4132-96E4-2D6148ACDE77} = {C1352FD3-AE8B-43EE-B45B-F6E0B3FBAC6D}
 		{C90BA18B-E6C4-4E84-AFCC-58A4EE13BA40} = {C1352FD3-AE8B-43EE-B45B-F6E0B3FBAC6D}
+		{815DA59A-E884-4BAD-B16C-D0B550B40A8D} = {C1352FD3-AE8B-43EE-B45B-F6E0B3FBAC6D}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {C7B54DE2-6407-4802-AD9C-CE54BF414C8C}

src/AspNet.Security.OAuth.QuickBooks/AspNet.Security.OAuth.QuickBooks.csproj

@@ -0,0 +1,17 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFrameworks>$(DefaultNetCoreTargetFramework)</TargetFrameworks>
+  </PropertyGroup>
+
+  <PropertyGroup>
+    <Description>ASP.NET Core security middleware enabling QuickBooks authentication.</Description>
+    <Authors>RekingShui</Authors>
+    <PackageTags>quickbooks;aspnetcore;authentication;oauth;security</PackageTags>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <FrameworkReference Include="Microsoft.AspNetCore.App" />
+    <PackageReference Include="JetBrains.Annotations" PrivateAssets="All" />
+  </ItemGroup>
+</Project>

src/AspNet.Security.OAuth.QuickBooks/QuickBooksAuthenticationConstants.cs

@@ -0,0 +1,20 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+namespace AspNet.Security.OAuth.QuickBooks
+{
+    /// <summary>
+    /// Contains constants specific to the <see cref="QuickBooksAuthenticationHandler"/>.
+    /// </summary>
+    public static class QuickBooksAuthenticationConstants
+    {
+        public static class Claims
+        {
+            public const string AccountType = "urn:quickbooks:appenvrionment";
+            public const string EmailVerified = "urn:quickbooks:email_verified";
+        }
+    }
+}

src/AspNet.Security.OAuth.QuickBooks/QuickBooksAuthenticationDefaults.cs

@@ -0,0 +1,49 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.OAuth;
+
+namespace AspNet.Security.OAuth.QuickBooks
+{
+    public static class QuickBooksAuthenticationDefaults
+    {
+        /// <summary>
+        /// Default value for <see cref="AuthenticationScheme.Name"/>.
+        /// </summary>
+        public const string AuthenticationScheme = "QuickBooks";
+
+        /// <summary>
+        /// Default value for <see cref="AuthenticationScheme.DisplayName"/>.
+        /// </summary>
+        public const string DisplayName = "QuickBooks";
+
+        /// <summary>
+        /// Default value for <see cref="AuthenticationSchemeOptions.ClaimsIssuer"/>.
+        /// </summary>
+        public const string Issuer = "https://oauth.platform.intuit.com/op/v1";
+
+        /// <summary>
+        /// Default value for <see cref="RemoteAuthenticationOptions.CallbackPath"/>.
+        /// </summary>
+        public const string CallbackPath = "/signin-quickbooks";
+
+        /// <summary>
+        /// Default value for <see cref="OAuthOptions.AuthorizationEndpoint"/>.
+        /// </summary>
+        public const string AuthorizationEndpoint = "https://appcenter.intuit.com/connect/oauth2";
+
+        /// <summary>
+        /// Default value for <see cref="OAuthOptions.TokenEndpoint"/>.
+        /// </summary>
+        public const string TokenEndpoint = "https://oauth.platform.intuit.com/oauth2/v1/tokens/bearer";
+
+        /// <summary>
+        /// Default value for <see cref="OAuthOptions.UserInformationEndpoint"/>.
+        /// </summary>
+        public const string UserInformationEndpoint = "https://accounts.platform.intuit.com/v1/openid_connect/userinfo";
+    }
+}

src/AspNet.Security.OAuth.QuickBooks/QuickBooksAuthenticationExtensions.cs

@@ -0,0 +1,78 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+using System;
+using AspNet.Security.OAuth.QuickBooks;
+using JetBrains.Annotations;
+using Microsoft.AspNetCore.Authentication;
+
+namespace Microsoft.Extensions.DependencyInjection
+{
+    /// <summary>
+    /// Extension methods to add QuickBooks authentication capabilities to an HTTP application pipeline.
+    /// </summary>
+    public static class QuickBooksAuthenticationExtensions
+    {
+        /// <summary>
+        /// Adds <see cref="QuickBooksAuthenticationHandler"/> to the specified
+        /// <see cref="AuthenticationBuilder"/>, which enables QuickBooks authentication capabilities.
+        /// </summary>
+        /// <param name="builder">The authentication builder.</param>
+        /// <returns>The <see cref="AuthenticationBuilder"/>.</returns>
+        public static AuthenticationBuilder AddQuickBooks([NotNull] this AuthenticationBuilder builder)
+        {
+            return builder.AddQuickBooks(QuickBooksAuthenticationDefaults.AuthenticationScheme, options => { });
+        }
+
+        /// <summary>
+        /// Adds <see cref="QuickBooksAuthenticationHandler"/> to the specified
+        /// <see cref="AuthenticationBuilder"/>, which enables QuickBooks authentication capabilities.
+        /// </summary>
+        /// <param name="builder">The authentication builder.</param>
+        /// <param name="configuration">The delegate used to configure the OpenID 2.0 options.</param>
+        /// <returns>The <see cref="AuthenticationBuilder"/>.</returns>
+        public static AuthenticationBuilder AddQuickBooks(
+            [NotNull] this AuthenticationBuilder builder,
+            [NotNull] Action<QuickBooksAuthenticationOptions> configuration)
+        {
+            return builder.AddQuickBooks(QuickBooksAuthenticationDefaults.AuthenticationScheme, configuration);
+        }
+
+        /// <summary>
+        /// Adds <see cref="QuickBooksAuthenticationHandler"/> to the specified
+        /// <see cref="AuthenticationBuilder"/>, which enables QuickBooks authentication capabilities.
+        /// </summary>
+        /// <param name="builder">The authentication builder.</param>
+        /// <param name="scheme">The authentication scheme associated with this instance.</param>
+        /// <param name="configuration">The delegate used to configure the QuickBooks options.</param>
+        /// <returns>The <see cref="AuthenticationBuilder"/>.</returns>
+        public static AuthenticationBuilder AddQuickBooks(
+            [NotNull] this AuthenticationBuilder builder,
+            [NotNull] string scheme,
+            [NotNull] Action<QuickBooksAuthenticationOptions> configuration)
+        {
+            return builder.AddQuickBooks(scheme, QuickBooksAuthenticationDefaults.DisplayName, configuration);
+        }
+
+        /// <summary>
+        /// Adds <see cref="QuickBooksAuthenticationHandler"/> to the specified
+        /// <see cref="AuthenticationBuilder"/>, which enables QuickBooks authentication capabilities.
+        /// </summary>
+        /// <param name="builder">The authentication builder.</param>
+        /// <param name="scheme">The authentication scheme associated with this instance.</param>
+        /// <param name="caption">The optional display name associated with this instance.</param>
+        /// <param name="configuration">The delegate used to configure the QuickBooks options.</param>
+        /// <returns>The <see cref="AuthenticationBuilder"/>.</returns>
+        public static AuthenticationBuilder AddQuickBooks(
+            [NotNull] this AuthenticationBuilder builder,
+            [NotNull] string scheme,
+            [CanBeNull] string caption,
+            [NotNull] Action<QuickBooksAuthenticationOptions> configuration)
+        {
+            return builder.AddOAuth<QuickBooksAuthenticationOptions, QuickBooksAuthenticationHandler>(scheme, caption, configuration);
+        }
+    }
+}

src/AspNet.Security.OAuth.QuickBooks/QuickBooksAuthenticationHandler.cs

@@ -0,0 +1,67 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+using System.Collections.Generic;
+using System.Net.Http;
+using System.Net.Http.Headers;
+using System.Security.Claims;
+using System.Text.Encodings.Web;
+using System.Text.Json;
+using System.Threading.Tasks;
+using JetBrains.Annotations;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.OAuth;
+using Microsoft.AspNetCore.WebUtilities;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+
+namespace AspNet.Security.OAuth.QuickBooks
+{
+    public class QuickBooksAuthenticationHandler : OAuthHandler<QuickBooksAuthenticationOptions>
+    {
+        public QuickBooksAuthenticationHandler(
+            [NotNull] IOptionsMonitor<QuickBooksAuthenticationOptions> options,
+            [NotNull] ILoggerFactory logger,
+            [NotNull] UrlEncoder encoder,
+            [NotNull] ISystemClock clock)
+            : base(options, logger, encoder, clock)
+        {
+        }
+
+        protected override async Task<AuthenticationTicket> CreateTicketAsync(
+            [NotNull] ClaimsIdentity identity,
+            [NotNull] AuthenticationProperties properties,
+            [NotNull] OAuthTokenResponse tokens)
+        {
+            string address = QueryHelpers.AddQueryString(Options.UserInformationEndpoint, "client_id", Options.ClientId);
+
+            using var request = new HttpRequestMessage(HttpMethod.Get, address);
+            request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
+            request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", tokens.AccessToken);
+
+            using var response = await Backchannel.SendAsync(request, HttpCompletionOption.ResponseHeadersRead, Context.RequestAborted);
+            if (!response.IsSuccessStatusCode)
+            {
+                Logger.LogError("An error occurred while retrieving the user profile: the remote server " +
+                                "returned a {Status} response with the following payload: {Headers} {Body}.",
+                                /* Status: */ response.StatusCode,
+                                /* Headers: */ response.Headers.ToString(),
+                                /* Body: */ await response.Content.ReadAsStringAsync(Context.RequestAborted));
+
+                throw new HttpRequestException("An error occurred while retrieving the user profile.");
+            }
+
+            using var payload = JsonDocument.Parse(await response.Content.ReadAsStringAsync(Context.RequestAborted));
+
+            var principal = new ClaimsPrincipal(identity);
+            var context = new OAuthCreatingTicketContext(principal, properties, Context, Scheme, Options, Backchannel, tokens, payload.RootElement);
+            context.RunClaimActions();
+
+            await Options.Events.CreatingTicket(context);
+            return new AuthenticationTicket(context.Principal!, context.Properties, Scheme.Name);
+        }
+    }
+}

src/AspNet.Security.OAuth.QuickBooks/QuickBooksAuthenticationOptions.cs

@@ -0,0 +1,39 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+using System.Security.Claims;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.OAuth;
+using static AspNet.Security.OAuth.QuickBooks.QuickBooksAuthenticationConstants;
+
+namespace AspNet.Security.OAuth.QuickBooks
+{
+    /// <summary>
+    /// Defines a set of options used by <see cref="QuickBooksAuthenticationHandler"/>.
+    /// </summary>
+    public class QuickBooksAuthenticationOptions : OAuthOptions
+    {
+        public QuickBooksAuthenticationOptions()
+        {
+            ClaimsIssuer = QuickBooksAuthenticationDefaults.Issuer;
+            CallbackPath = QuickBooksAuthenticationDefaults.CallbackPath;
+
+            AuthorizationEndpoint = QuickBooksAuthenticationDefaults.AuthorizationEndpoint;
+            TokenEndpoint = QuickBooksAuthenticationDefaults.TokenEndpoint;
+            UserInformationEndpoint = QuickBooksAuthenticationDefaults.UserInformationEndpoint;
+
+            Scope.Add("openid");
+            Scope.Add("profile");
+            Scope.Add("phone");
+            Scope.Add("email");
+
+            ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "sub");
+            ClaimActions.MapJsonKey(ClaimTypes.MobilePhone, "mobilephone");
+            ClaimActions.MapJsonKey(ClaimTypes.Email, "email");
+            ClaimActions.MapJsonKey(Claims.EmailVerified, "emailVerified");
+        }
+    }
+}

test/AspNet.Security.OAuth.Providers.Tests/QuickBooks/QuickBooksTests.cs

@@ -0,0 +1,52 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+using System.Security.Claims;
+using System.Threading.Tasks;
+using AspNet.Security.OAuth.QuickBooks;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.Extensions.DependencyInjection;
+using Xunit;
+using Xunit.Abstractions;
+using static AspNet.Security.OAuth.QuickBooks.QuickBooksAuthenticationConstants;
+
+namespace AspNet.Security.OAuth.QuickBooksTests
+{
+    public class QuickBooksTests : OAuthTests<QuickBooksAuthenticationOptions>
+    {
+        public QuickBooksTests(ITestOutputHelper outputHelper)
+        {
+            OutputHelper = outputHelper;
+        }
+
+        public override string DefaultScheme => QuickBooksAuthenticationDefaults.AuthenticationScheme;
+
+        protected internal override void RegisterAuthentication(AuthenticationBuilder builder)
+        {
+            builder.AddQuickBooks(options =>
+            {
+                ConfigureDefaults(builder, options);
+            });
+        }
+
+        [Theory]
+        [InlineData(ClaimTypes.NameIdentifier, "2039290222")]
+        [InlineData(ClaimTypes.MobilePhone, "(314)000-0000")]
+        [InlineData(ClaimTypes.Email, "[email protected]")]
+        [InlineData(Claims.EmailVerified, "true")]
+        public async Task Can_Sign_In_Using_QuickBooks(string claimType, string claimValue)
+        {
+            // Arrange
+            using var server = CreateTestServer();
+
+            // Act
+            var claims = await AuthenticateUserAsync(server);
+
+            // Assert
+            AssertClaim(claims, claimType, claimValue);
+        }
+    }
+}

test/AspNet.Security.OAuth.Providers.Tests/QuickBooks/bundle.json

@@ -0,0 +1,26 @@
+{
+  "$schema": "https://raw.githubusercontent.com/justeat/httpclient-interception/master/src/HttpClientInterception/Bundles/http-request-bundle-schema.json",
+  "items": [
+    {
+      "uri": "https://oauth.platform.intuit.com/oauth2/v1/tokens/bearer",
+      "method": "POST",
+      "contentFormat": "json",
+      "contentJson": {
+        "access_token": "secret-access-token",
+        "token_type": "access",
+        "refresh_token": "secret-refresh-token",
+        "expires_in": "300"
+      }
+    },
+    {
+      "uri": "https://accounts.platform.intuit.com/v1/openid_connect/userinfo?client_id=my-client-id",
+      "contentFormat": "json",
+      "contentJson": {
+        "sub": "2039290222",
+        "mobilephone": "(314)000-0000",
+        "email": "[email protected]",
+        "emailVerified": "true"
+      }
+    }
+  ]
+}