Add Miro provider (#1046)

Add Miro provider.

Author: jerriep

AspNet.Security.OAuth.Providers.sln

@@ -221,6 +221,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "docs", "docs", "{C2CA4B38-A
 		docs\workweixin.md = docs\workweixin.md
 		docs\xumm.md = docs\xumm.md
 		docs\zendesk.md = docs\zendesk.md
+		docs\miro.md = docs\miro.md
 		docs\linear.md = docs\linear.md
 	EndProjectSection
 EndProject
@@ -319,6 +320,8 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AspNet.Security.OAuth.GitCo
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AspNet.Security.OAuth.Atlassian", "src\AspNet.Security.OAuth.Atlassian\AspNet.Security.OAuth.Atlassian.csproj", "{D2110C1B-6FE1-4D9A-81ED-93FB2AC85049}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AspNet.Security.OAuth.Miro", "src\AspNet.Security.OAuth.Miro\AspNet.Security.OAuth.Miro.csproj", "{7F22DE22-FDE8-4A14-AA65-D5B36098533E}"
+EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AspNet.Security.OAuth.Linear", "src\AspNet.Security.OAuth.Linear\AspNet.Security.OAuth.Linear.csproj", "{B1167108-CA36-4C6B-85B0-1C7F5A24E4A4}"
 EndProject
 Global
@@ -743,6 +746,10 @@ Global
 		{D2110C1B-6FE1-4D9A-81ED-93FB2AC85049}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{D2110C1B-6FE1-4D9A-81ED-93FB2AC85049}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{D2110C1B-6FE1-4D9A-81ED-93FB2AC85049}.Release|Any CPU.Build.0 = Release|Any CPU
+		{7F22DE22-FDE8-4A14-AA65-D5B36098533E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{7F22DE22-FDE8-4A14-AA65-D5B36098533E}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{7F22DE22-FDE8-4A14-AA65-D5B36098533E}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{7F22DE22-FDE8-4A14-AA65-D5B36098533E}.Release|Any CPU.Build.0 = Release|Any CPU
 		{B1167108-CA36-4C6B-85B0-1C7F5A24E4A4}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{B1167108-CA36-4C6B-85B0-1C7F5A24E4A4}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{B1167108-CA36-4C6B-85B0-1C7F5A24E4A4}.Release|Any CPU.ActiveCfg = Release|Any CPU
@@ -862,6 +869,7 @@ Global
 		{F3E62C24-5F82-4CF5-A994-0E10D04FB495} = {C1352FD3-AE8B-43EE-B45B-F6E0B3FBAC6D}
 		{668833D5-DB6A-475F-B0FD-A03462B037B8} = {C1352FD3-AE8B-43EE-B45B-F6E0B3FBAC6D}
 		{D2110C1B-6FE1-4D9A-81ED-93FB2AC85049} = {C1352FD3-AE8B-43EE-B45B-F6E0B3FBAC6D}
+		{7F22DE22-FDE8-4A14-AA65-D5B36098533E} = {C1352FD3-AE8B-43EE-B45B-F6E0B3FBAC6D}
 		{B1167108-CA36-4C6B-85B0-1C7F5A24E4A4} = {C1352FD3-AE8B-43EE-B45B-F6E0B3FBAC6D}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution

README.md

@@ -205,6 +205,7 @@ If a provider you're looking for does not exist, consider making a PR to add one
 | LinkedIn | [![NuGet](https://img.shields.io/nuget/v/AspNet.Security.OAuth.LinkedIn?logo=nuget&label=NuGet&color=blue)](https://www.nuget.org/packages/AspNet.Security.OAuth.LinkedIn/ "Download AspNet.Security.OAuth.LinkedIn from NuGet.org") | [![MyGet](https://img.shields.io/myget/aspnet-contrib/vpre/AspNet.Security.OAuth.LinkedIn?logo=nuget&label=MyGet&color=blue)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.LinkedIn "Download AspNet.Security.OAuth.LinkedIn from MyGet.org") | [Documentation](https://docs.microsoft.com/en-us/linkedin/shared/authentication/authentication "LinkedIn developer documentation") |
 | MailChimp | [![NuGet](https://img.shields.io/nuget/v/AspNet.Security.OAuth.MailChimp?logo=nuget&label=NuGet&color=blue)](https://www.nuget.org/packages/AspNet.Security.OAuth.MailChimp/ "Download AspNet.Security.OAuth.MailChimp from NuGet.org") | [![MyGet](https://img.shields.io/myget/aspnet-contrib/vpre/AspNet.Security.OAuth.MailChimp?logo=nuget&label=MyGet&color=blue)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.MailChimp "Download AspNet.Security.OAuth.MailChimp from MyGet.org") | [Documentation](https://developer.mailchimp.com/documentation/mailchimp/guides/how-to-use-oauth2/ "MailChimp developer documentation") |
 | MailRu | [![NuGet](https://img.shields.io/nuget/v/AspNet.Security.OAuth.MailRu?logo=nuget&label=NuGet&color=blue)](https://www.nuget.org/packages/AspNet.Security.OAuth.MailRu/ "Download AspNet.Security.OAuth.MailRu from NuGet.org") | [![MyGet](https://img.shields.io/myget/aspnet-contrib/vpre/AspNet.Security.OAuth.MailRu?logo=nuget&label=MyGet&color=blue)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.MailRu "Download AspNet.Security.OAuth.MailRu from MyGet.org") | [Documentation](https://o2.mail.ru/docs#web "MailRu developer documentation") |
+| Miro | [![NuGet](https://img.shields.io/nuget/v/AspNet.Security.OAuth.Miro?logo=nuget&label=NuGet&color=blue)](https://www.nuget.org/packages/AspNet.Security.OAuth.Miro/ "Download AspNet.Security.OAuth.Miro from NuGet.org") | [![MyGet](https://img.shields.io/myget/aspnet-contrib/vpre/AspNet.Security.OAuth.Miro?logo=nuget&label=MyGet&color=blue)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.Miro "Download AspNet.Security.OAuth.Miro from MyGet.org") | [Documentation](https://developers.miro.com/docs/getting-started-with-oauth "Miro developer documentation") |
 | Mixcloud | [![NuGet](https://img.shields.io/nuget/v/AspNet.Security.OAuth.Mixcloud?logo=nuget&label=NuGet&color=blue)](https://www.nuget.org/packages/AspNet.Security.OAuth.Mixcloud/ "Download AspNet.Security.OAuth.Mixcloud from NuGet.org") | [![MyGet](https://img.shields.io/myget/aspnet-contrib/vpre/AspNet.Security.OAuth.Mixcloud?logo=nuget&label=MyGet&color=blue)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.Mixcloud "Download AspNet.Security.OAuth.Mixcloud from MyGet.org") | [Documentation](https://www.mixcloud.com/developers/#authorization "Mixcloud developer documentation") |
 | Moodle | [![NuGet](https://img.shields.io/nuget/v/AspNet.Security.OAuth.Moodle?logo=nuget&label=NuGet&color=blue)](https://www.nuget.org/packages/AspNet.Security.OAuth.Moodle/ "Download AspNet.Security.OAuth.Moodle from NuGet.org") | [![MyGet](https://img.shields.io/myget/aspnet-contrib/vpre/AspNet.Security.OAuth.Moodle?logo=nuget&label=MyGet&color=blue)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.Moodle "Download AspNet.Security.OAuth.Moodle from MyGet.org") | [Documentation](https://github.com/HIT-ReFreSH/moodle-local_oauth "Moodle OAuth2 plugin developer documentation") |
 | Myob | [![NuGet](https://img.shields.io/nuget/v/AspNet.Security.OAuth.Myob?logo=nuget&label=NuGet&color=blue)](https://www.nuget.org/packages/AspNet.Security.OAuth.Myob/ "Download AspNet.Security.OAuth.Myob from NuGet.org") | [![MyGet](https://img.shields.io/myget/aspnet-contrib/vpre/AspNet.Security.OAuth.Myob?logo=nuget&label=MyGet&color=blue)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.Myob "Download AspNet.Security.OAuth.Myob from MyGet.org") | [Documentation](https://developer.myob.com/api/accountright/api-overview/authentication/ "Myob developer documentation") |

docs/README.md

@@ -61,6 +61,7 @@ covered by the section above.
 | Line | _Optional_ | [Documentation](line.md "Line provider documentation") |
 | Linear | _Optional_ | [Documentation](linear.md "Linear provider documentation") |
 | LinkedIn | _Optional_ | [Documentation](linkedin.md "LinkedIn provider documentation") |
+| Miro | _Optional_ | [Documentation](miro.md "Miro provider documentation") |
 | Odnoklassniki | _Optional_ | [Documentation](odnoklassniki.md "Odnoklassniki provider documentation") |
 | Okta | **Required** | [Documentation](okta.md "Okta provider documentation") |
 | Patreon | _Optional_ | [Documentation](patreon.md "Patreon provider documentation") |

docs/miro.md

@@ -0,0 +1,25 @@
+# Integrating the Miro Provider
+
+## Example
+
+```csharp
+services.AddAuthentication(options => /* Auth configuration */)
+        .AddMiro(options =>
+        {
+            options.ClientId = configuration["Miro:ClientId"] ?? string.Empty;
+            options.ClientSecret = configuration["Miro:ClientSecret"] ?? string.Empty;
+        })
+```
+
+## Required Additional Settings
+
+_None._
+
+## Optional Settings
+
+_None._
+
+## Retrieving the user's email address
+
+The Miro provider does not return the user's email address, since the API endpoints to do that is available only on the Miro Enterprise plan. If you are on the Miro Enterprise plan, you can use the access token returned by the authentication flow to retrieve the user's email address yourself by following the Miro documentation for [getting the user info and email](https://developers.miro.com/docs/get-user-info-and-email).
+

src/AspNet.Security.OAuth.Miro/AspNet.Security.OAuth.Miro.csproj

@@ -0,0 +1,21 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <PackageValidationBaselineVersion>9.2.0</PackageValidationBaselineVersion>
+    <!-- TODO Remove once published to NuGet.org -->
+    <DisablePackageBaselineValidation>true</DisablePackageBaselineValidation>
+    <TargetFrameworks>$(DefaultNetCoreTargetFramework)</TargetFrameworks>
+  </PropertyGroup>
+
+  <PropertyGroup>
+    <Description>ASP.NET Core security middleware enabling Miro authentication.</Description>
+    <Authors>Jerrie Pelser</Authors>
+    <PackageTags>aspnetcore;authentication;miro;oauth;security</PackageTags>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <FrameworkReference Include="Microsoft.AspNetCore.App" />
+    <PackageReference Include="JetBrains.Annotations" PrivateAssets="All" />
+  </ItemGroup>
+
+</Project>

src/AspNet.Security.OAuth.Miro/MiroAuthenticationConstants.cs

@@ -0,0 +1,24 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+namespace AspNet.Security.OAuth.Miro;
+
+/// <summary>
+/// Contains constants specific to the <see cref="MiroAuthenticationHandler"/>.
+/// </summary>
+public static class MiroAuthenticationConstants
+{
+    public static class Claims
+    {
+        public const string OrganizationId = "urn:miro:organization_id";
+
+        public const string OrganizationName = "urn:miro:organization_name";
+
+        public const string TeamId = "urn:miro:team_id";
+
+        public const string TeamName = "urn:miro:team_name";
+    }
+}

src/AspNet.Security.OAuth.Miro/MiroAuthenticationDefaults.cs

@@ -0,0 +1,48 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+namespace AspNet.Security.OAuth.Miro;
+
+/// <summary>
+/// Default values used by the Miro authentication middleware.
+/// </summary>
+public class MiroAuthenticationDefaults
+{
+    /// <summary>
+    /// Default value for <see cref="AuthenticationScheme.Name"/>.
+    /// </summary>
+    public const string AuthenticationScheme = "Miro";
+
+    /// <summary>
+    /// Default value for <see cref="AuthenticationScheme.DisplayName"/>.
+    /// </summary>
+    public static readonly string DisplayName = "Miro";
+
+    /// <summary>
+    /// Default value for <see cref="AuthenticationSchemeOptions.ClaimsIssuer"/>.
+    /// </summary>
+    public static readonly string Issuer = "Miro";
+
+    /// <summary>
+    /// Default value for <see cref="RemoteAuthenticationOptions.CallbackPath"/>.
+    /// </summary>
+    public static readonly string CallbackPath = "/signin-miro";
+
+    /// <summary>
+    /// Default value for <see cref="OAuthOptions.AuthorizationEndpoint"/>.
+    /// </summary>
+    public static readonly string AuthorizationEndpoint = "https://miro.com/oauth/authorize";
+
+    /// <summary>
+    /// Default value for <see cref="OAuthOptions.TokenEndpoint"/>.
+    /// </summary>
+    public static readonly string TokenEndpointFormat = "https://api.miro.com/v1/oauth/token";
+
+    /// <summary>
+    /// Default value <see cref="OAuthOptions.UserInformationEndpoint"/>.
+    /// </summary>
+    public static readonly string UserInformationEndpoint = "https://api.miro.com/v1/oauth-token";
+}

src/AspNet.Security.OAuth.Miro/MiroAuthenticationExtensions.cs

@@ -0,0 +1,71 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+using AspNet.Security.OAuth.Miro;
+
+namespace Microsoft.Extensions.DependencyInjection;
+
+public static class MiroAuthenticationExtensions
+{
+    /// <summary>
+    /// Adds <see cref="MiroAuthenticationHandler"/> to the specified
+    /// <see cref="AuthenticationBuilder"/>, which enables Miro authentication capabilities.
+    /// </summary>
+    /// <param name="builder">The authentication builder.</param>
+    /// <returns>A reference to this instance after the operation has completed.</returns>
+    public static AuthenticationBuilder AddMiro([NotNull] this AuthenticationBuilder builder)
+    {
+        return builder.AddMiro(MiroAuthenticationDefaults.AuthenticationScheme, options => { });
+    }
+
+    /// <summary>
+    /// Adds <see cref="MiroAuthenticationHandler"/> to the specified
+    /// <see cref="AuthenticationBuilder"/>, which enables Miro authentication capabilities.
+    /// </summary>
+    /// <param name="builder">The authentication builder.</param>
+    /// <param name="configuration">The delegate used to configure the Miro authentication options.</param>
+    /// <returns>A reference to this instance after the operation has completed.</returns>
+    public static AuthenticationBuilder AddMiro(
+        [NotNull] this AuthenticationBuilder builder,
+        [NotNull] Action<MiroAuthenticationOptions> configuration)
+    {
+        return builder.AddMiro(MiroAuthenticationDefaults.AuthenticationScheme, configuration);
+    }
+
+    /// <summary>
+    /// Adds <see cref="AspNet.Security.OAuth.Miro.MiroAuthenticationHandler"/> to the specified
+    /// <see cref="AuthenticationBuilder"/>, which enables Miro authentication capabilities.
+    /// </summary>
+    /// <param name="builder">The authentication builder.</param>
+    /// <param name="scheme">The authentication scheme associated with this instance.</param>
+    /// <param name="configuration">The delegate used to configure the Miro authentication options.</param>
+    /// <returns>The <see cref="AuthenticationBuilder"/>.</returns>
+    public static AuthenticationBuilder AddMiro(
+        [NotNull] this AuthenticationBuilder builder,
+        [NotNull] string scheme,
+        [NotNull] Action<MiroAuthenticationOptions> configuration)
+    {
+        return builder.AddMiro(scheme, MiroAuthenticationDefaults.DisplayName, configuration);
+    }
+
+    /// <summary>
+    /// Adds <see cref="AspNet.Security.OAuth.Miro.MiroAuthenticationHandler"/> to the specified
+    /// <see cref="AuthenticationBuilder"/>, which enables Miro authentication capabilities.
+    /// </summary>
+    /// <param name="builder">The authentication builder.</param>
+    /// <param name="scheme">The authentication scheme associated with this instance.</param>
+    /// <param name="caption">The optional display name associated with this instance.</param>
+    /// <param name="configuration">The delegate used to configure the Miro authentication options.</param>
+    /// <returns>The <see cref="AuthenticationBuilder"/>.</returns>
+    public static AuthenticationBuilder AddMiro(
+        [NotNull] this AuthenticationBuilder builder,
+        [NotNull] string scheme,
+        [NotNull] string caption,
+        [NotNull] Action<MiroAuthenticationOptions> configuration)
+    {
+        return builder.AddOAuth<MiroAuthenticationOptions, MiroAuthenticationHandler>(scheme, caption, configuration);
+    }
+}

src/AspNet.Security.OAuth.Miro/MiroAuthenticationHandler.cs

@@ -0,0 +1,68 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+using System.Net.Http.Headers;
+using System.Security.Claims;
+using System.Text.Encodings.Web;
+using System.Text.Json;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+
+namespace AspNet.Security.OAuth.Miro;
+
+public partial class MiroAuthenticationHandler(
+    [NotNull] IOptionsMonitor<MiroAuthenticationOptions> options,
+    [NotNull] ILoggerFactory logger,
+    [NotNull] UrlEncoder encoder)
+    : OAuthHandler<MiroAuthenticationOptions>(options, logger, encoder)
+{
+    protected override async Task<AuthenticationTicket> CreateTicketAsync(
+        [NotNull] ClaimsIdentity identity,
+        [NotNull] AuthenticationProperties properties,
+        [NotNull] OAuthTokenResponse tokens)
+    {
+        using var request = new HttpRequestMessage(HttpMethod.Get, Options.UserInformationEndpoint);
+        request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
+        request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", tokens.AccessToken);
+
+        using var response = await Backchannel.SendAsync(request, HttpCompletionOption.ResponseHeadersRead, Context.RequestAborted);
+        if (!response.IsSuccessStatusCode)
+        {
+            await Log.UserProfileErrorAsync(Logger, response, Context.RequestAborted);
+            throw new HttpRequestException("An error occurred while retrieving the user profile from Miro.");
+        }
+
+        using var payload = JsonDocument.Parse(await response.Content.ReadAsStringAsync(Context.RequestAborted));
+
+        var principal = new ClaimsPrincipal(identity);
+        var context = new OAuthCreatingTicketContext(principal, properties, Context, Scheme, Options, Backchannel, tokens, payload.RootElement);
+        context.RunClaimActions();
+
+        await Events.CreatingTicket(context);
+        return new AuthenticationTicket(context.Principal!, context.Properties, Scheme.Name);
+    }
+
+    private static partial class Log
+    {
+        internal static async Task UserProfileErrorAsync(ILogger logger, HttpResponseMessage response, CancellationToken cancellationToken)
+        {
+            UserProfileError(
+                logger,
+                response.StatusCode,
+                response.Headers.ToString(),
+                await response.Content.ReadAsStringAsync(cancellationToken));
+        }
+
+        [LoggerMessage(1,
+            LogLevel.Error,
+            "An error occurred while retrieving the user profile: the remote server returned a {Status} response with the following payload: {Headers} {Body}.")]
+        private static partial void UserProfileError(
+            ILogger logger,
+            System.Net.HttpStatusCode status,
+            string headers,
+            string body);
+    }
+}

src/AspNet.Security.OAuth.Miro/MiroAuthenticationOptions.cs

@@ -0,0 +1,30 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+using System.Security.Claims;
+using static AspNet.Security.OAuth.Miro.MiroAuthenticationConstants;
+
+namespace AspNet.Security.OAuth.Miro;
+
+public class MiroAuthenticationOptions : OAuthOptions
+{
+    public MiroAuthenticationOptions()
+    {
+        ClaimsIssuer = MiroAuthenticationDefaults.Issuer;
+        CallbackPath = MiroAuthenticationDefaults.CallbackPath;
+
+        AuthorizationEndpoint = MiroAuthenticationDefaults.AuthorizationEndpoint;
+        TokenEndpoint = MiroAuthenticationDefaults.TokenEndpointFormat;
+        UserInformationEndpoint = MiroAuthenticationDefaults.UserInformationEndpoint;
+
+        ClaimActions.MapJsonSubKey(ClaimTypes.NameIdentifier, "user", "id");
+        ClaimActions.MapJsonSubKey(ClaimTypes.Name, "user", "name");
+        ClaimActions.MapJsonSubKey(Claims.OrganizationId, "organization", "id");
+        ClaimActions.MapJsonSubKey(Claims.OrganizationName, "organization", "name");
+        ClaimActions.MapJsonSubKey(Claims.TeamId, "team", "id");
+        ClaimActions.MapJsonSubKey(Claims.TeamName, "team", "name");
+    }
+}