Add Adobe IO provider (#573)

* Add AdobeIO package

* Complete AdobeIO authentication

* Update src/AspNet.Security.OAuth.AdobeIO/AspNet.Security.OAuth.AdobeIO.csproj

Co-authored-by: Martin Costello <[email protected]>

* Use commas to format scope, allows adding individual scopes properly.

* Remove Endpoint paths.

* Remove unnecessary scope.

* Update readme with AdobeIO

* Use OAuth-specific page for AdobeIO

Co-authored-by: Martin Costello <[email protected]>

* Use DefaultNetCoreTargetFramework

* Add blank lines for readability.

Co-authored-by: Martin Costello <[email protected]>

Author: biltongza

AspNet.Security.OAuth.Providers.sln

@@ -254,6 +254,8 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "AspNet.Security.OAuth.Notio
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "AspNet.Security.OAuth.Mixcloud", "src\AspNet.Security.OAuth.Mixcloud\AspNet.Security.OAuth.Mixcloud.csproj", "{7A2EC21F-D411-4B45-AA3B-70143C1A9E2F}"
 EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "AspNet.Security.OAuth.AdobeIO", "src\AspNet.Security.OAuth.AdobeIO\AspNet.Security.OAuth.AdobeIO.csproj", "{91BB9A49-9C88-4132-96E4-2D6148ACDE77}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -572,6 +574,10 @@ Global
 		{7A2EC21F-D411-4B45-AA3B-70143C1A9E2F}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{7A2EC21F-D411-4B45-AA3B-70143C1A9E2F}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{7A2EC21F-D411-4B45-AA3B-70143C1A9E2F}.Release|Any CPU.Build.0 = Release|Any CPU
+		{91BB9A49-9C88-4132-96E4-2D6148ACDE77}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{91BB9A49-9C88-4132-96E4-2D6148ACDE77}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{91BB9A49-9C88-4132-96E4-2D6148ACDE77}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{91BB9A49-9C88-4132-96E4-2D6148ACDE77}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -661,6 +667,7 @@ Global
 		{C40ED377-E365-45FB-8B42-27BE82CC7BE3} = {C1352FD3-AE8B-43EE-B45B-F6E0B3FBAC6D}
 		{DF2786DF-234D-4A8C-B166-0B8F8B7D527B} = {C1352FD3-AE8B-43EE-B45B-F6E0B3FBAC6D}
 		{7A2EC21F-D411-4B45-AA3B-70143C1A9E2F} = {C1352FD3-AE8B-43EE-B45B-F6E0B3FBAC6D}
+		{91BB9A49-9C88-4132-96E4-2D6148ACDE77} = {C1352FD3-AE8B-43EE-B45B-F6E0B3FBAC6D}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {C7B54DE2-6407-4802-AD9C-CE54BF414C8C}

README.md

@@ -89,6 +89,7 @@ We would love it if you could help contributing to this repository.
 * [zAfLu](https://github.com/zAfLu)
 * [zhengchun](https://github.com/zhengchun)
 * [Volodymyr Baydalka](https://github.com/zVolodymyr)
+* [Logan Dam](https://github.com/biltongza)
 
 ## Support
 
@@ -111,6 +112,7 @@ If a provider you're looking for does not exist, consider making a PR to add one
 
 | Provider | Stable | Nightly | Documentation |
 |:-:|:-:|:-:|:-:|
+| AdobeIO | [![NuGet](https://buildstats.info/nuget/AspNet.Security.OAuth.AdobeIO?includePreReleases=false)](https://www.nuget.org/packages/AspNet.Security.OAuth.AdobeIO/ "Download AspNet.Security.OAuth.AdobeIO from NuGet.org") | [![MyGet](https://buildstats.info/myget/aspnet-contrib/AspNet.Security.OAuth.AdobeIO?includePreReleases=true)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.AdobeIO "Download AspNet.Security.OAuth.AdobeIO from MyGet.org") | [Documentation](https://www.adobe.io/authentication/auth-methods.html#!AdobeDocs/adobeio-auth/master/AuthenticationOverview/OAuthIntegration.md "AdobeIO developer documentation") |
 | Alipay | [![NuGet](https://buildstats.info/nuget/AspNet.Security.OAuth.Alipay?includePreReleases=false)](https://www.nuget.org/packages/AspNet.Security.OAuth.Alipay/ "Download AspNet.Security.OAuth.Alipay from NuGet.org") | [![MyGet](https://buildstats.info/myget/aspnet-contrib/AspNet.Security.OAuth.Alipay?includePreReleases=true)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.Alipay "Download AspNet.Security.OAuth.Alipay from MyGet.org") | [Documentation](https://opendocs.alipay.com/open/01emu5 "Alipay developer documentation") |
 | Amazon | [![NuGet](https://buildstats.info/nuget/AspNet.Security.OAuth.Amazon?includePreReleases=false)](https://www.nuget.org/packages/AspNet.Security.OAuth.Amazon/ "Download AspNet.Security.OAuth.Amazon from NuGet.org") | [![MyGet](https://buildstats.info/myget/aspnet-contrib/AspNet.Security.OAuth.Amazon?includePreReleases=true)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.Amazon "Download AspNet.Security.OAuth.Amazon from MyGet.org") | [Documentation](https://developer.amazon.com/docs/login-with-amazon/documentation-overview.html "Amazon developer documentation") |
 | amoCRM | [![NuGet](https://buildstats.info/nuget/AspNet.Security.OAuth.AmoCrm?includePreReleases=false)](https://www.nuget.org/packages/AspNet.Security.OAuth.AmoCrm/ "Download AspNet.Security.OAuth.AmoCrm from NuGet.org") | [![MyGet](https://buildstats.info/myget/aspnet-contrib/AspNet.Security.OAuth.AmoCrm?includePreReleases=true)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.AmoCrm "Download AspNet.Security.OAuth.AmoCrm from MyGet.org") | [Documentation](https://www.amocrm.com/developers/content/oauth/step-by-step/ "amoCRM developer documentation") |

src/AspNet.Security.OAuth.AdobeIO/AdobeIOAuthenticationConstants.cs

@@ -0,0 +1,20 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+namespace AspNet.Security.OAuth.AdobeIO
+{
+    /// <summary>
+    /// Contains constants specific to the <see cref="AdobeIOAuthenticationHandler"/>.
+    /// </summary>
+    public static class AdobeIOAuthenticationConstants
+    {
+        public static class Claims
+        {
+            public const string AccountType = "urn:adobeio:account_type";
+            public const string EmailVerified = "urn:adobeio:email_verified";
+        }
+    }
+}

src/AspNet.Security.OAuth.AdobeIO/AdobeIOAuthenticationDefaults.cs

@@ -0,0 +1,49 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.OAuth;
+
+namespace AspNet.Security.OAuth.AdobeIO
+{
+    public static class AdobeIOAuthenticationDefaults
+    {
+        /// <summary>
+        /// Default value for <see cref="AuthenticationScheme.Name"/>.
+        /// </summary>
+        public const string AuthenticationScheme = "AdobeIO";
+
+        /// <summary>
+        /// Default value for <see cref="AuthenticationScheme.DisplayName"/>.
+        /// </summary>
+        public const string DisplayName = "AdobeIO";
+
+        /// <summary>
+        /// Default value for <see cref="AuthenticationSchemeOptions.ClaimsIssuer"/>.
+        /// </summary>
+        public const string Issuer = "AdobeIO";
+
+        /// <summary>
+        /// Default value for <see cref="RemoteAuthenticationOptions.CallbackPath"/>.
+        /// </summary>
+        public const string CallbackPath = "/signin-adobeio";
+
+        /// <summary>
+        /// Default value for <see cref="OAuthOptions.AuthorizationEndpoint"/>.
+        /// </summary>
+        public const string AuthorizationEndpoint = "https://ims-na1.adobelogin.com/ims/authorize/v2";
+
+        /// <summary>
+        /// Default value for <see cref="OAuthOptions.TokenEndpoint"/>.
+        /// </summary>
+        public const string TokenEndpoint = "https://ims-na1.adobelogin.com/ims/token";
+
+        /// <summary>
+        /// Default value for <see cref="OAuthOptions.UserInformationEndpoint"/>.
+        /// </summary>
+        public const string UserInformationEndpoint = "https://ims-na1.adobelogin.com/ims/userinfo/v2";
+    }
+}

src/AspNet.Security.OAuth.AdobeIO/AdobeIOAuthenticationExtensions.cs

@@ -0,0 +1,78 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+using System;
+using AspNet.Security.OAuth.AdobeIO;
+using JetBrains.Annotations;
+using Microsoft.AspNetCore.Authentication;
+
+namespace Microsoft.Extensions.DependencyInjection
+{
+    /// <summary>
+    /// Extension methods to add AdobeIO authentication capabilities to an HTTP application pipeline.
+    /// </summary>
+    public static class AdobeIOAuthenticationExtensions
+    {
+        /// <summary>
+        /// Adds <see cref="AdobeIOAuthenticationHandler"/> to the specified
+        /// <see cref="AuthenticationBuilder"/>, which enables AdobeIO authentication capabilities.
+        /// </summary>
+        /// <param name="builder">The authentication builder.</param>
+        /// <returns>The <see cref="AuthenticationBuilder"/>.</returns>
+        public static AuthenticationBuilder AddAdobeIO([NotNull] this AuthenticationBuilder builder)
+        {
+            return builder.AddAdobeIO(AdobeIOAuthenticationDefaults.AuthenticationScheme, options => { });
+        }
+
+        /// <summary>
+        /// Adds <see cref="AdobeIOAuthenticationHandler"/> to the specified
+        /// <see cref="AuthenticationBuilder"/>, which enables AdobeIO authentication capabilities.
+        /// </summary>
+        /// <param name="builder">The authentication builder.</param>
+        /// <param name="configuration">The delegate used to configure the OpenID 2.0 options.</param>
+        /// <returns>The <see cref="AuthenticationBuilder"/>.</returns>
+        public static AuthenticationBuilder AddAdobeIO(
+            [NotNull] this AuthenticationBuilder builder,
+            [NotNull] Action<AdobeIOAuthenticationOptions> configuration)
+        {
+            return builder.AddAdobeIO(AdobeIOAuthenticationDefaults.AuthenticationScheme, configuration);
+        }
+
+        /// <summary>
+        /// Adds <see cref="AdobeIOAuthenticationHandler"/> to the specified
+        /// <see cref="AuthenticationBuilder"/>, which enables AdobeIO authentication capabilities.
+        /// </summary>
+        /// <param name="builder">The authentication builder.</param>
+        /// <param name="scheme">The authentication scheme associated with this instance.</param>
+        /// <param name="configuration">The delegate used to configure the AdobeIO options.</param>
+        /// <returns>The <see cref="AuthenticationBuilder"/>.</returns>
+        public static AuthenticationBuilder AddAdobeIO(
+            [NotNull] this AuthenticationBuilder builder,
+            [NotNull] string scheme,
+            [NotNull] Action<AdobeIOAuthenticationOptions> configuration)
+        {
+            return builder.AddAdobeIO(scheme, AdobeIOAuthenticationDefaults.DisplayName, configuration);
+        }
+
+        /// <summary>
+        /// Adds <see cref="AdobeIOAuthenticationHandler"/> to the specified
+        /// <see cref="AuthenticationBuilder"/>, which enables AdobeIO authentication capabilities.
+        /// </summary>
+        /// <param name="builder">The authentication builder.</param>
+        /// <param name="scheme">The authentication scheme associated with this instance.</param>
+        /// <param name="caption">The optional display name associated with this instance.</param>
+        /// <param name="configuration">The delegate used to configure the AdobeIO options.</param>
+        /// <returns>The <see cref="AuthenticationBuilder"/>.</returns>
+        public static AuthenticationBuilder AddAdobeIO(
+            [NotNull] this AuthenticationBuilder builder,
+            [NotNull] string scheme,
+            [CanBeNull] string caption,
+            [NotNull] Action<AdobeIOAuthenticationOptions> configuration)
+        {
+            return builder.AddOAuth<AdobeIOAuthenticationOptions, AdobeIOAuthenticationHandler>(scheme, caption, configuration);
+        }
+    }
+}

src/AspNet.Security.OAuth.AdobeIO/AdobeIOAuthenticationHandler.cs

@@ -0,0 +1,72 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+using System.Collections.Generic;
+using System.Linq;
+using System.Net.Http;
+using System.Net.Http.Headers;
+using System.Security.Claims;
+using System.Text.Encodings.Web;
+using System.Text.Json;
+using System.Threading.Tasks;
+using JetBrains.Annotations;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.OAuth;
+using Microsoft.AspNetCore.WebUtilities;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+
+namespace AspNet.Security.OAuth.AdobeIO
+{
+    public class AdobeIOAuthenticationHandler : OAuthHandler<AdobeIOAuthenticationOptions>
+    {
+        public AdobeIOAuthenticationHandler(
+            [NotNull] IOptionsMonitor<AdobeIOAuthenticationOptions> options,
+            [NotNull] ILoggerFactory logger,
+            [NotNull] UrlEncoder encoder,
+            [NotNull] ISystemClock clock)
+            : base(options, logger, encoder, clock)
+        {
+        }
+
+        protected override async Task<AuthenticationTicket> CreateTicketAsync(
+            [NotNull] ClaimsIdentity identity,
+            [NotNull] AuthenticationProperties properties,
+            [NotNull] OAuthTokenResponse tokens)
+        {
+            string address = QueryHelpers.AddQueryString(Options.UserInformationEndpoint, "client_id", Options.ClientId);
+
+            using var request = new HttpRequestMessage(HttpMethod.Get, address);
+            request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
+            request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", tokens.AccessToken);
+
+            using var response = await Backchannel.SendAsync(request, HttpCompletionOption.ResponseHeadersRead, Context.RequestAborted);
+            if (!response.IsSuccessStatusCode)
+            {
+                Logger.LogError("An error occurred while retrieving the user profile: the remote server " +
+                                "returned a {Status} response with the following payload: {Headers} {Body}.",
+                                /* Status: */ response.StatusCode,
+                                /* Headers: */ response.Headers.ToString(),
+                                /* Body: */ await response.Content.ReadAsStringAsync(Context.RequestAborted));
+
+                throw new HttpRequestException("An error occurred while retrieving the user profile.");
+            }
+
+            using var payload = JsonDocument.Parse(await response.Content.ReadAsStringAsync(Context.RequestAborted));
+
+            var principal = new ClaimsPrincipal(identity);
+            var context = new OAuthCreatingTicketContext(principal, properties, Context, Scheme, Options, Backchannel, tokens, payload.RootElement);
+            context.RunClaimActions();
+
+            await Options.Events.CreatingTicket(context);
+            return new AuthenticationTicket(context.Principal!, context.Properties, Scheme.Name);
+        }
+
+        /// <inheritdoc/>
+        protected override string FormatScope([NotNull] IEnumerable<string> scopes)
+            => string.Join(',', scopes);
+    }
+}

src/AspNet.Security.OAuth.AdobeIO/AdobeIOAuthenticationOptions.cs

@@ -0,0 +1,41 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+using System.Security.Claims;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.OAuth;
+using static AspNet.Security.OAuth.AdobeIO.AdobeIOAuthenticationConstants;
+
+namespace AspNet.Security.OAuth.AdobeIO
+{
+    /// <summary>
+    /// Defines a set of options used by <see cref="AdobeIOAuthenticationHandler"/>.
+    /// </summary>
+    public class AdobeIOAuthenticationOptions : OAuthOptions
+    {
+        public AdobeIOAuthenticationOptions()
+        {
+            ClaimsIssuer = AdobeIOAuthenticationDefaults.Issuer;
+            CallbackPath = AdobeIOAuthenticationDefaults.CallbackPath;
+
+            AuthorizationEndpoint = AdobeIOAuthenticationDefaults.AuthorizationEndpoint;
+            TokenEndpoint = AdobeIOAuthenticationDefaults.TokenEndpoint;
+            UserInformationEndpoint = AdobeIOAuthenticationDefaults.UserInformationEndpoint;
+
+            Scope.Add("openid");
+            Scope.Add("AdobeID");
+
+            ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "sub");
+            ClaimActions.MapJsonKey(ClaimTypes.Name, "name");
+            ClaimActions.MapJsonKey(ClaimTypes.Email, "email");
+            ClaimActions.MapJsonKey(ClaimTypes.GivenName, "given_name");
+            ClaimActions.MapJsonKey(ClaimTypes.Surname, "family_name");
+            ClaimActions.MapJsonSubKey(ClaimTypes.Country, "address", "country");
+            ClaimActions.MapJsonKey(Claims.AccountType, "account_type");
+            ClaimActions.MapJsonKey(Claims.EmailVerified, "email_verified");
+        }
+    }
+}

src/AspNet.Security.OAuth.AdobeIO/AspNet.Security.OAuth.AdobeIO.csproj

@@ -0,0 +1,18 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>$(DefaultNetCoreTargetFramework)</TargetFramework>
+  </PropertyGroup>
+
+  <PropertyGroup>
+    <Description>ASP.NET Core security middleware enabling AdobeIO authentication.</Description>
+    <Authors>biltongza</Authors>
+    <PackageTags>adobe;aspnetcore;authentication;oauth;security</PackageTags>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <FrameworkReference Include="Microsoft.AspNetCore.App" />
+    <PackageReference Include="JetBrains.Annotations" PrivateAssets="All" />
+  </ItemGroup>
+
+</Project>

test/AspNet.Security.OAuth.Providers.Tests/AdobeIO/AdobeIOTests.cs

@@ -0,0 +1,54 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+using System.Security.Claims;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.Extensions.DependencyInjection;
+using Xunit;
+using Xunit.Abstractions;
+
+namespace AspNet.Security.OAuth.AdobeIO
+{
+    public class AdobeIOTests : OAuthTests<AdobeIOAuthenticationOptions>
+    {
+        public AdobeIOTests(ITestOutputHelper outputHelper)
+        {
+            OutputHelper = outputHelper;
+        }
+
+        public override string DefaultScheme => AdobeIOAuthenticationDefaults.AuthenticationScheme;
+
+        protected internal override void RegisterAuthentication(AuthenticationBuilder builder)
+        {
+            builder.AddAdobeIO(options =>
+            {
+                ConfigureDefaults(builder, options);
+            });
+        }
+
+        [Theory]
+        [InlineData(ClaimTypes.NameIdentifier, "B0DC108C5CD449CA0A494133@c62f24cc5b5b7e0e0a494004")]
+        [InlineData(ClaimTypes.Name, "John Sample")]
+        [InlineData(ClaimTypes.Email, "[email protected]")]
+        [InlineData(ClaimTypes.GivenName, "John")]
+        [InlineData(ClaimTypes.Surname, "Sample")]
+        [InlineData(ClaimTypes.Country, "US")]
+        [InlineData("urn:adobeio:account_type", "ent")]
+        [InlineData("urn:adobeio:email_verified", "True")]
+        public async Task Can_Sign_In_Using_AdobeIO(string claimType, string claimValue)
+        {
+            // Arrange
+            using var server = CreateTestServer();
+
+            // Act
+            var claims = await AuthenticateUserAsync(server);
+
+            // Assert
+            AssertClaim(claims, claimType, claimValue);
+        }
+    }
+}