Add ServiceChannel provider (#616)

* Add ServiceChannel provider

Author: dev-hyang

AspNet.Security.OAuth.Providers.sln

@@ -265,6 +265,8 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "AspNet.Security.OAuth.Quick
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "AspNet.Security.OAuth.Ebay", "src\AspNet.Security.OAuth.Ebay\AspNet.Security.OAuth.Ebay.csproj", "{574A52D9-E7A5-4E11-8F36-5C8AA7033287}"
 EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "AspNet.Security.OAuth.ServiceChannel", "src\AspNet.Security.OAuth.ServiceChannel\AspNet.Security.OAuth.ServiceChannel.csproj", "{57633BE6-C7AD-4197-A75A-F38A2312A4D9}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -599,6 +601,10 @@ Global
 		{574A52D9-E7A5-4E11-8F36-5C8AA7033287}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{574A52D9-E7A5-4E11-8F36-5C8AA7033287}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{574A52D9-E7A5-4E11-8F36-5C8AA7033287}.Release|Any CPU.Build.0 = Release|Any CPU
+		{57633BE6-C7AD-4197-A75A-F38A2312A4D9}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{57633BE6-C7AD-4197-A75A-F38A2312A4D9}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{57633BE6-C7AD-4197-A75A-F38A2312A4D9}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{57633BE6-C7AD-4197-A75A-F38A2312A4D9}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -692,6 +698,7 @@ Global
 		{C90BA18B-E6C4-4E84-AFCC-58A4EE13BA40} = {C1352FD3-AE8B-43EE-B45B-F6E0B3FBAC6D}
 		{815DA59A-E884-4BAD-B16C-D0B550B40A8D} = {C1352FD3-AE8B-43EE-B45B-F6E0B3FBAC6D}
 		{574A52D9-E7A5-4E11-8F36-5C8AA7033287} = {C1352FD3-AE8B-43EE-B45B-F6E0B3FBAC6D}
+		{57633BE6-C7AD-4197-A75A-F38A2312A4D9} = {C1352FD3-AE8B-43EE-B45B-F6E0B3FBAC6D}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {C7B54DE2-6407-4802-AD9C-CE54BF414C8C}

samples/Mvc.Client/Properties/launchSettings.json

@@ -21,7 +21,8 @@
       "launchUrl": "https://localhost:5001/",
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development"
-      }
+      },
+      "applicationUrl": ""
     }
   }
-}
+}

src/AspNet.Security.OAuth.ServiceChannel/AspNet.Security.OAuth.ServiceChannel.csproj

@@ -0,0 +1,17 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFrameworks>$(DefaultNetCoreTargetFramework)</TargetFrameworks>
+  </PropertyGroup>
+
+  <PropertyGroup>
+    <Description>ASP.NET Core security middleware enabling ServiceChannel authentication.</Description>
+    <Authors>Hang Yang</Authors>
+    <PackageTags>servicechannel;aspnetcore;authentication;oauth;security</PackageTags>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <FrameworkReference Include="Microsoft.AspNetCore.App" />
+    <PackageReference Include="JetBrains.Annotations" PrivateAssets="All" />
+  </ItemGroup>
+</Project>

src/AspNet.Security.OAuth.ServiceChannel/ServiceChannelAuthenticationConstants.cs

@@ -0,0 +1,20 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+namespace AspNet.Security.OAuth.ServiceChannel
+{
+    /// <summary>
+    /// Contains constants specific to the <see cref="ServiceChannelAuthenticationHandler"/>.
+    /// </summary>
+    public static class ServiceChannelAuthenticationConstants
+    {
+        public static class Claims
+        {
+            public const string ProviderId = "urn:servicechannel:providerId";
+            public const string ProviderName = "urn:servicechannel:providerName";
+        }
+    }
+}

src/AspNet.Security.OAuth.ServiceChannel/ServiceChannelAuthenticationDefaults.cs

@@ -0,0 +1,49 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.OAuth;
+
+namespace AspNet.Security.OAuth.ServiceChannel
+{
+    public static class ServiceChannelAuthenticationDefaults
+    {
+        /// <summary>
+        /// Default value for <see cref="AuthenticationScheme.Name"/>.
+        /// </summary>
+        public const string AuthenticationScheme = "ServiceChannel";
+
+        /// <summary>
+        /// Default value for <see cref="AuthenticationScheme.DisplayName"/>.
+        /// </summary>
+        public static readonly string DisplayName = "ServiceChannel";
+
+        /// <summary>
+        /// Default value for <see cref="AuthenticationSchemeOptions.ClaimsIssuer"/>.
+        /// </summary>
+        public static readonly string Issuer = "ServiceChannel";
+
+        /// <summary>
+        /// Default value for <see cref="RemoteAuthenticationOptions.CallbackPath"/>.
+        /// </summary>
+        public static readonly string CallbackPath = "/signin-servicechannel";
+
+        /// <summary>
+        /// Default value for <see cref="OAuthOptions.AuthorizationEndpoint"/>.
+        /// </summary>
+        public static readonly string AuthorizationEndpoint = "https://login.servicechannel.com/oauth/authorize";
+
+        /// <summary>
+        /// Default value for <see cref="OAuthOptions.TokenEndpoint"/>.
+        /// </summary>
+        public static readonly string TokenEndpoint = "https://login.servicechannel.com/oauth/token";
+
+        /// <summary>
+        /// Default value for <see cref="OAuthOptions.UserInformationEndpoint"/>.
+        /// </summary>
+        public static readonly string UserInformationEndpoint = "https://api.servicechannel.com/v3/users/current/profile";
+    }
+}

src/AspNet.Security.OAuth.ServiceChannel/ServiceChannelAuthenticationExtensions.cs

@@ -0,0 +1,78 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+using System;
+using AspNet.Security.OAuth.ServiceChannel;
+using JetBrains.Annotations;
+using Microsoft.AspNetCore.Authentication;
+
+namespace Microsoft.Extensions.DependencyInjection
+{
+    /// <summary>
+    /// Extension methods to add ServiceChannel authentication capabilities to an HTTP application pipeline.
+    /// </summary>
+    public static class ServiceChannelAuthenticationExtensions
+    {
+        /// <summary>
+        /// Adds <see cref="ServiceChannelAuthenticationHandler"/> to the specified
+        /// <see cref="AuthenticationBuilder"/>, which enables ServiceChannel authentication capabilities.
+        /// </summary>
+        /// <param name="builder">The authentication builder.</param>
+        /// <returns>The <see cref="AuthenticationBuilder"/>.</returns>
+        public static AuthenticationBuilder AddServiceChannel([NotNull] this AuthenticationBuilder builder)
+        {
+            return builder.AddServiceChannel(ServiceChannelAuthenticationDefaults.AuthenticationScheme, options => { });
+        }
+
+        /// <summary>
+        /// Adds <see cref="ServiceChannelAuthenticationHandler"/> to the specified
+        /// <see cref="AuthenticationBuilder"/>, which enables ServiceChannel authentication capabilities.
+        /// </summary>
+        /// <param name="builder">The authentication builder.</param>
+        /// <param name="configuration">The delegate used to configure the OpenID 2.0 options.</param>
+        /// <returns>The <see cref="AuthenticationBuilder"/>.</returns>
+        public static AuthenticationBuilder AddServiceChannel(
+            [NotNull] this AuthenticationBuilder builder,
+            [NotNull] Action<ServiceChannelAuthenticationOptions> configuration)
+        {
+            return builder.AddServiceChannel(ServiceChannelAuthenticationDefaults.AuthenticationScheme, configuration);
+        }
+
+        /// <summary>
+        /// Adds <see cref="ServiceChannelAuthenticationHandler"/> to the specified
+        /// <see cref="AuthenticationBuilder"/>, which enables ServiceChannel authentication capabilities.
+        /// </summary>
+        /// <param name="builder">The authentication builder.</param>
+        /// <param name="scheme">The authentication scheme associated with this instance.</param>
+        /// <param name="configuration">The delegate used to configure the ServiceChannel options.</param>
+        /// <returns>The <see cref="AuthenticationBuilder"/>.</returns>
+        public static AuthenticationBuilder AddServiceChannel(
+            [NotNull] this AuthenticationBuilder builder,
+            [NotNull] string scheme,
+            [NotNull] Action<ServiceChannelAuthenticationOptions> configuration)
+        {
+            return builder.AddServiceChannel(scheme, ServiceChannelAuthenticationDefaults.DisplayName, configuration);
+        }
+
+        /// <summary>
+        /// Adds <see cref="ServiceChannelAuthenticationHandler"/> to the specified
+        /// <see cref="AuthenticationBuilder"/>, which enables ServiceChannel authentication capabilities.
+        /// </summary>
+        /// <param name="builder">The authentication builder.</param>
+        /// <param name="scheme">The authentication scheme associated with this instance.</param>
+        /// <param name="caption">The optional display name associated with this instance.</param>
+        /// <param name="configuration">The delegate used to configure the ServiceChannel options.</param>
+        /// <returns>The <see cref="AuthenticationBuilder"/>.</returns>
+        public static AuthenticationBuilder AddServiceChannel(
+            [NotNull] this AuthenticationBuilder builder,
+            [NotNull] string scheme,
+            [CanBeNull] string caption,
+            [NotNull] Action<ServiceChannelAuthenticationOptions> configuration)
+        {
+            return builder.AddOAuth<ServiceChannelAuthenticationOptions, ServiceChannelAuthenticationHandler>(scheme, caption, configuration);
+        }
+    }
+}

src/AspNet.Security.OAuth.ServiceChannel/ServiceChannelAuthenticationHandler.cs

@@ -0,0 +1,64 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+using System.Net.Http;
+using System.Net.Http.Headers;
+using System.Security.Claims;
+using System.Text.Encodings.Web;
+using System.Text.Json;
+using System.Threading.Tasks;
+using JetBrains.Annotations;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.OAuth;
+using Microsoft.AspNetCore.WebUtilities;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+
+namespace AspNet.Security.OAuth.ServiceChannel
+{
+    public class ServiceChannelAuthenticationHandler : OAuthHandler<ServiceChannelAuthenticationOptions>
+    {
+        public ServiceChannelAuthenticationHandler(
+            [NotNull] IOptionsMonitor<ServiceChannelAuthenticationOptions> options,
+            [NotNull] ILoggerFactory logger,
+            [NotNull] UrlEncoder encoder,
+            [NotNull] ISystemClock clock)
+            : base(options, logger, encoder, clock)
+        {
+        }
+
+        protected override async Task<AuthenticationTicket> CreateTicketAsync(
+            [NotNull] ClaimsIdentity identity,
+            [NotNull] AuthenticationProperties properties,
+            [NotNull] OAuthTokenResponse tokens)
+        {
+            using var request = new HttpRequestMessage(HttpMethod.Get, Options.UserInformationEndpoint);
+            request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
+            request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", tokens.AccessToken);
+
+            using var response = await Backchannel.SendAsync(request, HttpCompletionOption.ResponseHeadersRead, Context.RequestAborted);
+            if (!response.IsSuccessStatusCode)
+            {
+                Logger.LogError("An error occurred while retrieving the user profile: the remote server " +
+                                "returned a {Status} response with the following payload: {Headers} {Body}.",
+                                /* Status: */ response.StatusCode,
+                                /* Headers: */ response.Headers.ToString(),
+                                /* Body: */ await response.Content.ReadAsStringAsync(Context.RequestAborted));
+
+                throw new HttpRequestException("An error occurred while retrieving the user profile.");
+            }
+
+            using var payload = JsonDocument.Parse(await response.Content.ReadAsStringAsync(Context.RequestAborted));
+
+            var principal = new ClaimsPrincipal(identity);
+            var context = new OAuthCreatingTicketContext(principal, properties, Context, Scheme, Options, Backchannel, tokens, payload.RootElement);
+            context.RunClaimActions();
+
+            await Events.CreatingTicket(context);
+            return new AuthenticationTicket(context.Principal!, context.Properties, Scheme.Name);
+        }
+    }
+}

src/AspNet.Security.OAuth.ServiceChannel/ServiceChannelAuthenticationOptions.cs

@@ -0,0 +1,35 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+using System.Security.Claims;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.OAuth;
+using static AspNet.Security.OAuth.ServiceChannel.ServiceChannelAuthenticationConstants;
+
+namespace AspNet.Security.OAuth.ServiceChannel
+{
+    /// <summary>
+    /// Defines a set of options used by <see cref="ServiceChannelAuthenticationHandler"/>.
+    /// </summary>
+    public class ServiceChannelAuthenticationOptions : OAuthOptions
+    {
+        public ServiceChannelAuthenticationOptions()
+        {
+            ClaimsIssuer = ServiceChannelAuthenticationDefaults.Issuer;
+            CallbackPath = ServiceChannelAuthenticationDefaults.CallbackPath;
+
+            AuthorizationEndpoint = ServiceChannelAuthenticationDefaults.AuthorizationEndpoint;
+            TokenEndpoint = ServiceChannelAuthenticationDefaults.TokenEndpoint;
+            UserInformationEndpoint = ServiceChannelAuthenticationDefaults.UserInformationEndpoint;
+
+            ClaimActions.MapJsonSubKey(ClaimTypes.NameIdentifier, "UserProfile", "UserId");
+            ClaimActions.MapJsonSubKey(ClaimTypes.Name, "UserProfile", "UserName");
+            ClaimActions.MapJsonSubKey(ClaimTypes.Email, "UserProfile", "Email");
+            ClaimActions.MapJsonSubKey(Claims.ProviderId, "UserProfile", "ProviderId");
+            ClaimActions.MapJsonSubKey(Claims.ProviderName, "UserProfile", "ProviderName");
+        }
+    }
+}

test/AspNet.Security.OAuth.Providers.Tests/ServiceChannel/ServiceChannelTests.cs

@@ -0,0 +1,53 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+using System.Security.Claims;
+using System.Threading.Tasks;
+using AspNet.Security.OAuth.ServiceChannel;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.Extensions.DependencyInjection;
+using Xunit;
+using Xunit.Abstractions;
+using static AspNet.Security.OAuth.ServiceChannel.ServiceChannelAuthenticationConstants;
+
+namespace AspNet.Security.OAuth.ServiceChannel
+{
+    public class ServiceChannelTests : OAuthTests<ServiceChannelAuthenticationOptions>
+    {
+        public ServiceChannelTests(ITestOutputHelper outputHelper)
+        {
+            OutputHelper = outputHelper;
+        }
+
+        public override string DefaultScheme => ServiceChannelAuthenticationDefaults.AuthenticationScheme;
+
+        protected internal override void RegisterAuthentication(AuthenticationBuilder builder)
+        {
+            builder.AddServiceChannel(options =>
+            {
+                ConfigureDefaults(builder, options);
+            });
+        }
+
+        [Theory]
+        [InlineData(ClaimTypes.NameIdentifier, "4034383")]
+        [InlineData(ClaimTypes.Name, "[email protected]")]
+        [InlineData(ClaimTypes.Email, "[email protected]")]
+        [InlineData(Claims.ProviderId, "2000156703")]
+        [InlineData(Claims.ProviderName, "uicccf")]
+        public async Task Can_Sign_In_Using_ServiceChannel(string claimType, string claimValue)
+        {
+            // Arrange
+            using var server = CreateTestServer();
+
+            // Act
+            var claims = await AuthenticateUserAsync(server);
+
+            // Assert
+            AssertClaim(claims, claimType, claimValue);
+        }
+    }
+}