Add Kroger provider (#710)

* Add Kroger provider

* Fix sub key mapping

* Make some scopes optional

Author: lukemoore495

AspNet.Security.OAuth.Providers.sln

@@ -285,6 +285,8 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "AspNet.Security.OAuth.Snapc
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "AspNet.Security.OAuth.Feishu", "src\AspNet.Security.OAuth.Feishu\AspNet.Security.OAuth.Feishu.csproj", "{B8F9B052-84BF-436C-B22B-CEBD5EB1F8E3}"
 EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "AspNet.Security.OAuth.Kroger", "src\AspNet.Security.OAuth.Kroger\AspNet.Security.OAuth.Kroger.csproj", "{8C7A98A6-5F61-492B-980D-0A9F5F9F5C73}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -651,6 +653,10 @@ Global
 		{B8F9B052-84BF-436C-B22B-CEBD5EB1F8E3}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{B8F9B052-84BF-436C-B22B-CEBD5EB1F8E3}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{B8F9B052-84BF-436C-B22B-CEBD5EB1F8E3}.Release|Any CPU.Build.0 = Release|Any CPU
+		{8C7A98A6-5F61-492B-980D-0A9F5F9F5C73}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{8C7A98A6-5F61-492B-980D-0A9F5F9F5C73}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{8C7A98A6-5F61-492B-980D-0A9F5F9F5C73}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{8C7A98A6-5F61-492B-980D-0A9F5F9F5C73}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -752,6 +758,7 @@ Global
 		{23E576EB-6514-4617-8F04-FE7D5540136D} = {C1352FD3-AE8B-43EE-B45B-F6E0B3FBAC6D}
 		{ECD22287-9B9F-489A-84A7-E66D65A39D73} = {C1352FD3-AE8B-43EE-B45B-F6E0B3FBAC6D}
 		{B8F9B052-84BF-436C-B22B-CEBD5EB1F8E3} = {C1352FD3-AE8B-43EE-B45B-F6E0B3FBAC6D}
+		{8C7A98A6-5F61-492B-980D-0A9F5F9F5C73} = {C1352FD3-AE8B-43EE-B45B-F6E0B3FBAC6D}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {C7B54DE2-6407-4802-AD9C-CE54BF414C8C}

README.md

@@ -157,6 +157,7 @@ If a provider you're looking for does not exist, consider making a PR to add one
 | KakaoTalk | [![NuGet](https://buildstats.info/nuget/AspNet.Security.OAuth.KakaoTalk?includePreReleases=false)](https://www.nuget.org/packages/AspNet.Security.OAuth.KakaoTalk/ "Download AspNet.Security.OAuth.KakaoTalk from NuGet.org") | [![MyGet](https://buildstats.info/myget/aspnet-contrib/AspNet.Security.OAuth.KakaoTalk?includePreReleases=true)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.KakaoTalk "Download AspNet.Security.OAuth.KakaoTalk from MyGet.org") | [Documentation](https://developers.kakao.com/docs/latest/en/kakaologin/common "KakaoTalk developer documentation") |
 | Keycloak | [![NuGet](https://buildstats.info/nuget/AspNet.Security.OAuth.Keycloak?includePreReleases=false)](https://www.nuget.org/packages/AspNet.Security.OAuth.Keycloak/ "Download AspNet.Security.OAuth.Keycloak from NuGet.org") | [![MyGet](https://buildstats.info/myget/aspnet-contrib/AspNet.Security.OAuth.Keycloak?includePreReleases=true)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.Keycloak "Download AspNet.Security.OAuth.Keycloak from MyGet.org") | [Documentation](https://www.keycloak.org/docs/latest/authorization_services/#_service_overview "Keycloak developer documentation") |
 | Kloudless | [![NuGet](https://buildstats.info/nuget/AspNet.Security.OAuth.Kloudless?includePreReleases=false)](https://www.nuget.org/packages/AspNet.Security.OAuth.Kloudless/ "Download AspNet.Security.OAuth.Kloudless from NuGet.org") | [![MyGet](https://buildstats.info/myget/aspnet-contrib/AspNet.Security.OAuth.Kloudless?includePreReleases=true)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.Kloudless "Download AspNet.Security.OAuth.Kloudless from MyGet.org") | [Documentation](https://developers.kloudless.com/docs/v1/authentication "Kloudless developer documentation") |
+| Kroger | [![NuGet](https://buildstats.info/nuget/AspNet.Security.OAuth.Kroger?includePreReleases=false)](https://www.nuget.org/packages/AspNet.Security.OAuth.Kroger/ "Download AspNet.Security.OAuth.Kroger from NuGet.org") | [![MyGet](https://buildstats.info/myget/aspnet-contrib/AspNet.Security.OAuth.Kroger?includePreReleases=true)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.Kroger "Download AspNet.Security.OAuth.Kroger from MyGet.org") | [Documentation](https://developer.kroger.com/reference/#section/Authentication "Kroger developer documentation") |
 | Lichess | [![NuGet](https://buildstats.info/nuget/AspNet.Security.OAuth.Lichess?includePreReleases=false)](https://www.nuget.org/packages/AspNet.Security.OAuth.Lichess/ "Download AspNet.Security.OAuth.Lichess from NuGet.org") | [![MyGet](https://buildstats.info/myget/aspnet-contrib/AspNet.Security.OAuth.Lichess?includePreReleases=true)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.Lichess "Download AspNet.Security.OAuth.Lichess from MyGet.org") | [Documentation](https://lichess.org/api#section/Authentication "Lichess developer documentation") |
 | Line | [![NuGet](https://buildstats.info/nuget/AspNet.Security.OAuth.Line?includePreReleases=false)](https://www.nuget.org/packages/AspNet.Security.OAuth.Line/ "Download AspNet.Security.OAuth.Line from NuGet.org") | [![MyGet](https://buildstats.info/myget/aspnet-contrib/AspNet.Security.OAuth.Line?includePreReleases=true)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.Line "Download AspNet.Security.OAuth.Line from MyGet.org") | [Documentation](https://developers.line.biz/en/docs/line-login/integrate-line-login "Line developer documentation") |
 | LinkedIn | [![NuGet](https://buildstats.info/nuget/AspNet.Security.OAuth.LinkedIn?includePreReleases=false)](https://www.nuget.org/packages/AspNet.Security.OAuth.LinkedIn/ "Download AspNet.Security.OAuth.LinkedIn from NuGet.org") | [![MyGet](https://buildstats.info/myget/aspnet-contrib/AspNet.Security.OAuth.LinkedIn?includePreReleases=true)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.LinkedIn "Download AspNet.Security.OAuth.LinkedIn from MyGet.org") | [Documentation](https://docs.microsoft.com/en-us/linkedin/shared/authentication/authentication "LinkedIn developer documentation") |

docs/kroger.md

@@ -0,0 +1,25 @@
+# Integrating the Kroger Provider
+
+## Example
+
+```csharp
+services.AddAuthentication(options => /* Auth configuration */)
+        .AddKroger(options =>
+        {
+            options.ClientId = "my-client-id";
+            options.ClientSecret = "my-client-secret";
+
+            // Optionally request other permissions
+            // See https://developer.kroger.com/reference/#section/Authentication for details.
+            options.Scope.Add("product.compact");
+            options.Scope.Add("cart.basic:write");         
+        });
+```
+
+## Required Additional Settings
+
+_None._
+
+## Optional Settings
+
+_None._

src/AspNet.Security.OAuth.Kroger/AspNet.Security.OAuth.Kroger.csproj

@@ -0,0 +1,20 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <DisablePackageBaselineValidation>true</DisablePackageBaselineValidation>
+    <PackageValidationBaselineVersion>6.0.9</PackageValidationBaselineVersion>
+    <TargetFrameworks>$(DefaultNetCoreTargetFramework)</TargetFrameworks>
+  </PropertyGroup>
+  
+  <PropertyGroup>
+    <Description>ASP.NET Core security middleware enabling Kroger authentication.</Description>
+    <Authors>Luke Moore</Authors>
+    <PackageTags>aspnetcore;authentication;kroger;oauth;security</PackageTags>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <FrameworkReference Include="Microsoft.AspNetCore.App" />
+    <PackageReference Include="JetBrains.Annotations" PrivateAssets="All" />
+  </ItemGroup>
+
+</Project>

src/AspNet.Security.OAuth.Kroger/KrogerAuthenticationDefaults.cs

@@ -0,0 +1,48 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+namespace AspNet.Security.OAuth.Kroger;
+
+/// <summary>
+/// Default values used by the Kroger authentication middleware.
+/// </summary>
+public static class KrogerAuthenticationDefaults
+{
+    /// <summary>
+    /// Default value for <see cref="AuthenticationScheme.Name"/>.
+    /// </summary>
+    public const string AuthenticationScheme = "Kroger";
+
+    /// <summary>
+    /// Default value for <see cref="AuthenticationScheme.DisplayName"/>.
+    /// </summary>
+    public static readonly string DisplayName = "Kroger";
+
+    /// <summary>
+    /// Default value for <see cref="AuthenticationSchemeOptions.ClaimsIssuer"/>.
+    /// </summary>
+    public static readonly string Issuer = "Kroger";
+
+    /// <summary>
+    /// Default value for <see cref="RemoteAuthenticationOptions.CallbackPath"/>.
+    /// </summary>
+    public static readonly string CallbackPath = "/signin-kroger";
+
+    /// <summary>
+    /// Default value for <see cref="OAuthOptions.AuthorizationEndpoint"/>.
+    /// </summary>
+    public static readonly string AuthorizationEndpoint = "https://api.kroger.com/v1/connect/oauth2/authorize";
+
+    /// <summary>
+    /// Default value for <see cref="OAuthOptions.TokenEndpoint"/>.
+    /// </summary>
+    public static readonly string TokenEndpoint = "https://api.kroger.com/v1/connect/oauth2/token";
+
+    /// <summary>
+    /// Default value for <see cref="OAuthOptions.UserInformationEndpoint"/>.
+    /// </summary>
+    public static readonly string UserInformationEndpoint = "https://api.kroger.com/v1/identity/profile";
+}

src/AspNet.Security.OAuth.Kroger/KrogerAuthenticationExtensions.cs

@@ -0,0 +1,74 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+using AspNet.Security.OAuth.Kroger;
+
+namespace Microsoft.Extensions.DependencyInjection;
+
+/// <summary>
+/// Extension methods to add Kroger authentication capabilities to an HTTP application pipeline.
+/// </summary>
+public static class KrogerAuthenticationExtensions
+{
+    /// <summary>
+    /// Adds <see cref="KrogerAuthenticationHandler"/> to the specified
+    /// <see cref="AuthenticationBuilder"/>, which enables Kroger authentication capabilities.
+    /// </summary>
+    /// <param name="builder">The authentication builder.</param>
+    /// <returns>The <see cref="AuthenticationBuilder"/>.</returns>
+    public static AuthenticationBuilder AddKroger([NotNull] this AuthenticationBuilder builder)
+    {
+        return builder.AddKroger(KrogerAuthenticationDefaults.AuthenticationScheme, options => { });
+    }
+
+    /// <summary>
+    /// Adds <see cref="KrogerAuthenticationHandler"/> to the specified
+    /// <see cref="AuthenticationBuilder"/>, which enables Kroger authentication capabilities.
+    /// </summary>
+    /// <param name="builder">The authentication builder.</param>
+    /// <param name="configuration">The delegate used to configure the Kroger options.</param>
+    /// <returns>The <see cref="AuthenticationBuilder"/>.</returns>
+    public static AuthenticationBuilder AddKroger(
+        [NotNull] this AuthenticationBuilder builder,
+        [NotNull] Action<KrogerAuthenticationOptions> configuration)
+    {
+        return builder.AddKroger(KrogerAuthenticationDefaults.AuthenticationScheme, configuration);
+    }
+
+    /// <summary>
+    /// Adds <see cref="KrogerAuthenticationHandler"/> to the specified
+    /// <see cref="AuthenticationBuilder"/>, which enables Kroger authentication capabilities.
+    /// </summary>
+    /// <param name="builder">The authentication builder.</param>
+    /// <param name="scheme">The authentication scheme associated with this instance.</param>
+    /// <param name="configuration">The delegate used to configure the Kroger options.</param>
+    /// <returns>The <see cref="AuthenticationBuilder"/>.</returns>
+    public static AuthenticationBuilder AddKroger(
+        [NotNull] this AuthenticationBuilder builder,
+        [NotNull] string scheme,
+        [NotNull] Action<KrogerAuthenticationOptions> configuration)
+    {
+        return builder.AddKroger(scheme, KrogerAuthenticationDefaults.DisplayName, configuration);
+    }
+
+    /// <summary>
+    /// Adds <see cref="KrogerAuthenticationHandler"/> to the specified
+    /// <see cref="AuthenticationBuilder"/>, which enables Kroger authentication capabilities.
+    /// </summary>
+    /// <param name="builder">The authentication builder.</param>
+    /// <param name="scheme">The authentication scheme associated with this instance.</param>
+    /// <param name="caption">The optional display name associated with this instance.</param>
+    /// <param name="configuration">The delegate used to configure the Kroger options.</param>
+    /// <returns>The <see cref="AuthenticationBuilder"/>.</returns>
+    public static AuthenticationBuilder AddKroger(
+        [NotNull] this AuthenticationBuilder builder,
+        [NotNull] string scheme,
+        [CanBeNull] string caption,
+        [NotNull] Action<KrogerAuthenticationOptions> configuration)
+    {
+        return builder.AddOAuth<KrogerAuthenticationOptions, KrogerAuthenticationHandler>(scheme, caption, configuration);
+    }
+}

src/AspNet.Security.OAuth.Kroger/KrogerAuthenticationHandler.cs

@@ -0,0 +1,82 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+using System.Net.Http.Headers;
+using System.Security.Claims;
+using System.Text.Encodings.Web;
+using System.Text.Json;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+
+namespace AspNet.Security.OAuth.Kroger;
+
+/// <summary>
+/// Defines a handler for authentication using Kroger.
+/// </summary>
+public partial class KrogerAuthenticationHandler : OAuthHandler<KrogerAuthenticationOptions>
+{
+    /// <summary>
+    /// Initializes a new instance of the <see cref="KrogerAuthenticationHandler"/> class.
+    /// </summary>
+    /// <param name="options">The authentication options.</param>
+    /// <param name="logger">The logger to use.</param>
+    /// <param name="encoder">The URL encoder to use.</param>
+    /// <param name="clock">The system clock to use.</param>
+    public KrogerAuthenticationHandler(
+        IOptionsMonitor<KrogerAuthenticationOptions> options,
+        ILoggerFactory logger,
+        UrlEncoder encoder,
+        ISystemClock clock)
+        : base(options, logger, encoder, clock)
+    {
+    }
+
+    /// <inheritdoc />
+    protected override async Task<AuthenticationTicket> CreateTicketAsync(
+        [NotNull] ClaimsIdentity identity,
+        [NotNull] AuthenticationProperties properties,
+        [NotNull] OAuthTokenResponse tokens)
+    {
+        using var request = new HttpRequestMessage(HttpMethod.Get, Options.UserInformationEndpoint);
+        request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
+        request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", tokens.AccessToken);
+
+        using var response = await Backchannel.SendAsync(request, HttpCompletionOption.ResponseHeadersRead, Context.RequestAborted);
+        if (!response.IsSuccessStatusCode)
+        {
+            await Log.UserProfileErrorAsync(Logger, response, Context.RequestAborted);
+            throw new HttpRequestException("An error occurred while retrieving the user profile.");
+        }
+
+        using var payload = JsonDocument.Parse(await response.Content.ReadAsStringAsync(Context.RequestAborted));
+
+        var principal = new ClaimsPrincipal(identity);
+        var context = new OAuthCreatingTicketContext(principal, properties, Context, Scheme, Options, Backchannel, tokens, payload.RootElement);
+        context.RunClaimActions();
+
+        await Events.CreatingTicket(context);
+        return new AuthenticationTicket(context.Principal!, context.Properties, Scheme.Name);
+    }
+
+    private static partial class Log
+    {
+        internal static async Task UserProfileErrorAsync(ILogger logger, HttpResponseMessage response, CancellationToken cancellationToken)
+        {
+            UserProfileError(
+                logger,
+                response.StatusCode,
+                response.Headers.ToString(),
+                await response.Content.ReadAsStringAsync(cancellationToken));
+        }
+
+        [LoggerMessage(1, LogLevel.Error, "An error occurred while retrieving the user profile: the remote server returned a {Status} response with the following payload: {Headers} {Body}.")]
+        private static partial void UserProfileError(
+            ILogger logger,
+            System.Net.HttpStatusCode status,
+            string headers,
+            string body);
+    }
+}

src/AspNet.Security.OAuth.Kroger/KrogerAuthenticationOptions.cs

@@ -0,0 +1,30 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+using System.Security.Claims;
+
+namespace AspNet.Security.OAuth.Kroger;
+
+/// <summary>
+/// Defines a set of options used by <see cref="KrogerAuthenticationHandler"/>.
+/// </summary>
+public class KrogerAuthenticationOptions : OAuthOptions
+{
+    public KrogerAuthenticationOptions()
+    {
+        ClaimsIssuer = KrogerAuthenticationDefaults.Issuer;
+
+        CallbackPath = KrogerAuthenticationDefaults.CallbackPath;
+
+        AuthorizationEndpoint = KrogerAuthenticationDefaults.AuthorizationEndpoint;
+        TokenEndpoint = KrogerAuthenticationDefaults.TokenEndpoint;
+        UserInformationEndpoint = KrogerAuthenticationDefaults.UserInformationEndpoint;
+
+        Scope.Add("profile.compact");
+
+        ClaimActions.MapJsonSubKey(ClaimTypes.NameIdentifier, "data", "id");
+    }
+}

test/AspNet.Security.OAuth.Providers.Tests/Kroger/KrogerTests.cs

@@ -0,0 +1,36 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+namespace AspNet.Security.OAuth.Kroger;
+
+public class KrogerTests : OAuthTests<KrogerAuthenticationOptions>
+{
+    public KrogerTests(ITestOutputHelper outputHelper)
+    {
+        OutputHelper = outputHelper;
+    }
+
+    public override string DefaultScheme => KrogerAuthenticationDefaults.AuthenticationScheme;
+
+    protected internal override void RegisterAuthentication(AuthenticationBuilder builder)
+    {
+        builder.AddKroger(options => ConfigureDefaults(builder, options));
+    }
+
+    [Theory]
+    [InlineData(ClaimTypes.NameIdentifier, "53990804-cfd1-43f3-8256-bdc9817a4fd0")]
+    public async Task Can_Sign_In_Using_Kroger(string claimType, string claimValue)
+    {
+        // Arrange
+        using var server = CreateTestServer();
+
+        // Act
+        var claims = await AuthenticateUserAsync(server);
+
+        // Assert
+        AssertClaim(claims, claimType, claimValue);
+    }
+}

test/AspNet.Security.OAuth.Providers.Tests/Kroger/bundle.json

@@ -0,0 +1,37 @@
+{
+  "$schema": "https://raw.githubusercontent.com/justeat/httpclient-interception/master/src/HttpClientInterception/Bundles/http-request-bundle-schema.json",
+  "items": [
+    {
+      "comment": "https://developer.kroger.com/reference#operation/accessToken",
+      "uri": "https://api.kroger.com/v1/connect/oauth2/token",
+      "method": "POST",
+      "contentFormat": "json",
+      "contentJson": {
+        "access_token": "secret-access-token",
+        "token_type": "bearer",
+        "expires_in": "1800"
+      }
+    },
+    {
+      "comment": "https://developer.kroger.com/reference#tag/Identity",
+      "uri": "https://api.kroger.com/v1/identity/profile",
+      "contentFormat": "json",
+      "contentJson": {
+        "data": {
+          "id": "53990804-cfd1-43f3-8256-bdc9817a4fd0"
+        },
+        "meta": {
+          "pagination": {
+            "total": 0,
+            "start": 0,
+            "limit": 0
+          },
+          "warnings": [
+            "string"
+          ]
+        }
+      }
+    }
+  ]
+}
+