Minimal API `MapGet(...).Produces(` and `.Produces<T>(` not available?

[DevTKSS]

Description

Somehow I am not getting the Produces Methods on the OpenApi Endpoint for MapGet, but I dont know why 🤔 maybe someone can tell me, whats wrong?

if I would rely on Task<IResult> for my Method signature or even with that above shown signature, I am getting that unmentioned in the docs "Return value would be ignored":

which would be quite bad, because I would like to somehow show my user that we got him Signed In successfully 😅 but I would not want to have to use the Identity Platform things itself just to do that with minimal api, should not be required, isnt it?

tryed to add any known to me namespaces that could be missing, while I do also have global usings in place, but wanted to make sure that I do not miss one:

not even Copilot is able to tell me whats up with that strange return value getting thrown away thing...

As this is just code following along a sample I found for WinUI oAuth as server side, here is the used code for this:

using System.Net.Mime;
using System.Text;
using Microsoft.AspNetCore;
using Microsoft.AspNetCore.OpenApi;
using Microsoft.OpenApi.Models;
using Microsoft.AspNetCore.Authentication;

namespace DevTKSS.MyManufacturerERP.WebApi.Apis;

 public static RouteGroupBuilder MapAuthenticationEndpoints(this IEndpointRouteBuilder routes)
 {
     // Map the authentication endpoints
     var connectgroup = routes.MapGroup("/connect")     
                           .WithTags("Authentication");

     connectgroup.MapGet("/authorize",Authorize)
         .AllowAnonymous();


     return connectgroup;
 }

    private static async Task<Results<ContentHttpResult,BadRequest>> Authorize(HttpContext context)
    {
        var request = context.GetOpenIddictServerRequest();
        if (request is null)
            return TypedResults.BadRequest();

        var identity = new ClaimsIdentity(OpenIddictServerAspNetCoreDefaults.AuthenticationScheme, Claims.Name, Claims.Role);
        identity.AddClaim(Claims.Subject, "dummy_user_id");
        identity.AddClaim(Claims.Name, "Test User");

        var principal = new ClaimsPrincipal(identity);
        principal.SetScopes(Scopes.OpenId, Scopes.Profile, Scopes.Email);

        await context.SignInAsync(OpenIddictServerAspNetCoreDefaults.AuthenticationScheme, principal);

        context.Response.Clear();

        var template = await File.ReadAllTextAsync("page.html");
        var code = Uri.EscapeDataString(context.GetOpenIddictServerResponse()!.Code!);
        var state = Uri.EscapeDataString(context.GetOpenIddictServerResponse()!.State!);
        var redirect = new UriBuilder(request.RedirectUri!)
        {
            Query = $"code={code}&state={state}"
        }.Uri.ToString();


        var html = string.Format(template, redirect);

        context.Response.ContentType = "text/html; charset=utf-8";
        return TypedResults.Content(html,MediaTypeNames.Text.Html,Encoding.UTF8,StatusCodes.Status200OK);

    }
}

the used html template where the string.Format should do that replace:

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="utf-8" />
    <title>Authentication OK</title>
    <script>
      window.location.href = "{0}";
    </script>
    <style>
      body {{ font-family: sans-serif; text-align: center; margin-top: 50px; }}
    </style>
</head>
<body>
  <h1>Login completed!</h1>
  <p>If you do not see the app open automatically, click here:</p>
  <a href="{0}">Open the desktop app</a>
  <p>You can now close this window.</p>
</body>
</html>

this is my global usings content:

originally this was not having any return and directly in the Programm.cs 🤔
https://github.com/IlGalvo/WinUI3-OAuth2Manager-Sample/blob/a7a2cbc262665a99c07fcc51c9f42a4616f18eb2/Server/Server/Program.cs#L64-L91

I tryed to seperate it to own file and use the RouteGroupBuilder, but to build my response that would need the httpcontext I think. And reading the ms docs on the linked page below, we should prefer returning a BadRequest instead of throwing exceptions, but doing this in a non task seperated MapGet( like in that sample, this is giving me a red underline trying to make it return this.

Can anyone tell why I am not getting that Produces and advise how to set this up withouth this hell of added overhead the linked docs page does introduce us to do, just for showing the user this cute little html page?

Page URL

https://learn.microsoft.com/de-de/aspnet/core/fundamentals/minimal-apis/responses?view=aspnetcore-9.0

Content source URL

https://github.com/dotnet/AspNetCore.Docs/blob/main/aspnetcore/fundamentals/minimal-apis/responses.md

Document ID

f0e5da68-cd54-ce74-1ff3-ebd7d9fd09a4

Platform Id

03e8dae5-648b-cf4d-d50f-b00f0d8fc967

Article author

@brunolins16

Metadata

• ID: f0e5da68-cd54-ce74-1ff3-ebd7d9fd09a4
• PlatformId: 03e8dae5-648b-cf4d-d50f-b00f0d8fc967
• Service: aspnet-core
• Sub-service: fundamentals

Related Issues

[wadepickett]

@brolivei, could you take a look at this one to see what you think?

It sounds like we could clarify that when using TypedResults and Results<T1,T2> return types, the .Produces() methods are not needed (and in fact won't be available) because the metadata is already being automatically generated.

@DevTKSS,

The issue might be related to your return type signature: Task<Results<ContentHttpResult,BadRequest>>

Related to this in the content:
In responses.md, when you use TypedResults to return strongly typed result objects, the OpenAPI metadata is automatically provided without needing to call .Produces() methods.

The main advantage of using TypedResults (as mentioned in lines 69-70 of the documentation):
The implementation type automatically provides the response type metadata for OpenAPI to describe the endpoint.
This is further clarified in lines 76-78:

In order to document this endpoint correctly the extensions method Produces is called. However, it's not necessary to call Produces if TypedResults is used instead of Results.

[DevTKSS]

@wadepickett okay, but the green linting in the Authorize Method call are also there when I simply use the IResult for the return type 🤔 I would guess that a kind of dropped returned response might get critical at runtime, if a client application might wait for a response but does not get one?

[DevTKSS]

Additoinally, as you mention the open api evaluation of data, I dont know who does it, but while the minimal api at least gets listed in the Endpoint Explorer in vs2022, the very only thing that shows me are the "method" and the file its defined in, so no return type no nothing. at least it shows the verb 👀 but... who is in charge to improve that thing? only the vs developer feedback forum or any other place better?

[DevTKSS]

@wadepickett I dont know much about Responses so far, so just a newbe feedback to the section of the html extension you recommend in the linked file:

Is there maybe the option to add such api to there, so we could use that right from the src of the package of ms? so we would not need each user who might just want to do this, to copy or write all of this again (DRY ;) )
Its a lot of code for "just" having a html template option which has some replace parts which we want to present to the caller essentially. i am not even sure, if that
TypedResults.Content(html, MediaTypeNames.Text.Html, Encoding.UTF8,StatusCodes.Status200OK); would even do that targeted result. Could someone add a little information about what this exactly does and maybe what not (like if its not "showing" that page?) and then tell, how that should have to look. I know your Razor things might be the best for it, but for a simple "replace and show it" that would be simply more than required. :)

I were trying with minimal API and auth, but as soon as it comes to someone would like to use cookies thats missing information, incomplete and very confusing:

• [Clarification] How could we use Cookie Auth -> Client and oAuth2 -> external API ? #35814
• [CookieAuth] Guide flow is not complete and missing detail #35782
• [Cookies] Sudden code change in Guide, not marked in diff and not told about #35783
  but the minimal api docs are linking to those non maintained ones

also the RemoteAuthenticationHandler usage in the general auth docs here is not told about, which is in fact one of the reasons that I now trying to use the OpenIDConnect Package like above sample

[wadepickett]

Great feedback, thanks @DevTKSS. I asked the author @brolivei to take look to chime in.

[DevTKSS]

@wadepickett wanted to let you know about the strange and not for me solve able Authorize ASP green linting updated state. If you want to, I could open a seperate issue about this, but I would not know which Page I should use as metadata link for it 🤔

This is what Copilot came up with (Claude Sonnet 4) which had been not asked for doing something on that endpoint, but yea, I think thats a known constant bug of that AI, that it does things it is not asked for 👀
But maybe you could tell me, if that "solution" it suggests me for the "delegate" issue mentioned before and where you have the screenshot to in the initial post above, if this would be correct or if you maybe have any advise for better/correct alternative Mapping?

I Indeed never seen the docs direct cast to (Delegate)TaskName so I would assume, thats not correct...

Not sure if I should open an Issue in the Visual Studio Developer Community to that Copilot doing wrong minimal api logic or better said:

• not using TypedResults as requested (2x until I got the code below...!)

• Mixing Results with TypedResults (is that even correct or working?)
  

• Messes up Minimal Api really badly like you ask it for refactoring to Feature Folders, best practices, clean code etc and you will get wildly mixed horrible messed up solution as result...

Is this a known thing? Hopefully not...

[kevinchalet]

@DevTKSS not directly related to your issue but the sample you linked uses an unsafe approach to implement the authorization endpoint. I posted more information here, in case you'd be interested: IlGalvo/WinUI3-OAuth2Manager-Sample#3.