Add disable access token cache config

runegulbrandsen · runegulbrandsen · commit e4b41f1add3d · 2024-06-04T11:06:03.000+02:00
Added support for disabling access token cache configuration.
diff --git a/README.md b/README.md
@@ -75,13 +75,14 @@ Authentication using OAuth2.
 
 ##### Client credentials
 
-Using OAuth2 client credentials, all settings except `Scope` is required.
+Using OAuth2 client credentials, all settings except `DisableTokenCache` and `Scope` is required.
 
 ```
 "<section name>": {
   "AuthenticationProvider": "OAuth2",
   "OAuth2": {
     "AuthorizationEndpoint": "<OAuth2 token endpoint>",
+    "DisableTokenCache": false,
     "GrantType": "ClientCredentials",
     "Scope": "<Optional scopes separated by space>",
     "ClientCredentials": {
diff --git a/src/HttpClientAuthentication/Configuration/OAuth2Configuration.cs b/src/HttpClientAuthentication/Configuration/OAuth2Configuration.cs
@@ -24,6 +24,11 @@ public sealed class OAuth2Configuration
         /// </summary>
         public string? AuthorizationScheme { get; set; }
 
+        /// <summary>
+        ///     Gets or sets if the access token should be cached or not.
+        /// </summary>
+        public bool DisableTokenCache { get; set; }
+
         /// <summary>
         ///     Gets or sets the type of grant flow to be used.
         /// </summary>
diff --git a/src/HttpClientAuthentication/Helpers/OAuth2Provider.cs b/src/HttpClientAuthentication/Helpers/OAuth2Provider.cs
@@ -79,7 +79,12 @@ public OAuth2Provider(IHttpClientFactory clientFactory, ILogger<OAuth2Provider>
                 return null;
             }
 
-            if (token.ExpiresIn > 0)
+            if (configuration.DisableTokenCache)
+            {
+                _logger.LogInformation("Token retrieved from {AuthorizationEndpoint} with client id {ClientId}, but the token cache is disabled.",
+                                       configuration.AuthorizationEndpoint, configuration.ClientCredentials!.ClientId);
+            }
+            else if (token.ExpiresIn > 0)
             {
                 double cacheExpiresIn = (int)token.ExpiresIn * 0.95;
                 _memoryCache.Set(cacheKey, token, TimeSpan.FromSeconds(cacheExpiresIn));
diff --git a/test/HttpClientAuthentication.Test/Helpers/OAuth2ProviderTests/GetClientCredentialsAccessTokenAsyncTests.cs b/test/HttpClientAuthentication.Test/Helpers/OAuth2ProviderTests/GetClientCredentialsAccessTokenAsyncTests.cs
@@ -246,6 +246,51 @@ public async Task TestNoCachingOfAccessTokenResponseWithMissingExpiresIn()
                                                        "https://somehost/", "client_id"), Times.Once);
         }
 
+        [Fact]
+        public async Task TestNoCachingOfAccessTokenResponseWhenCacheIsDiabled()
+        {
+            IServiceProvider services = BuildServices();
+
+            AccessTokenResponse expected = new()
+            {
+                AccessToken = "ACCESS_TOKEN",
+                TokenType = "TOKEN_TYPE",
+                ExpiresIn = null
+            };
+
+            Mock<HttpClient> httpClientMock = services.GetRequiredService<Mock<HttpClient>>();
+
+            httpClientMock.Setup(httpClient => httpClient.SendAsync(It.IsAny<HttpRequestMessage>(), It.IsAny<CancellationToken>()))
+                          .ReturnsAsync(new HttpResponseMessage(HttpStatusCode.OK)
+                          {
+                              Content = JsonContent.Create(expected)
+                          });
+
+            OAuth2Configuration configuration = new()
+            {
+                GrantType = OAuth2GrantType.ClientCredentials,
+                AuthorizationEndpoint = new("https://somehost/"),
+                ClientCredentials = new()
+                {
+                    ClientId = "client_id",
+                    ClientSecret = "client_secret"
+                },
+                DisableTokenCache = true
+            };
+
+            OAuth2Provider provider = services.GetRequiredService<OAuth2Provider>();
+
+            await provider.GetClientCredentialsAccessTokenAsync(configuration, default).ConfigureAwait(false);
+
+            Mock<IMemoryCache> memoryCacheMock = services.GetRequiredService<Mock<IMemoryCache>>();
+            memoryCacheMock.Verify(memoryCache => memoryCache.CreateEntry("ClientCredentials#https://somehost/#client_id"), Times.Never);
+
+            Mock<ILogger<OAuth2Provider>> loggerMock = services.GetRequiredService<Mock<ILogger<OAuth2Provider>>>();
+
+            loggerMock.VerifyExt(l => l.LogInformation("Token retrieved from {AuthorizationEndpoint} with client id {ClientId}, but the token cache is disabled.",
+                                                       "https://somehost/", "client_id"), Times.Once);
+        }
+
         [Fact]
         public async Task TestUseFormBasedAuthentication()
         {

Original file line number	Diff line number	Diff line change
`@@ -79,7 +79,12 @@ public OAuth2Provider(IHttpClientFactory clientFactory, ILogger<OAuth2Provider>`
`79`	`79`	`return null;`
`80`	`80`	`}`
`81`	`81`
`82`		`- if (token.ExpiresIn > 0)`
	`82`	`+ if (configuration.DisableTokenCache)`
	`83`	`+ {`
	`84`	`+ _logger.LogInformation("Token retrieved from {AuthorizationEndpoint} with client id {ClientId}, but the token cache is disabled.",`
	`85`	`+ configuration.AuthorizationEndpoint, configuration.ClientCredentials!.ClientId);`
	`86`	`+ }`
	`87`	`+ else if (token.ExpiresIn > 0)`
`83`	`88`	`{`
`84`	`89`	`double cacheExpiresIn = (int)token.ExpiresIn * 0.95;`
`85`	`90`	`_memoryCache.Set(cacheKey, token, TimeSpan.FromSeconds(cacheExpiresIn));`