Implemented basis Token Endpoint fetching

Added retrieving of Token Endpoint if only the Issuer is provided to the builder

Author: Lyphion

projects/RabbitMQ.Client.OAuth2/OAuth2Client.cs

@@ -42,18 +42,30 @@ namespace RabbitMQ.Client.OAuth2
 {
     public class OAuth2ClientBuilder
     {
+        /// <summary>Discovery endpoint subpath for all OpenID Connect issuers.</summary>
+        const string DISCOVERY_ENDPOINT = ".well-known/openid-configuration";
+        
         private readonly string _clientId;
         private readonly string _clientSecret;
-        private readonly Uri _tokenEndpoint;
+        
+        // At least one of the following Uris is not null
+        private readonly Uri? _tokenEndpoint;
+        private readonly Uri? _issuer;
+        
         private string? _scope;
         private IDictionary<string, string>? _additionalRequestParameters;
         private HttpClientHandler? _httpClientHandler;
 
-        public OAuth2ClientBuilder(string clientId, string clientSecret, Uri tokenEndpoint)
+        public OAuth2ClientBuilder(string clientId, string clientSecret, Uri? tokenEndpoint = null, Uri? issuer = null)
         {
             _clientId = clientId ?? throw new ArgumentNullException(nameof(clientId));
             _clientSecret = clientSecret ?? throw new ArgumentNullException(nameof(clientSecret));
-            _tokenEndpoint = tokenEndpoint ?? throw new ArgumentNullException(nameof(tokenEndpoint));
+            
+            if (tokenEndpoint is null && issuer is null)
+                throw new ArgumentException("Either token endpoint or issuer is required");
+                
+            _tokenEndpoint = tokenEndpoint;
+            _issuer = issuer;
         }
 
         public OAuth2ClientBuilder SetScope(string scope)
@@ -70,30 +82,84 @@ public OAuth2ClientBuilder SetHttpClientHandler(HttpClientHandler handler)
 
         public OAuth2ClientBuilder AddRequestParameter(string param, string paramValue)
         {
-            if (param == null)
+            if (param is null)
             {
-                throw new ArgumentNullException("param is null");
+                throw new ArgumentNullException(nameof(param));
             }
 
-            if (paramValue == null)
+            if (paramValue is null)
             {
-                throw new ArgumentNullException("paramValue is null");
+                throw new ArgumentNullException(nameof(paramValue));
             }
 
-            if (_additionalRequestParameters == null)
-            {
-                _additionalRequestParameters = new Dictionary<string, string>();
-            }
+            _additionalRequestParameters ??= new Dictionary<string, string>();
             _additionalRequestParameters[param] = paramValue;
 
             return this;
         }
 
         public IOAuth2Client Build()
         {
+            if (_tokenEndpoint is null)
+            {
+                // Don't know how to better handle backwards compatibily
+                Uri tokenEndpoint = GetTokenEndpointFromIssuerAsync().GetAwaiter().GetResult();
+                return new OAuth2Client(_clientId, _clientSecret, tokenEndpoint, _scope, _additionalRequestParameters, _httpClientHandler);
+            }
+            
             return new OAuth2Client(_clientId, _clientSecret, _tokenEndpoint,
                 _scope, _additionalRequestParameters, _httpClientHandler);
         }
+
+        public async ValueTask<IOAuth2Client> BuildAsync(CancellationToken cancellationToken = default)
+        {
+            if (_tokenEndpoint is null)
+            {
+                Uri tokenEndpoint = await GetTokenEndpointFromIssuerAsync(cancellationToken).ConfigureAwait(false);
+                return new OAuth2Client(_clientId, _clientSecret, tokenEndpoint,
+                    _scope, _additionalRequestParameters, _httpClientHandler);
+            }
+            
+            return new OAuth2Client(_clientId, _clientSecret, _tokenEndpoint,
+                _scope, _additionalRequestParameters, _httpClientHandler);
+        }
+
+        private async Task<Uri> GetTokenEndpointFromIssuerAsync(CancellationToken cancellationToken = default)
+        {
+            if (_issuer is null)
+            {
+                throw new InvalidOperationException("The issuer is required");
+            }
+            
+            using HttpClient httpClient = _httpClientHandler is null
+                ? new HttpClient() 
+                : new HttpClient(_httpClientHandler, false);
+
+            httpClient.DefaultRequestHeaders.Accept.Clear();
+            httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
+            
+            // Build endpoint from Issuer and dicovery endpoint, we can't use the Uri overload because the Issuer Uri may not have a trailing '/'
+            string tempIssuer = _issuer.AbsoluteUri.EndsWith("/") ? _issuer.AbsoluteUri : _issuer.AbsoluteUri + "/";
+            Uri discoveryEndpoint = new Uri(tempIssuer + DISCOVERY_ENDPOINT);
+            
+            using HttpRequestMessage req = new HttpRequestMessage(HttpMethod.Get, discoveryEndpoint);
+            using HttpResponseMessage response = await httpClient.SendAsync(req, cancellationToken)
+                .ConfigureAwait(false);
+
+            response.EnsureSuccessStatusCode();
+
+            OpenIDConnectDiscovery? discovery = await response.Content.ReadFromJsonAsync<OpenIDConnectDiscovery>(cancellationToken: cancellationToken)
+                .ConfigureAwait(false);
+
+            if (discovery is null || string.IsNullOrEmpty(discovery.TokenEndpoint))
+            {
+                throw new InvalidOperationException("No token endpoint was found");
+            }
+            else
+            {
+                return new Uri(discovery.TokenEndpoint);
+            }
+        }
     }
 
     /**
@@ -119,7 +185,7 @@ internal class OAuth2Client : IOAuth2Client, IDisposable
 
         public static readonly IDictionary<string, string> EMPTY = new Dictionary<string, string>();
 
-        private HttpClient _httpClient;
+        private readonly HttpClient _httpClient;
 
         public OAuth2Client(string clientId, string clientSecret, Uri tokenEndpoint,
             string? scope,
@@ -150,12 +216,12 @@ public async Task<IToken> RequestTokenAsync(CancellationToken cancellationToken
             using HttpRequestMessage req = new HttpRequestMessage(HttpMethod.Post, _tokenEndpoint);
             req.Content = new FormUrlEncodedContent(BuildRequestParameters());
 
-            using HttpResponseMessage response = await _httpClient.SendAsync(req)
+            using HttpResponseMessage response = await _httpClient.SendAsync(req, cancellationToken)
                 .ConfigureAwait(false);
 
             response.EnsureSuccessStatusCode();
 
-            JsonToken? token = await response.Content.ReadFromJsonAsync<JsonToken>()
+            JsonToken? token = await response.Content.ReadFromJsonAsync<JsonToken>(cancellationToken: cancellationToken)
                 .ConfigureAwait(false);
 
             if (token is null)
@@ -172,22 +238,20 @@ public async Task<IToken> RequestTokenAsync(CancellationToken cancellationToken
         public async Task<IToken> RefreshTokenAsync(IToken token,
             CancellationToken cancellationToken = default)
         {
-            if (token.RefreshToken == null)
+            if (token.RefreshToken is null)
             {
                 throw new InvalidOperationException("Token has no Refresh Token");
             }
 
-            using HttpRequestMessage req = new HttpRequestMessage(HttpMethod.Post, _tokenEndpoint)
-            {
-                Content = new FormUrlEncodedContent(BuildRefreshParameters(token))
-            };
+            using HttpRequestMessage req = new HttpRequestMessage(HttpMethod.Post, _tokenEndpoint);
+            req.Content = new FormUrlEncodedContent(BuildRefreshParameters(token));
 
-            using HttpResponseMessage response = await _httpClient.SendAsync(req)
+            using HttpResponseMessage response = await _httpClient.SendAsync(req, cancellationToken)
                 .ConfigureAwait(false);
 
             response.EnsureSuccessStatusCode();
 
-            JsonToken? refreshedToken = await response.Content.ReadFromJsonAsync<JsonToken>()
+            JsonToken? refreshedToken = await response.Content.ReadFromJsonAsync<JsonToken>(cancellationToken: cancellationToken)
                 .ConfigureAwait(false);
 
             if (refreshedToken is null)
@@ -214,9 +278,9 @@ private Dictionary<string, string> BuildRequestParameters()
                 { CLIENT_SECRET, _clientSecret }
             };
 
-            if (_scope != null && _scope.Length > 0)
+            if (!string.IsNullOrEmpty(_scope))
             {
-                dict.Add(SCOPE, _scope);
+                dict.Add(SCOPE, _scope!);
             }
 
             dict.Add(GRANT_TYPE, GRANT_TYPE_CLIENT_CREDENTIALS);
@@ -284,4 +348,23 @@ public long ExpiresIn
             get; set;
         }
     }
+
+    internal class OpenIDConnectDiscovery
+    {
+        public OpenIDConnectDiscovery()
+        {
+            TokenEndpoint = string.Empty;
+        }
+
+        public OpenIDConnectDiscovery(string tokenEndpoint)
+        {
+            TokenEndpoint = tokenEndpoint;
+        }
+
+        [JsonPropertyName("token_endpoint")]
+        public string TokenEndpoint
+        {
+            get; set;
+        }
+    }
 }

projects/RabbitMQ.Client.OAuth2/PublicAPI.Shipped.txt

@@ -8,7 +8,7 @@ RabbitMQ.Client.OAuth2.IToken.RefreshToken.get -> string
 RabbitMQ.Client.OAuth2.OAuth2ClientBuilder
 RabbitMQ.Client.OAuth2.OAuth2ClientBuilder.AddRequestParameter(string param, string paramValue) -> RabbitMQ.Client.OAuth2.OAuth2ClientBuilder
 RabbitMQ.Client.OAuth2.OAuth2ClientBuilder.Build() -> RabbitMQ.Client.OAuth2.IOAuth2Client
-RabbitMQ.Client.OAuth2.OAuth2ClientBuilder.OAuth2ClientBuilder(string clientId, string clientSecret, System.Uri tokenEndpoint) -> void
+RabbitMQ.Client.OAuth2.OAuth2ClientBuilder.OAuth2ClientBuilder(string! clientId, string! clientSecret, System.Uri? tokenEndpoint = null, System.Uri? issuer = null) -> void
 RabbitMQ.Client.OAuth2.OAuth2ClientBuilder.SetScope(string scope) -> RabbitMQ.Client.OAuth2.OAuth2ClientBuilder
 RabbitMQ.Client.OAuth2.OAuth2ClientCredentialsProvider
 RabbitMQ.Client.OAuth2.OAuth2ClientCredentialsProvider.Name.get -> string

projects/RabbitMQ.Client.OAuth2/PublicAPI.Unshipped.txt

@@ -10,6 +10,7 @@ RabbitMQ.Client.OAuth2.CredentialsRefresherEventSource.Stopped(string! name) ->
 RabbitMQ.Client.OAuth2.IOAuth2Client.RefreshTokenAsync(RabbitMQ.Client.OAuth2.IToken! token, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) -> System.Threading.Tasks.Task<RabbitMQ.Client.OAuth2.IToken!>!
 RabbitMQ.Client.OAuth2.IOAuth2Client.RequestTokenAsync(System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) -> System.Threading.Tasks.Task<RabbitMQ.Client.OAuth2.IToken!>!
 RabbitMQ.Client.OAuth2.NotifyCredentialsRefreshedAsync
+RabbitMQ.Client.OAuth2.OAuth2ClientBuilder.BuildAsync(System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) -> System.Threading.Tasks.ValueTask<RabbitMQ.Client.OAuth2.IOAuth2Client!>
 RabbitMQ.Client.OAuth2.OAuth2ClientBuilder.SetHttpClientHandler(System.Net.Http.HttpClientHandler! handler) -> RabbitMQ.Client.OAuth2.OAuth2ClientBuilder!
 RabbitMQ.Client.OAuth2.OAuth2ClientCredentialsProvider.Dispose() -> void
 RabbitMQ.Client.OAuth2.OAuth2ClientCredentialsProvider.GetCredentialsAsync(System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) -> System.Threading.Tasks.Task<RabbitMQ.Client.Credentials!>!