Add BearerTokenEvents

halter73 · halter73 · commit f32a1b4ca151 · 2023-04-25T23:14:57.000-07:00
diff --git a/src/Identity/test/Identity.FunctionalTests/MapIdentityTests.cs b/src/Identity/test/Identity.FunctionalTests/MapIdentityTests.cs
@@ -157,12 +157,10 @@ public async Task CanReadBearerTokenFromQueryString()
             services.AddIdentityCore<ApplicationUser>().AddApiEndpoints().AddEntityFrameworkStores<ApplicationDbContext>();
             services.AddAuthentication(IdentityConstants.BearerScheme).AddBearerToken(IdentityConstants.BearerScheme, options =>
             {
-                options.ExtractBearerToken = context =>
+                options.Events.OnMessageReceived = context =>
                 {
-                    var bearerToken = context.Request.Query["access_token"];
-                    return StringValues.IsNullOrEmpty(bearerToken)
-                        ? default
-                        : new(bearerToken.ToString());
+                    context.Token = (string?)context.Request.Query["access_token"];
+                    return Task.CompletedTask;
                 };
             });
         });
diff --git a/src/Security/Authentication/BearerToken/src/BearerTokenEvents.cs b/src/Security/Authentication/BearerToken/src/BearerTokenEvents.cs
@@ -0,0 +1,20 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+namespace Microsoft.AspNetCore.Authentication.BearerToken;
+
+/// <summary>
+/// Specifies events which the bearer token handler invokes to enable developer control over the authentication process.
+/// </summary>
+public class BearerTokenEvents
+{
+    /// <summary>
+    /// Invoked when a protocol message is first received.
+    /// </summary>
+    public Func<MessageReceivedContext, Task> OnMessageReceived { get; set; } = context => Task.CompletedTask;
+
+    /// <summary>
+    /// Invoked when a protocol message is first received.
+    /// </summary>
+    public virtual Task MessageReceived(MessageReceivedContext context) => OnMessageReceived(context);
+}
diff --git a/src/Security/Authentication/BearerToken/src/BearerTokenHandler.cs b/src/Security/Authentication/BearerToken/src/BearerTokenHandler.cs
@@ -29,10 +29,23 @@ internal sealed class BearerTokenHandler(
     private ISecureDataFormat<AuthenticationTicket> BearerTokenProtector
         => Options.BearerTokenProtector ?? new TicketDataFormat(dataProtectionProvider.CreateProtector(BearerTokenPurpose));
 
+    private new BearerTokenEvents Events => (BearerTokenEvents)base.Events!;
+
     protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
     {
-        // If there's no bearer token, forward to cookie auth.
-        if (await GetBearerTokenOrNullAsync() is not string token)
+        // Give application opportunity to find from a different location, adjust, or reject token
+        var messageReceivedContext = new MessageReceivedContext(Context, Scheme, Options);
+
+        await Events.MessageReceived(messageReceivedContext);
+
+        if (messageReceivedContext.Result != null)
+        {
+            return messageReceivedContext.Result;
+        }
+
+        var token = messageReceivedContext.Token ?? GetBearerTokenOrNull();
+
+        if (token is null)
         {
             return AuthenticateResult.NoResult();
         }
@@ -76,14 +89,8 @@ protected override Task HandleSignInAsync(ClaimsPrincipal user, AuthenticationPr
     // No-op to avoid interfering with any mass sign-out logic.
     protected override Task HandleSignOutAsync(AuthenticationProperties? properties) => Task.CompletedTask;
 
-    private async ValueTask<string?> GetBearerTokenOrNullAsync()
+    private string? GetBearerTokenOrNull()
     {
-        if (Options.ExtractBearerToken is not null &&
-            await Options.ExtractBearerToken(Context) is string token)
-        {
-            return token;
-        }
-
         var authorization = Request.Headers.Authorization.ToString();
 
         return authorization.StartsWith("Bearer ", StringComparison.Ordinal)
diff --git a/src/Security/Authentication/BearerToken/src/BearerTokenOptions.cs b/src/Security/Authentication/BearerToken/src/BearerTokenOptions.cs
@@ -2,7 +2,6 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 
 using Microsoft.AspNetCore.DataProtection;
-using Microsoft.AspNetCore.Http;
 
 namespace Microsoft.AspNetCore.Authentication.BearerToken;
 
@@ -11,6 +10,14 @@ namespace Microsoft.AspNetCore.Authentication.BearerToken;
 /// </summary>
 public sealed class BearerTokenOptions : AuthenticationSchemeOptions
 {
+    /// <summary>
+    /// Constructs the options used to authenticate using opaque bearer tokens.
+    /// </summary>
+    public BearerTokenOptions()
+    {
+        Events = new();
+    }
+
     /// <summary>
     /// Controls how much time the bearer token will remain valid from the point it is created.
     /// The expiration information is stored in the protected token. Because of that, an expired token will be rejected
@@ -26,8 +33,14 @@ public sealed class BearerTokenOptions : AuthenticationSchemeOptions
     public ISecureDataFormat<AuthenticationTicket>? BearerTokenProtector { get; set; }
 
     /// <summary>
-    /// If set, this provides the bearer token. If unset, the bearer token is read from the Authorization  request header with a "Bearer " prefix.
+    /// The object provided by the application to process events raised by the bearer token authentication handler.
+    /// The application may implement the interface fully, or it may create an instance of <see cref="BearerTokenEvents"/>
+    /// and assign delegates only to the events it wants to process.
     /// </summary>
-    public Func<HttpContext, ValueTask<string?>>? ExtractBearerToken { get; set; }
+    public new BearerTokenEvents Events
+    {
+        get { return (BearerTokenEvents)base.Events!; }
+        set { base.Events = value; }
+    }
 }
 
diff --git a/src/Security/Authentication/BearerToken/src/MessageReceivedContext.cs b/src/Security/Authentication/BearerToken/src/MessageReceivedContext.cs
@@ -0,0 +1,27 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using Microsoft.AspNetCore.Http;
+
+namespace Microsoft.AspNetCore.Authentication.BearerToken;
+
+/// <summary>
+/// A context for <see cref="BearerTokenEvents.OnMessageReceived"/>.
+/// </summary>
+public class MessageReceivedContext : ResultContext<BearerTokenOptions>
+{
+    /// <summary>
+    /// Initializes a new instance of <see cref="MessageReceivedContext"/>.
+    /// </summary>
+    /// <inheritdoc />
+    public MessageReceivedContext(
+        HttpContext context,
+        AuthenticationScheme scheme,
+        BearerTokenOptions options)
+        : base(context, scheme, options) { }
+
+    /// <summary>
+    /// Bearer Token. This will give the application an opportunity to retrieve a token from an alternative location.
+    /// </summary>
+    public string? Token { get; set; }
+}
diff --git a/src/Security/Authentication/BearerToken/src/PublicAPI.Unshipped.txt b/src/Security/Authentication/BearerToken/src/PublicAPI.Unshipped.txt
@@ -1,16 +1,25 @@
 #nullable enable
 const Microsoft.AspNetCore.Authentication.BearerToken.BearerTokenDefaults.AuthenticationScheme = "BearerToken" -> string!
 Microsoft.AspNetCore.Authentication.BearerToken.BearerTokenDefaults
+Microsoft.AspNetCore.Authentication.BearerToken.BearerTokenEvents
+Microsoft.AspNetCore.Authentication.BearerToken.BearerTokenEvents.BearerTokenEvents() -> void
+Microsoft.AspNetCore.Authentication.BearerToken.BearerTokenEvents.OnMessageReceived.get -> System.Func<Microsoft.AspNetCore.Authentication.BearerToken.MessageReceivedContext!, System.Threading.Tasks.Task!>!
+Microsoft.AspNetCore.Authentication.BearerToken.BearerTokenEvents.OnMessageReceived.set -> void
 Microsoft.AspNetCore.Authentication.BearerToken.BearerTokenOptions
 Microsoft.AspNetCore.Authentication.BearerToken.BearerTokenOptions.BearerTokenExpiration.get -> System.TimeSpan
 Microsoft.AspNetCore.Authentication.BearerToken.BearerTokenOptions.BearerTokenExpiration.set -> void
 Microsoft.AspNetCore.Authentication.BearerToken.BearerTokenOptions.BearerTokenOptions() -> void
 Microsoft.AspNetCore.Authentication.BearerToken.BearerTokenOptions.BearerTokenProtector.get -> Microsoft.AspNetCore.Authentication.ISecureDataFormat<Microsoft.AspNetCore.Authentication.AuthenticationTicket!>?
 Microsoft.AspNetCore.Authentication.BearerToken.BearerTokenOptions.BearerTokenProtector.set -> void
-Microsoft.AspNetCore.Authentication.BearerToken.BearerTokenOptions.ExtractBearerToken.get -> System.Func<Microsoft.AspNetCore.Http.HttpContext!, System.Threading.Tasks.ValueTask<string?>>?
-Microsoft.AspNetCore.Authentication.BearerToken.BearerTokenOptions.ExtractBearerToken.set -> void
+Microsoft.AspNetCore.Authentication.BearerToken.BearerTokenOptions.Events.get -> Microsoft.AspNetCore.Authentication.BearerToken.BearerTokenEvents!
+Microsoft.AspNetCore.Authentication.BearerToken.BearerTokenOptions.Events.set -> void
+Microsoft.AspNetCore.Authentication.BearerToken.MessageReceivedContext
+Microsoft.AspNetCore.Authentication.BearerToken.MessageReceivedContext.MessageReceivedContext(Microsoft.AspNetCore.Http.HttpContext! context, Microsoft.AspNetCore.Authentication.AuthenticationScheme! scheme, Microsoft.AspNetCore.Authentication.BearerToken.BearerTokenOptions! options) -> void
+Microsoft.AspNetCore.Authentication.BearerToken.MessageReceivedContext.Token.get -> string?
+Microsoft.AspNetCore.Authentication.BearerToken.MessageReceivedContext.Token.set -> void
 Microsoft.Extensions.DependencyInjection.BearerTokenExtensions
 static Microsoft.Extensions.DependencyInjection.BearerTokenExtensions.AddBearerToken(this Microsoft.AspNetCore.Authentication.AuthenticationBuilder! builder) -> Microsoft.AspNetCore.Authentication.AuthenticationBuilder!
 static Microsoft.Extensions.DependencyInjection.BearerTokenExtensions.AddBearerToken(this Microsoft.AspNetCore.Authentication.AuthenticationBuilder! builder, string! authenticationScheme) -> Microsoft.AspNetCore.Authentication.AuthenticationBuilder!
 static Microsoft.Extensions.DependencyInjection.BearerTokenExtensions.AddBearerToken(this Microsoft.AspNetCore.Authentication.AuthenticationBuilder! builder, string! authenticationScheme, System.Action<Microsoft.AspNetCore.Authentication.BearerToken.BearerTokenOptions!>! configure) -> Microsoft.AspNetCore.Authentication.AuthenticationBuilder!
 static Microsoft.Extensions.DependencyInjection.BearerTokenExtensions.AddBearerToken(this Microsoft.AspNetCore.Authentication.AuthenticationBuilder! builder, System.Action<Microsoft.AspNetCore.Authentication.BearerToken.BearerTokenOptions!>! configure) -> Microsoft.AspNetCore.Authentication.AuthenticationBuilder!
+virtual Microsoft.AspNetCore.Authentication.BearerToken.BearerTokenEvents.MessageReceived(Microsoft.AspNetCore.Authentication.BearerToken.MessageReceivedContext! context) -> System.Threading.Tasks.Task!
