Merge pull request #300 from DuendeSoftware/pg/http-request-context

Allow a default ITokenRequestCustomizer to be registered

Author: pgermishuys

access-token-management/src/AccessTokenManagement.OpenIdConnect/HttpContextExtensions.cs

@@ -28,8 +28,9 @@ public static async Task<TokenResult<UserToken>> GetUserAccessTokenAsync(
         CT ct = default)
     {
         var service = httpContext.RequestServices.GetRequiredService<IUserTokenManager>();
+        var requestParameters = await ApplyTokenRequestCustomizationAsync(httpContext, parameters, ct);
 
-        return await service.GetAccessTokenAsync(httpContext.User, parameters, ct).ConfigureAwait(false);
+        return await service.GetAccessTokenAsync(httpContext.User, requestParameters, ct).ConfigureAwait(false);
     }
 
     /// <summary>
@@ -45,8 +46,9 @@ public static async Task RevokeRefreshTokenAsync(
         CT ct = default)
     {
         var service = httpContext.RequestServices.GetRequiredService<IUserTokenManager>();
+        var requestParameters = await ApplyTokenRequestCustomizationAsync(httpContext, parameters, ct);
 
-        await service.RevokeRefreshTokenAsync(httpContext.User, parameters, ct).ConfigureAwait(false);
+        await service.RevokeRefreshTokenAsync(httpContext.User, requestParameters, ct).ConfigureAwait(false);
     }
 
     /// <summary>
@@ -72,20 +74,49 @@ public static async Task<TokenResult<ClientCredentialsToken>> GetClientAccessTok
             var defaultScheme = await schemes.GetDefaultChallengeSchemeAsync().ConfigureAwait(false);
             if (defaultScheme == null)
             {
-                throw new InvalidOperationException("Cannot retrieve client access token. No scheme was provided and default challenge scheme was not set.");
+                throw new InvalidOperationException(
+                    "Cannot retrieve client access token. No scheme was provided and default challenge scheme was not set.");
             }
 
             schemeName = Scheme.Parse(defaultScheme.Name);
         }
 
+        var requestParameters = await ApplyTokenRequestCustomizationAsync(httpContext, parameters, ct);
+
         return await service.GetAccessTokenAsync(
             schemeName.Value.ToClientName(),
-            parameters,
+            requestParameters,
             ct).ConfigureAwait(false);
     }
 
+    private static async Task<UserTokenRequestParameters> ApplyTokenRequestCustomizationAsync(
+        HttpContext httpContext,
+        UserTokenRequestParameters? parameters,
+        CT ct)
+    {
+        var baseParameters = parameters ?? new UserTokenRequestParameters();
+        var tokenRequestCustomizer = httpContext.RequestServices.GetService<ITokenRequestCustomizer>();
+
+        var customizedParameters = tokenRequestCustomizer != null
+            ? await tokenRequestCustomizer.Customize(httpContext.Request.ToHttpRequestContext(), baseParameters, ct)
+            : baseParameters;
+
+        return baseParameters with
+        {
+            Scope = customizedParameters.Scope,
+            Resource = customizedParameters.Resource,
+            Parameters = customizedParameters.Parameters,
+            Assertion = customizedParameters.Assertion,
+            Context = customizedParameters.Context,
+            ForceTokenRenewal = customizedParameters.ForceTokenRenewal
+        };
+    }
+
     const string AuthenticationPropertiesDPoPKey = ".Token.dpop_proof_key";
-    internal static void SetProofKey(this AuthenticationProperties properties, DPoPProofKey dpopProofKey) => properties.Items[AuthenticationPropertiesDPoPKey] = dpopProofKey.ToString();
+
+    internal static void SetProofKey(this AuthenticationProperties properties, DPoPProofKey dpopProofKey) =>
+        properties.Items[AuthenticationPropertiesDPoPKey] = dpopProofKey.ToString();
+
     internal static DPoPProofKey? GetProofKey(this AuthenticationProperties properties)
     {
         if (properties.Items.TryGetValue(AuthenticationPropertiesDPoPKey, out var key))
@@ -97,17 +128,22 @@ public static async Task<TokenResult<ClientCredentialsToken>> GetClientAccessTok
 
             return DPoPProofKey.Parse(key);
         }
+
         return null;
     }
 
     const string HttpContextDPoPKey = "dpop_proof_key";
-    internal static void SetCodeExchangeDPoPKey(this HttpContext context, DPoPProofKey dpopProofKey) => context.Items[HttpContextDPoPKey] = dpopProofKey;
+
+    internal static void SetCodeExchangeDPoPKey(this HttpContext context, DPoPProofKey dpopProofKey) =>
+        context.Items[HttpContextDPoPKey] = dpopProofKey;
+
     internal static DPoPProofKey? GetCodeExchangeDPoPKey(this HttpContext context)
     {
         if (context.Items.TryGetValue(HttpContextDPoPKey, out var item))
         {
             return item as DPoPProofKey?;
         }
+
         return null;
     }
 }

access-token-management/src/AccessTokenManagement.OpenIdConnect/HttpRequestContextExtensions.cs

@@ -0,0 +1,18 @@
+// Copyright (c) Duende Software. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
+
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Extensions;
+
+namespace Duende.AccessTokenManagement.OpenIdConnect;
+
+internal static class HttpRequestContextExtensions
+{
+    public static HttpRequestContext ToHttpRequestContext(this HttpRequest request) =>
+        new()
+        {
+            Method = request.Method,
+            RequestUri = new Uri(request.GetEncodedUrl()),
+            Headers = request.Headers.Select(h => new KeyValuePair<string, IEnumerable<string>>(h.Key, h.Value))
+        };
+}

access-token-management/src/AccessTokenManagement.OpenIdConnect/Internal/OpenIdConnectClientAccessTokenRetriever.cs

@@ -34,13 +34,13 @@ internal class OpenIdConnectClientAccessTokenRetriever(
         };
 
         var customizedParameters = customizer != null
-            ? await customizer.Customize(request, baseParameters, ct)
+            ? await customizer.Customize(request.ToHttpRequestContext(), baseParameters, ct)
             : baseParameters;
 
         var userTokenRequestParameters = baseParameters with
         {
-            Scope = customizedParameters.Scope ?? _parameters.Scope,
-            Resource = customizedParameters.Resource ?? _parameters.Resource,
+            Scope = customizedParameters.Scope,
+            Resource = customizedParameters.Resource,
             Parameters = customizedParameters.Parameters,
             Assertion = customizedParameters.Assertion,
             Context = customizedParameters.Context,

access-token-management/src/AccessTokenManagement.OpenIdConnect/Internal/OpenIdConnectUserAccessTokenRetriever.cs

@@ -29,7 +29,7 @@ internal class OpenIdConnectUserAccessTokenRetriever(
         };
 
         var customizedParameters = customizer != null
-            ? await customizer.Customize(request, baseParameters, ct)
+            ? await customizer.Customize(request.ToHttpRequestContext(), baseParameters, ct)
             : baseParameters;
 
         var parameters = baseParameters with

access-token-management/src/AccessTokenManagement.OpenIdConnect/ServiceCollectionExtensions.cs

@@ -258,7 +258,8 @@ private static IHttpClientBuilder AddUserAccessTokenHandlerInternal(
         {
             var httpContextAccessor = provider.GetRequiredService<IUserAccessor>();
             var userTokenManagementService = provider.GetRequiredService<IUserTokenManager>();
-            var tokenRequestCustomizer = tokenRequestCustomizerFactory?.Invoke(provider);
+            var tokenRequestCustomizer = tokenRequestCustomizerFactory?.Invoke(provider) ??
+                                         provider.GetService<ITokenRequestCustomizer>();
 
             var tokenRetriever = new OpenIdConnectUserAccessTokenRetriever(
                 httpContextAccessor,
@@ -321,7 +322,8 @@ private static IHttpClientBuilder AddClientAccessTokenHandlerInternal(
             var tokenManager = provider.GetRequiredService<IClientCredentialsTokenManager>();
             var schemeProvider = provider.GetRequiredService<IAuthenticationSchemeProvider>();
             var options = provider.GetRequiredService<IOptions<UserTokenManagementOptions>>();
-            var tokenRequestCustomizer = tokenRequestCustomizerFactory?.Invoke(provider);
+            var tokenRequestCustomizer = tokenRequestCustomizerFactory?.Invoke(provider) ??
+                                         provider.GetService<ITokenRequestCustomizer>();
 
             var tokenRetriever = new OpenIdConnectClientAccessTokenRetriever(tokenManager,
                 options,

access-token-management/src/AccessTokenManagement/HttpRequestContext.cs

@@ -0,0 +1,14 @@
+// Copyright (c) Duende Software. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
+
+namespace Duende.AccessTokenManagement;
+
+/// <summary>
+/// Represents a slim version of an HTTP request
+/// </summary>
+public record struct HttpRequestContext
+{
+    public required string Method { get; init; }
+    public required Uri? RequestUri { get; init; }
+    public required IEnumerable<KeyValuePair<string, IEnumerable<string>>> Headers { get; init; }
+}

access-token-management/src/AccessTokenManagement/HttpRequestContextExtensions.cs

@@ -0,0 +1,15 @@
+// Copyright (c) Duende Software. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
+
+namespace Duende.AccessTokenManagement;
+
+internal static class HttpRequestContextExtensions
+{
+    public static HttpRequestContext ToHttpRequestContext(this HttpRequestMessage request) =>
+        new()
+        {
+            Method = request.Method.Method,
+            RequestUri = request.RequestUri,
+            Headers = request.Headers
+        };
+}

access-token-management/src/AccessTokenManagement/ITokenRequestCustomizer.cs

@@ -16,7 +16,7 @@ public interface ITokenRequestCustomizer
     /// <param name="cancellationToken">Cancellation token</param>
     /// <returns>Customized token request parameters</returns>
     Task<TokenRequestParameters> Customize(
-        HttpRequestMessage httpRequest,
+        HttpRequestContext httpRequest,
         TokenRequestParameters baseParameters,
         CancellationToken cancellationToken = default);
 }

access-token-management/src/AccessTokenManagement/Internal/ClientCredentialsTokenRetriever.cs

@@ -5,7 +5,6 @@
 
 namespace Duende.AccessTokenManagement.Internal;
 
-
 /// <summary>
 /// An <see cref="AccessTokenRequestHandler.ITokenRetriever" /> implementation that retrieves a token using the client credentials flow.
 /// </summary>
@@ -24,7 +23,7 @@ internal class ClientCredentialsTokenRetriever(
         };
 
         var parameters = customizer != null
-            ? await customizer.Customize(request, baseParameters, ct)
+            ? await customizer.Customize(request.ToHttpRequestContext(), baseParameters, ct)
             : baseParameters;
 
         var getTokenResult = await clientCredentialsTokenManager.GetAccessTokenAsync(clientName, parameters, ct);

access-token-management/src/AccessTokenManagement/ServiceCollectionExtensions.cs

@@ -176,17 +176,18 @@ private static IHttpClientBuilder AddClientCredentialsTokenHandlerInternal(
         IHttpClientBuilder httpClientBuilder,
         Func<IServiceProvider, ITokenRequestCustomizer>? tokenRequestCustomizerFactory,
         ClientCredentialsClientName clientName) => httpClientBuilder
-            .AddHttpMessageHandler(provider =>
-            {
-                var accessTokenManagementService = provider.GetRequiredService<IClientCredentialsTokenManager>();
-                var tokenRequestCustomizer = tokenRequestCustomizerFactory?.Invoke(provider);
-                var retriever =
-                    new ClientCredentialsTokenRetriever(accessTokenManagementService, clientName,
-                        tokenRequestCustomizer);
-                var accessTokenHandler = provider.BuildAccessTokenRequestHandler(retriever);
-
-                return accessTokenHandler;
-            });
+        .AddHttpMessageHandler(provider =>
+        {
+            var accessTokenManagementService = provider.GetRequiredService<IClientCredentialsTokenManager>();
+            var tokenRequestCustomizer = tokenRequestCustomizerFactory?.Invoke(provider) ??
+                                         provider.GetService<ITokenRequestCustomizer>();
+            var retriever =
+                new ClientCredentialsTokenRetriever(accessTokenManagementService, clientName,
+                    tokenRequestCustomizer);
+            var accessTokenHandler = provider.BuildAccessTokenRequestHandler(retriever);
+
+            return accessTokenHandler;
+        });
 
     internal static AccessTokenRequestHandler BuildAccessTokenRequestHandler(
         this IServiceProvider provider,