AccessTokenHandler does not support sync methods

[codingbott]

Which version of Duende.AccessTokenManagement are you using?
3.0.0

Which version of .NET are you using?
6

Describe the bug

I'm try to use the OpenTelemetryClient from dotnet together with the AccessTokenManagement.

Setup like this:

builder.Services.AddClientCredentialsTokenManagement().AddClient("Token.Client.OtelAuditLogger", options =>
                {
                   // options setup here with crediential etc.
                });

            builder.Services
                .AddClientCredentialsHttpClient("Http.Client.OtelAuditLogger", "Token.Client.OtelAuditLogger");

Later on in my implementation I pass the IHttpClientFactory in my class:

    public AuditLogger(IHttpClientFactory httpClientFactory)
    {
        string plantShort = "tc5ot";
        string teamName = "BackboneInfra";
        string applicationName = "OtelDemoApp";

        var loggerFactory = LoggerFactory.Create(builder =>
        {
            builder.SetMinimumLevel(LogLevel.Trace);
            builder.AddOpenTelemetry(logging =>
            {
                logging.AddOtlpExporter(otlpOptions =>
                {
                    otlpOptions.Endpoint = new Uri(OtlpHttp);
                    otlpOptions.Protocol = OtlpExportProtocol.HttpProtobuf;

                    otlpOptions.HttpClientFactory = () =>
                    {
                        var httpClient = httpClientFactory.CreateClient("Http.Client.OtelAuditLogger");
                        httpClient.BaseAddress = new Uri(OtlpHttp);

                        // this lines test if the AccessTokenManagement is bound
                        // using SEND does NOT request a token and SEND is used by OTEL log exporter 
                        var failingGettingToken = httpClient.Send(new HttpRequestMessage());
                        // compared with SendAsync: This does request a token
                        var successGettingToken = httpClient.SendAsync(new HttpRequestMessage());

                        return httpClient;
                    };
                });
            });
        });

        var _logger = loggerFactory.CreateLogger<AuditLogger>();
        _logger.Log(LogLevel.Critical, "Hello World");
    }

To Reproduce

See the source above. Where the httpClient is created I'm doing a send which does not request tokens. I saw that in the logs.
When I call SendAsync, then the lib is requesting a token.

Expected behavior

Also Send method will request a token.

Additional context

src/Duende.AccessTokenManagement/AccessTokenHandler.cs

Does not override the Send method, but SendAync only.

[AndersAbel]

It looks like Send was added in .NET 5, while SendAsync has been around since .NET Core 1.0 (and .NET Framework 4.5), so I guess the reason is that when the code was initially written, there was no Send method.

I'll transfer this issue to our FOSS repository (the home for Duende.AccessTokenManagement) for handling.

[Erwinvandervalk]

Thank you for bringing this to our attention.

I understand that the open telemetry library invokes the synchronous send operation, which is currently not supported. .

Unfortunately, the only way we could implement a synchronous Send() is by doing .GetAwaiter().GetResult(), which is absolutely not a recommended practice and not something we're considering implementing. However, we should fail fast when the synchronous Send() method is invoked. So this is a change that we'll introduce in the near future.

In the open telemetry library there's a PR and a big discussion associated with it to make this functionality async (open-telemetry/opentelemetry-dotnet#5838). Now this PR isn't merged yet and no ETA on this,

Should you accept the issues and risks associated with calling .GetAwaiter().GetResult(), you can always create your own subclass of the Handler that doesn't throw like this:

public class SynchronousOpenIdConnectClientAccessTokenHandler : OpenIdConnectClientAccessTokenHandler
{
    public SynchronousOpenIdConnectClientAccessTokenHandler(IDPoPProofService dPoPProofService, IDPoPNonceStore dPoPNonceStore, IHttpContextAccessor httpContextAccessor, ILogger<OpenIdConnectClientAccessTokenHandler> logger, UserTokenRequestParameters? parameters = null) : base(dPoPProofService, dPoPNonceStore, httpContextAccessor, logger, parameters)
    {
    }

    protected override HttpResponseMessage Send(HttpRequestMessage request, CancellationToken cancellationToken)
    {
        // Please note that this code (depending on where it's invoked) is subject to deadlocks and thread pool starvation
        return base.SendAsync(request, cancellationToken).GetAwaiter().GetResult();
    }
}