Request RC-4.0.0 merging to the main branch approval (#192)

* Expose OIDC and JWT events (#187) * Expose OIDC events for .NET 4.x and Core MVC projects. * Expose JWT events for .NET 4.x and Core WebApi projects. * Expose OIDC events for .NET Core MVC projects. * Expose JWT events for .NET Core WebApi projects. * Add tests. * Update readme.
okta · Dec 9, 2021 · 0435a6d · 0435a6d
1 parent 77b3847
commit 0435a6d
Show file tree

Hide file tree

Showing 44 changed files with 1,082 additions and 260 deletions.
diff --git a/MIGRATING.md b/MIGRATING.md
@@ -0,0 +1,109 @@
+# Okta.AspNet SDK migration guide
+
+This library uses semantic versioning and follows Okta's [library version policy](https://developer.okta.com/code/library-versions/). In short, we don't make breaking changes unless the major version changes!
+
+## Migrating from Okta.AspNet 1.x to 2.x
+
+In previous versions, the `OktaMvcOptions` exposed the `SecurityTokenValidated` and `AuthenticationFailed` events you could hook into. Starting in 2.x series, the  `OktaMvcOptions` exposes the `OpenIdConnectEvents` property which allows you to hook into all the events provided by the uderlying OIDC middleware.
+
+_Before:_
+
+```csharp
+public class Startup
+{
+    public void Configuration(IAppBuilder app)
+    {
+        app.UseOktaMvc(new OktaMvcOptions()
+        {
+            // ... other configuration options removed for brevity ...
+            AuthenticationFailed = OnAuthenticationFailed,
+        });
+    }
+
+    public async Task OnAuthenticationFailed(AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
+    {
+        await Task.Run(() =>
+        {
+            notification.Response.Redirect("{YOUR-EXCEPTION-HANDLING-ENDPOINT}?message=" + notification.Exception.Message);
+            notification.HandleResponse();
+        });
+    }
+}
+```
+
+_Now:_
+
+```csharp
+   app.UseOktaMvc(new OktaMvcOptions()
+        {
+            // ... other configuration options removed for brevity ...
+            OpenIdConnectEvents = new OpenIdConnectAuthenticationNotifications
+            {
+                AuthenticationFailed = OnAuthenticationFailed,
+            },
+        });
+```
+## Migrating from Okta.AspNetCore 3.x to 4.x
+
+In previous versions, the `OktaMvcOptions` exposed the `OnTokenValidated`, `OnOktaApiFailure`, `OnUserInformationReceived` and `OnAuthenticationFailed` events you could hook into. Starting in 4.x series, the  `OktaMvcOptions` exposes the `OpenIdConnectEvents` property which allows you to hook into all the events provided by the uderlying OIDC middleware.
+
+_Before:_
+
+```csharp
+public class Startup
+{
+    public void ConfigureServices(IServiceCollection services)
+    {
+        services.AddOktaMvc(new OktaMvcOptions
+        {
+            // ... other configuration options removed for brevity ...
+            OnOktaApiFailure = OnOktaApiFailure,
+            OnAuthenticationFailed = OnAuthenticationFailed,
+        });
+    }
+
+    public async Task OnOktaApiFailure(RemoteFailureContext context)
+    {
+        await Task.Run(() =>
+        {
+            context.Response.Redirect("{YOUR-EXCEPTION-HANDLING-ENDPOINT}?message=" + context.Failure.Message);
+            context.HandleResponse();
+        });
+    }
+
+    public async Task OnAuthenticationFailed(AuthenticationFailedContext context)
+    {
+        await Task.Run(() =>
+        {
+            context.Response.Redirect("{YOUR-EXCEPTION-HANDLING-ENDPOINT}?message=" + context.Exception.Message);
+            context.HandleResponse();
+        });
+    }
+}
+```
+
+_Now:_
+
+```csharp
+public class Startup
+{
+    public void ConfigureServices(IServiceCollection services)
+    {
+        services.AddOktaMvc(new OktaMvcOptions
+        {
+            // ... other configuration options removed for brevity ...
+            OpenIdConnectEvents = new OpenIdConnectEvents
+            {
+                OnAuthenticationFailed = OnAuthenticationFailed,
+                OnRemoteFailure = OnOktaApiFailure,
+            },
+        });
+    }
+}
+```
+
+## Getting help
+
+If you have questions about this library or about the Okta APIs, post a question on our [Developer Forum](https://devforum.okta.com).
+
+If you find a bug or have a feature request for this library specifically, [post an issue](https://github.com/okta/okta-aspnet/issues) here on GitHub.
diff --git a/Okta.AspNet.Abstractions.Test/OktaHttpMessageHandlerShould.cs b/Okta.AspNet.Abstractions.Test/OktaHttpMessageHandlerShould.cs
@@ -23,7 +23,7 @@ public async Task BuildUserAgent(string frameworkName)
         {
             var httpRequestMessage = new HttpRequestMessage(HttpMethod.Get, "http://foo.com");
             var version = typeof(OktaHttpMessageHandlerShould).Assembly.GetName().Version;
-            var handler = new OktaHttpMessageHandler(frameworkName, version)
+            var handler = new OktaHttpMessageHandler(frameworkName, version, new OktaWebOptions())
             {
                 InnerHandler = new TestHandler(),
             };

diff --git a/Okta.AspNet.Abstractions/CHANGELOG.md b/Okta.AspNet.Abstractions/CHANGELOG.md
@@ -1,6 +1,24 @@
 # Changelog
 Running changelog of releases since `3.0.5`
 
+## v4.0.0
+
+### Features
+
+- Add support for OIDC events configuration in MVC projects.
+- Add support for JWT events configuration in Web API projects.
+- Add support for BackchannelHttpHandler configuration.
+- Add support for BackchannelTimeout configuration.
+
+### Breaking changes
+
+- Remove `ClientId` property from `WebApiOptions`.
+
+### Features
+
+- Add strong name signature.
+
+
 ## v3.2.2
 
 ### Bug Fix

diff --git a/Okta.AspNet.Abstractions/Okta.AspNet.Abstractions.csproj b/Okta.AspNet.Abstractions/Okta.AspNet.Abstractions.csproj
@@ -2,7 +2,7 @@
 
   <PropertyGroup>
     <TargetFrameworks>net452;netstandard2.0</TargetFrameworks>
-    <Version>3.2.2</Version>
+    <Version>4.0.0</Version>
   </PropertyGroup>
 
   <PropertyGroup>

diff --git a/Okta.AspNet.Abstractions/OktaHttpMessageHandler.cs b/Okta.AspNet.Abstractions/OktaHttpMessageHandler.cs
@@ -18,11 +18,13 @@ public class OktaHttpMessageHandler : DelegatingHandler
     {
         private readonly Lazy<string> _userAgent;
 
-        public OktaHttpMessageHandler(string frameworkName, Version frameworkVersion, OktaWebOptions oktaWebOptions = null)
+        public OktaHttpMessageHandler(string frameworkName, Version frameworkVersion, OktaWebOptions oktaWebOptions)
         {
             _userAgent = new Lazy<string>(() => new UserAgentBuilder(frameworkName, frameworkVersion).GetUserAgent());
-            InnerHandler = new HttpClientHandler();
-            if (oktaWebOptions?.Proxy != null)
+            InnerHandler = oktaWebOptions.BackchannelHttpClientHandler ?? new HttpClientHandler();
+
+            // If a backchannel handler is provided, then the proxy config is not overwritten
+            if (oktaWebOptions.BackchannelHttpClientHandler == null && oktaWebOptions.Proxy != null)
             {
                 ((HttpClientHandler)InnerHandler).Proxy = new DefaultProxy(oktaWebOptions.Proxy);
             }

diff --git a/Okta.AspNet.Abstractions/OktaWebApiOptions.cs b/Okta.AspNet.Abstractions/OktaWebApiOptions.cs
@@ -4,6 +4,7 @@
 // </copyright>
 
 using System;
+using System.Net.Http;
 
 namespace Okta.AspNet.Abstractions
 {
@@ -12,8 +13,5 @@ public class OktaWebApiOptions : OktaWebOptions
         public static readonly string DefaultAudience = "api://default";
 
         public string Audience { get; set; } = DefaultAudience;
-
-        [Obsolete("ClientId is no longer required, and has no effect. This property will be removed in the next major release.")]
-        public string ClientId { get; set; }
     }
 }
diff --git a/Okta.AspNet.Abstractions/OktaWebOptions.cs b/Okta.AspNet.Abstractions/OktaWebOptions.cs
@@ -4,6 +4,7 @@
 // </copyright>
 
 using System;
+using System.Net.Http;
 
 namespace Okta.AspNet.Abstractions
 {
@@ -40,6 +41,25 @@ public class OktaWebOptions
         /// <summary>
         /// Gets or sets the URI of your organization's proxy server.  The default is <c>null</c>.
         /// </summary>
+        /// <value>
+        /// The URI of your organization's proxy server.  The default is <c>null</c>.
+        /// </value>
         public ProxyConfiguration Proxy { get; set; }
+
+        /// <summary>
+        /// Gets or sets the HttpMessageHandler used to communicate with Okta.
+        /// </summary>
+        /// <value>
+        /// The HttpMessageHandler used to communicate with Okta.
+        /// </value>
+        public HttpMessageHandler BackchannelHttpClientHandler { get; set; }
+
+        /// <summary>
+        /// Gets or sets timeout value in milliseconds for back channel communications with Okta.
+        /// </summary>
+        /// <value>
+        /// Timeout value in milliseconds for back channel communications with Okta.
+        /// </value>
+        public TimeSpan BackchannelTimeout { get; set; } = TimeSpan.FromSeconds(60);
     }
 }
diff --git a/Okta.AspNet.Test/HttpClientBuilderShould.cs b/Okta.AspNet.Test/HttpClientBuilderShould.cs
@@ -0,0 +1,38 @@
+// <copyright file="HttpClientBuilderShould.cs" company="Okta, Inc">
+// Copyright (c) 2018-present Okta, Inc. All rights reserved.
+// Licensed under the Apache 2.0 license. See the LICENSE file in the project root for full license information.
+// </copyright>
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using FluentAssertions;
+using Xunit;
+
+namespace Okta.AspNet.Test
+{
+    public class HttpClientBuilderShould
+    {
+        [Fact]
+        public async Task InvokeCustomHandler()
+        {
+            var handler = new MockHttpClientHandler();
+
+            var options = new OktaWebApiOptions();
+            options.OktaDomain = "https://test.okta.com";
+            options.BackchannelHttpClientHandler = handler;
+            options.BackchannelTimeout = TimeSpan.FromMinutes(5);
+
+            options.BackchannelHttpClientHandler.Should().NotBeNull();
+
+            var client = HttpClientBuilder.CreateClient(options);
+
+            var response = await client.GetAsync("http://www.okta.com");
+
+            handler.NumberOfCalls.Should().BeGreaterThan(0);
+            client.Timeout.Should().Be(TimeSpan.FromMinutes(5));
+        }
+    }
+}
diff --git a/Okta.AspNet.Test/JwtOptionsBuilderShould.cs b/Okta.AspNet.Test/JwtOptionsBuilderShould.cs
@@ -0,0 +1,34 @@
+// <copyright file="JwtOptionsBuilderShould.cs" company="Okta, Inc">
+// Copyright (c) 2018-present Okta, Inc. All rights reserved.
+// Licensed under the Apache 2.0 license. See the LICENSE file in the project root for full license information.
+// </copyright>
+
+using System;
+using FluentAssertions;
+using Microsoft.Owin.Security.OAuth;
+using NSubstitute;
+using Xunit;
+
+namespace Okta.AspNet.Test
+{
+    public class JwtOptionsBuilderShould
+    {
+        [Fact]
+        public void BuildJwtBearerOptions()
+        {
+            var mockAuthnProvider = Substitute.For<OAuthBearerAuthenticationProvider>();
+
+            var oktaWebApiOptions = new OktaWebApiOptions
+            {
+                OktaDomain = "http://myoktadomain.com",
+                BackchannelTimeout = TimeSpan.FromMinutes(5),
+                BackchannelHttpClientHandler = new MockHttpClientHandler(),
+                OAuthBearerAuthenticationProvider = mockAuthnProvider,
+            };
+
+            var jwtOptions = JwtOptionsBuilder.BuildJwtBearerAuthenticationOptions(oktaWebApiOptions);
+            jwtOptions.Should().NotBeNull();
+            jwtOptions.Provider.Should().Be(mockAuthnProvider);
+        }
+    }
+}
diff --git a/Okta.AspNet.Test/MockHttpClientHandler.cs b/Okta.AspNet.Test/MockHttpClientHandler.cs
@@ -0,0 +1,44 @@
+// <copyright file="MockHttpClientHandler.cs" company="Okta, Inc">
+// Copyright (c) 2018-present Okta, Inc. All rights reserved.
+// Licensed under the Apache 2.0 license. See the LICENSE file in the project root for full license information.
+// </copyright>
+
+using System.Net;
+using System.Net.Http;
+using System.Threading;
+using System.Threading.Tasks;
+
+namespace Okta.AspNet.Test
+{
+    public class MockHttpClientHandler : DelegatingHandler
+    {
+        private readonly string _response;
+        private readonly HttpStatusCode _statusCode;
+
+        public string Body { get; private set; }
+
+        public int NumberOfCalls { get; private set; }
+
+        public MockHttpClientHandler(string response = "{}", HttpStatusCode statusCode = HttpStatusCode.OK)
+        {
+            _response = response;
+            _statusCode = statusCode;
+        }
+
+        protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken = default)
+        {
+            NumberOfCalls++;
+
+            if (request.Content != null)
+            {
+                Body = await request.Content.ReadAsStringAsync();
+            }
+
+            return new HttpResponseMessage
+            {
+                StatusCode = _statusCode,
+                Content = new StringContent(_response),
+            };
+        }
+    }
+}
diff --git a/Okta.AspNet.Test/Okta.AspNet.Test.csproj b/Okta.AspNet.Test/Okta.AspNet.Test.csproj
@@ -9,7 +9,7 @@
   <ItemGroup>
     <DotNetCliToolReference Include="dotnet-xunit" Version="2.3.1" />
     <PackageReference Include="FluentAssertions" Version="5.3.0" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.5.0" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.0.0" />
     <PackageReference Include="NSubstitute" Version="4.2.0" />
     <PackageReference Include="xunit" Version="2.4.1" />
     <PackageReference Include="xunit.runner.visualstudio" Version="2.4.1">