Update_The_OAuth_Server

OAuth20.sln

@@ -3,34 +3,46 @@ Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio Version 17
 VisualStudioVersion = 17.3.32901.215
 MinimumVisualStudioVersion = 10.0.40219.1
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "OAuth20.Server", "OAuth20.Server\OAuth20.Server.csproj", "{AE594E56-E074-4842-AF6D-4D51F0B85514}"
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Server", "Server", "{47E8F0DC-9DEE-44A1-B528-9FE19D17C5BD}"
 EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "ClientApp_OpenId", "ClientApp_OpenId\ClientApp_OpenId.csproj", "{5344278D-1221-4822-BC46-B617A0888F73}"
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{634F7193-1EB7-4E4E-A91E-44F544125BBD}"
 EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "ProtectedResourceApp_JwtBearer", "ProtectedResourceApp_JwtBearer\ProtectedResourceApp_JwtBearer.csproj", "{4E5368EB-E479-4934-9453-99E54DBB91B2}"
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Sample", "Sample", "{F6D9EFD5-E13B-4339-B29F-B3F077FEC21F}"
+EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "ClientApp_OpenId", "Sample\ClientApp_OpenId\ClientApp_OpenId.csproj", "{6A2C0C72-021B-4CB0-9EC0-D9169EE4F076}"
+EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "ProtectedResourceApp_JwtBearer", "Sample\ProtectedResourceApp_JwtBearer\ProtectedResourceApp_JwtBearer.csproj", "{E7E57FF9-355C-452C-AC2F-B41A2E727235}"
+EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "OAuth20.Server", "Server\src\OAuth20.Server\OAuth20.Server.csproj", "{9650FBCA-54A6-4B1E-AA32-22D82C444DC2}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
 		Release|Any CPU = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
-		{AE594E56-E074-4842-AF6D-4D51F0B85514}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{AE594E56-E074-4842-AF6D-4D51F0B85514}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{AE594E56-E074-4842-AF6D-4D51F0B85514}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{AE594E56-E074-4842-AF6D-4D51F0B85514}.Release|Any CPU.Build.0 = Release|Any CPU
-		{5344278D-1221-4822-BC46-B617A0888F73}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{5344278D-1221-4822-BC46-B617A0888F73}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{5344278D-1221-4822-BC46-B617A0888F73}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{5344278D-1221-4822-BC46-B617A0888F73}.Release|Any CPU.Build.0 = Release|Any CPU
-		{4E5368EB-E479-4934-9453-99E54DBB91B2}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{4E5368EB-E479-4934-9453-99E54DBB91B2}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{4E5368EB-E479-4934-9453-99E54DBB91B2}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{4E5368EB-E479-4934-9453-99E54DBB91B2}.Release|Any CPU.Build.0 = Release|Any CPU
+		{6A2C0C72-021B-4CB0-9EC0-D9169EE4F076}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{6A2C0C72-021B-4CB0-9EC0-D9169EE4F076}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{6A2C0C72-021B-4CB0-9EC0-D9169EE4F076}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{6A2C0C72-021B-4CB0-9EC0-D9169EE4F076}.Release|Any CPU.Build.0 = Release|Any CPU
+		{E7E57FF9-355C-452C-AC2F-B41A2E727235}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{E7E57FF9-355C-452C-AC2F-B41A2E727235}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{E7E57FF9-355C-452C-AC2F-B41A2E727235}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{E7E57FF9-355C-452C-AC2F-B41A2E727235}.Release|Any CPU.Build.0 = Release|Any CPU
+		{9650FBCA-54A6-4B1E-AA32-22D82C444DC2}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{9650FBCA-54A6-4B1E-AA32-22D82C444DC2}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{9650FBCA-54A6-4B1E-AA32-22D82C444DC2}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{9650FBCA-54A6-4B1E-AA32-22D82C444DC2}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
 	EndGlobalSection
+	GlobalSection(NestedProjects) = preSolution
+		{634F7193-1EB7-4E4E-A91E-44F544125BBD} = {47E8F0DC-9DEE-44A1-B528-9FE19D17C5BD}
+		{6A2C0C72-021B-4CB0-9EC0-D9169EE4F076} = {F6D9EFD5-E13B-4339-B29F-B3F077FEC21F}
+		{E7E57FF9-355C-452C-AC2F-B41A2E727235} = {F6D9EFD5-E13B-4339-B29F-B3F077FEC21F}
+		{9650FBCA-54A6-4B1E-AA32-22D82C444DC2} = {634F7193-1EB7-4E4E-A91E-44F544125BBD}
+	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {7D43B27E-F863-4832-9539-CCBFBB619BB6}
 	EndGlobalSection

Sample/ProtectedResourceApp_JwtBearer/Infrastructure/OAuth2Scheme/Context/AuthenticationFailedContext.cs

@@ -0,0 +1,19 @@
+using Microsoft.AspNetCore.Authentication;
+
+namespace ProtectedResourceApp_JwtBearer.Infrastructure.OAuth2Scheme
+{
+    public class AuthenticationFailedContext : ResultContext<OAuth2ServerOptions>
+    {
+        public AuthenticationFailedContext(HttpContext context,
+            AuthenticationScheme scheme, 
+            OAuth2ServerOptions options) 
+            : base(context, scheme, options)
+        {
+        }
+
+        /// <summary>
+        /// Error message 
+        /// </summary>
+        public string? ErrorMessage { get; set; }
+    }
+}

ProtectedResourceApp_JwtBearer/Infrastructure/OAuth2Scheme/Context/SendingTokenIntrospectionRequestContext.cs → Sample/ProtectedResourceApp_JwtBearer/Infrastructure/OAuth2Scheme/Context/SendingTokenIntrospectionRequestContext.cs

@@ -1,6 +1,6 @@
 using Microsoft.AspNetCore.Authentication;
 
-namespace ProtectedResourceApp_JwtBearer.Infrastructure
+namespace ProtectedResourceApp_JwtBearer.Infrastructure.OAuth2Scheme
 {
     public class SendingTokenIntrospectionRequestContext : BaseContext<OAuth2ServerOptions>
     {

ProtectedResourceApp_JwtBearer/Infrastructure/OAuth2Scheme/Context/TokenValidatedContext.cs → Sample/ProtectedResourceApp_JwtBearer/Infrastructure/OAuth2Scheme/Context/TokenValidatedContext.cs

@@ -1,6 +1,6 @@
 using Microsoft.AspNetCore.Authentication;
 
-namespace ProtectedResourceApp_JwtBearer.Infrastructure
+namespace ProtectedResourceApp_JwtBearer.Infrastructure.OAuth2Scheme
 {
     /// <summary>
     /// Define the context for validated token.

ProtectedResourceApp_JwtBearer/Infrastructure/OAuth2Scheme/OAuth2IntrospectionJwtBearerDefaults.cs → Sample/ProtectedResourceApp_JwtBearer/Infrastructure/OAuth2Scheme/OAuth2IntrospectionJwtBearerDefaults.cs

@@ -1,4 +1,4 @@
-namespace ProtectedResourceApp_JwtBearer.Infrastructure
+namespace ProtectedResourceApp_JwtBearer.Infrastructure.OAuth2Scheme
 {
     /// <summary>
     /// Define default value to use in the <see cref="OAuth2ServerHandler"/> for JWT bearer authentication.

ProtectedResourceApp_JwtBearer/Infrastructure/OAuth2Scheme/OAuth2ServerHandler.cs → Sample/ProtectedResourceApp_JwtBearer/Infrastructure/OAuth2Scheme/OAuth2ServerHandler.cs

@@ -1,11 +1,12 @@
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.Extensions.Options;
 using ProtectedResourceApp_JwtBearer.Infrastructure.OAuth2Scheme;
+using System.Diagnostics;
 using System.Security.Claims;
 using System.Text;
 using System.Text.Encodings.Web;
 
-namespace ProtectedResourceApp_JwtBearer.Infrastructure
+namespace ProtectedResourceApp_JwtBearer.Infrastructure.OAuth2Scheme
 {
     // Made in love by Mohammed Ahmed Hussien
     public class OAuth2ServerHandler : AuthenticationHandler<OAuth2ServerOptions>
@@ -61,7 +62,6 @@ protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
                 };
                 await Events.SendingTokenIntrospectionRequest(requestSendingContext);
 
-
                 var client = _httpClientFactory.CreateClient(OAuth2IntrospectionJwtBearerDefaults.NamedBackChannelHttpClient);
                 var values = new List<KeyValuePair<string, string>>
                 {
@@ -81,23 +81,21 @@ protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
 
                 if (res.IsSuccessStatusCode == false)
                 {
-                    return AuthenticateResult.Fail($"Calling introspection endpoint is faild with this status code: {res.StatusCode}");
+                    return await AuthenticationFailedAsync(Context, Scheme, Options, Events,
+                       $"Calling introspection endpoint is faild with this status code: {res.StatusCode}");
                 }
 
-
                 string responseBody = await res.Content.ReadAsStringAsync();
                 TokenIntrospectionResponse? result = System.Text.Json.JsonSerializer.Deserialize<TokenIntrospectionResponse>(
                     responseBody, new System.Text.Json.JsonSerializerOptions { PropertyNameCaseInsensitive = true });
 
-
                 if (result?.Active ?? false)
                 {
                     // Create ticket
                     var authenticationType = Options.AuthenticationType ?? Scheme.Name;
                     var claimIdentity = new ClaimsIdentity(result.Claims, authenticationType, "name", "role");
                     var claimPrinciple = new ClaimsPrincipal(claimIdentity);
 
-                    // TODO: here I need token vaidation context
                     TokenValidatedContext tokenValidatedContext = new TokenValidatedContext(Context, Scheme, Options)
                     {
                         Principal = claimPrinciple,
@@ -122,18 +120,33 @@ protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
                 }
                 else
                 {
-                    return AuthenticateResult.Fail($"The token is not active");
+                    return await AuthenticationFailedAsync(Context, Scheme, Options, Events, "The token is not active");
                 }
             }
             catch (Exception ex)
             {
-                return AuthenticateResult.Fail($"There is an exception {ex}");
+                return await AuthenticationFailedAsync(Context, Scheme, Options, Events, $"There is an exception {ex}");
             }
 
+        }
 
+        private static async Task<AuthenticateResult> AuthenticationFailedAsync(HttpContext context, 
+            AuthenticationScheme authenticationScheme, 
+            OAuth2ServerOptions options,
+            OAuth2TokenIntrospectionEvent tokenIntrospectionEvent,
+            string message)
+        {
+            AuthenticationFailedContext authenticationFailedContext = new AuthenticationFailedContext(context, authenticationScheme, options)
+            {
+                ErrorMessage = message
+            };
 
+            await tokenIntrospectionEvent.AuthenticationFailed(authenticationFailedContext);
 
-
+            return authenticationFailedContext.Result != null
+                        ? authenticationFailedContext.Result
+                        : AuthenticateResult.Fail(message);
         }
+
     }
 }

ProtectedResourceApp_JwtBearer/Infrastructure/OAuth2Scheme/OAuth2ServerOptions.cs → Sample/ProtectedResourceApp_JwtBearer/Infrastructure/OAuth2Scheme/OAuth2ServerOptions.cs

@@ -1,6 +1,6 @@
 using Microsoft.AspNetCore.Authentication;
 
-namespace ProtectedResourceApp_JwtBearer.Infrastructure
+namespace ProtectedResourceApp_JwtBearer.Infrastructure.OAuth2Scheme
 {
     public class OAuth2ServerOptions : AuthenticationSchemeOptions
     {
@@ -53,6 +53,33 @@ public class OAuth2ServerOptions : AuthenticationSchemeOptions
         /// <summary>
         /// Get or set the required scheme type for <see cref="MetadataAddress"/> 
         /// </summary>
-       // public bool RequireHttpsMetadata { get; set; }
+        // public bool RequireHttpsMetadata { get; set; }
+
+        public new OAuth2TokenIntrospectionEvent Events
+        {
+            get => (OAuth2TokenIntrospectionEvent)base.Events!;
+            set => base.Events = value;
+        }
+
+        public override void Validate()
+        {
+            // Call the base validation to combine it with the custom validation. 
+            base.Validate();
+
+            if (string.IsNullOrWhiteSpace(Authority))
+            {
+                throw new ArgumentException(nameof(Authority));
+            }
+
+            if (string.IsNullOrWhiteSpace(ClientId))
+            {
+                throw new ArgumentException(nameof(ClientId));
+            }
+
+            if (string.IsNullOrWhiteSpace(ClientSecret))
+            {
+                throw new ArgumentException(nameof(ClientSecret));
+            }
+        }
     }
 }

ProtectedResourceApp_JwtBearer/Infrastructure/OAuth2Scheme/OAuth2TokenIntrospectionEvent.cs → Sample/ProtectedResourceApp_JwtBearer/Infrastructure/OAuth2Scheme/OAuth2TokenIntrospectionEvent.cs

@@ -1,4 +1,6 @@
-namespace ProtectedResourceApp_JwtBearer.Infrastructure
+using ProtectedResourceApp_JwtBearer.Infrastructure.OAuth2Scheme;
+
+namespace ProtectedResourceApp_JwtBearer.Infrastructure.OAuth2Scheme
 {
     /// <summary>
     ///  Specifies events which the <see cref="OAuth2ServerHandler"/> invokes to enable developer control over the authentication process.
@@ -15,6 +17,11 @@ public class OAuth2TokenIntrospectionEvent
         /// </summary>
         public Func<SendingTokenIntrospectionRequestContext, Task> OnSendingTokenIntrospectionRequest { get; set; } = context => Task.CompletedTask;
 
+        /// <summary>
+        /// Invoked when the authentication failed.
+        /// </summary>
+        public Func<AuthenticationFailedContext, Task> OnAuthenticationFailed { get; set; } = context => Task.CompletedTask;
+
         /// <summary>
         /// Invoked when sending token introspection request.
         /// </summary>
@@ -25,5 +32,10 @@ public virtual Task SendingTokenIntrospectionRequest(SendingTokenIntrospectionRe
         /// Invoked after the token passed validation sucssefully.
         /// </summary>
         public virtual Task TokenValidated(TokenValidatedContext context) => OnTokenValidated(context);
+
+        /// <summary>
+        /// Invoked when the authentication failed.
+        /// </summary>
+        public virtual Task AuthenticationFailed(AuthenticationFailedContext context) => OnAuthenticationFailed(context);
     }
 }

ProtectedResourceApp_JwtBearer/Infrastructure/OAuth2Scheme/TokenIntrospectionResponse.cs → Sample/ProtectedResourceApp_JwtBearer/Infrastructure/OAuth2Scheme/TokenIntrospectionResponse.cs

@@ -1,7 +1,7 @@
 using System.Security.Claims;
 using System.Text.Json.Serialization;
 
-namespace ProtectedResourceApp_JwtBearer.Infrastructure
+namespace ProtectedResourceApp_JwtBearer.Infrastructure.OAuth2Scheme
 {
     public class TokenIntrospectionResponse
     {

ProtectedResourceApp_JwtBearer/Program.cs → Sample/ProtectedResourceApp_JwtBearer/Program.cs

@@ -1,5 +1,3 @@
-using Microsoft.AspNetCore.Authentication.JwtBearer;
-using ProtectedResourceApp_JwtBearer.Infrastructure;
 using ProtectedResourceApp_JwtBearer.Infrastructure.OAuth2Scheme;
 
 var builder = WebApplication.CreateBuilder(args);

OAuth20.Server/Helpers/OAuth2ServerHelpers.cs → Server/src/OAuth20.Server/Common/OAuth2ServerHelpers.cs

@@ -6,10 +6,9 @@ Everyone is permitted to copy and distribute verbatim copies
  of this license document, but changing it is not allowed.
  */
 
-using OAuth20.Server.Common;
 using System.Collections.Generic;
 
-namespace OAuth20.Server.Helpers
+namespace OAuth20.Server.Common
 {
     public class OAuth2ServerHelpers
     {

OAuth20.Server/Controllers/DiscoveryEndpointController.cs → Server/src/OAuth20.Server/Controllers/DiscoveryEndpointController.cs

@@ -7,7 +7,7 @@ Everyone is permitted to copy and distribute verbatim copies
  */
 
 using Microsoft.AspNetCore.Mvc;
-using OAuth20.Server.Endpoints;
+using OAuth20.Server.OauthResponse;
 
 namespace OAuth20.Server.Controllers
 {

OAuth20.Server/OauthRequest/TokenIntrospectionRequest.cs → Server/src/OAuth20.Server/OauthRequest/TokenIntrospectionRequest.cs

@@ -15,7 +15,6 @@ public class TokenIntrospectionRequest
     /// <summary>
     /// Get or set token type hint.
     /// </summary>
-    [JsonInclude]
     [JsonPropertyName("token_type_hint")]
     public string TokenTypeHint { get; set; }
 }