#372 Flow mutable event state.

#358 Add a UserInformationReceived event.
#327 Add AuthenticationCompleted event.
#340 Split the Redirect event for Authentication and SignOut.
Rename OnAuthorizationCodeRedeemed to OnTokenResponseReceived.
Move IdTokenReceived to AuthorizationResponseReceived.
Rename IdTokenValidated to AuthenticationValidated.

Author: Tratcher

src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationCompletedContext.cs

@@ -0,0 +1,15 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Http;
+
+namespace Microsoft.AspNet.Authentication.OpenIdConnect
+{
+    public class AuthenticationCompletedContext : BaseControlContext<OpenIdConnectOptions>
+    {
+        public AuthenticationCompletedContext(HttpContext context, OpenIdConnectOptions options)
+            : base(context, options)
+        {
+        }
+    }
+}

src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/SecurityTokenReceivedContext.cs renamed to src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationValidatedContext.cs

@@ -6,15 +6,15 @@
 
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
-    public class SecurityTokenReceivedContext : BaseControlContext<OpenIdConnectOptions>
+    public class AuthenticationValidatedContext : BaseControlContext<OpenIdConnectOptions>
     {
-        public SecurityTokenReceivedContext(HttpContext context, OpenIdConnectOptions options)
+        public AuthenticationValidatedContext(HttpContext context, OpenIdConnectOptions options)
             : base(context, options)
         {
         }
 
-        public string SecurityToken { get; set; }
-
         public OpenIdConnectMessage ProtocolMessage { get; set; }
+
+        public OpenIdConnectTokenEndpointResponse TokenEndpointResponse { get; set; }
     }
 }

src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/SecurityTokenValidatedContext.cs renamed to src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationResponseReceivedContext.cs

@@ -2,17 +2,20 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Authentication;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
-    public class SecurityTokenValidatedContext : BaseControlContext<OpenIdConnectOptions>
+    public class AuthorizationResponseReceivedContext : BaseControlContext<OpenIdConnectOptions>
     {
-        public SecurityTokenValidatedContext(HttpContext context, OpenIdConnectOptions options)
+        public AuthorizationResponseReceivedContext(HttpContext context, OpenIdConnectOptions options)
             : base(context, options)
         {
         }
 
         public OpenIdConnectMessage ProtocolMessage { get; set; }
+
+        public AuthenticationProperties Properties { get; set; }
     }
 }

src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/IOpenIdConnectEvents.cs

@@ -10,39 +10,54 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
     /// </summary>
     public interface IOpenIdConnectEvents
     {
+        /// <summary>
+        /// Invoked when the authentication process completes.
+        /// </summary>
+        Task AuthenticationCompleted(AuthenticationCompletedContext context);
+
         /// <summary>
         /// Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
         /// </summary>
         Task AuthenticationFailed(AuthenticationFailedContext context);
 
+        /// <summary>
+        /// Invoked after the id token has passed validation and a ClaimsIdentity has been generated.
+        /// </summary>
+        Task AuthenticationValidated(AuthenticationValidatedContext context);
+
         /// <summary>
         /// Invoked after security token validation if an authorization code is present in the protocol message.
         /// </summary>
         Task AuthorizationCodeReceived(AuthorizationCodeReceivedContext context);
 
         /// <summary>
-        /// Invoked after "authorization code" is redeemed for tokens at the token endpoint.
+        /// Invoked when an authorization response is received.
         /// </summary>
-        Task AuthorizationCodeRedeemed(AuthorizationCodeRedeemedContext context);
+        Task AuthorizationResponseReceived(AuthorizationResponseReceivedContext context);
 
         /// <summary>
         /// Invoked when a protocol message is first received.
         /// </summary>
         Task MessageReceived(MessageReceivedContext context);
 
         /// <summary>
-        /// Invoked to manipulate redirects to the identity provider for SignIn, SignOut, or Challenge.
+        /// Invoked before redirecting to the identity provider to authenticate.
         /// </summary>
-        Task RedirectToIdentityProvider(RedirectToIdentityProviderContext context);
+        Task RedirectToAuthenticationEndpoint(RedirectContext context);
 
         /// <summary>
-        /// Invoked with the security token that has been extracted from the protocol message.
+        /// Invoked before redirecting to the identity provider to sign out.
+        /// </summary>
+        Task RedirectToEndSessionEndpoint(RedirectContext context);
+
+        /// <summary>
+        /// Invoked after "authorization code" is redeemed for tokens at the token endpoint.
         /// </summary>
-        Task SecurityTokenReceived(SecurityTokenReceivedContext context);
+        Task TokenResponseReceived(TokenResponseReceivedContext context);
 
         /// <summary>
-        /// Invoked after the security token has passed validation and a ClaimsIdentity has been generated.
+        /// Invoked when user information is retrieved from the UserInfoEndpoint.
         /// </summary>
-        Task SecurityTokenValidated(SecurityTokenValidatedContext context);
+        Task UserInformationReceived(UserInformationReceivedContext context);
     }
 }

src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs

@@ -11,53 +11,74 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
     /// </summary>
     public class OpenIdConnectEvents : IOpenIdConnectEvents
     {
+        /// <summary>
+        /// Invoked when the authentication process completes.
+        /// </summary>
+        public Func<AuthenticationCompletedContext, Task> OnAuthenticationCompleted { get; set; } = context => Task.FromResult(0);
+
         /// <summary>
         /// Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
         /// </summary>
         public Func<AuthenticationFailedContext, Task> OnAuthenticationFailed { get; set; } = context => Task.FromResult(0);
 
+        /// <summary>
+        /// Invoked after the id token has passed validation and a ClaimsIdentity has been generated.
+        /// </summary>
+        public Func<AuthenticationValidatedContext, Task> OnAuthenticationValidated { get; set; } = context => Task.FromResult(0);
+
         /// <summary>
         /// Invoked after security token validation if an authorization code is present in the protocol message.
         /// </summary>
         public Func<AuthorizationCodeReceivedContext, Task> OnAuthorizationCodeReceived { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
-        /// Invoked after "authorization code" is redeemed for tokens at the token endpoint.
+        /// Invoked when an authorization response is received.
         /// </summary>
-        public Func<AuthorizationCodeRedeemedContext, Task> OnAuthorizationCodeRedeemed { get; set; } = context => Task.FromResult(0);
+        public Func<AuthorizationResponseReceivedContext, Task> OnAuthorizationResponseReceived { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
         /// Invoked when a protocol message is first received.
         /// </summary>
         public Func<MessageReceivedContext, Task> OnMessageReceived { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
-        /// Invoked to manipulate redirects to the identity provider for SignIn, SignOut, or Challenge.
+        /// Invoked before redirecting to the identity provider to authenticate.
         /// </summary>
-        public Func<RedirectToIdentityProviderContext, Task> OnRedirectToIdentityProvider { get; set; } = context => Task.FromResult(0);
+        public Func<RedirectContext, Task> OnRedirectToAuthenticationEndpoint { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
-        /// Invoked with the security token that has been extracted from the protocol message.
+        /// Invoked before redirecting to the identity provider to sign out.
         /// </summary>
-        public Func<SecurityTokenReceivedContext, Task> OnSecurityTokenReceived { get; set; } = context => Task.FromResult(0);
+        public Func<RedirectContext, Task> OnRedirectToEndSessionEndpoint { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
-        /// Invoked after the security token has passed validation and a ClaimsIdentity has been generated.
+        /// Invoked after "authorization code" is redeemed for tokens at the token endpoint.
+        /// </summary>
+        public Func<TokenResponseReceivedContext, Task> OnTokenResponseReceived { get; set; } = context => Task.FromResult(0);
+
+        /// <summary>
+        /// Invoked when user information is retrieved from the UserInfoEndpoint.
         /// </summary>
-        public Func<SecurityTokenValidatedContext, Task> OnSecurityTokenValidated { get; set; } = context => Task.FromResult(0);
+        public Func<UserInformationReceivedContext, Task> OnUserInformationReceived { get; set; } = context => Task.FromResult(0);
+
+        public virtual Task AuthenticationCompleted(AuthenticationCompletedContext context) => OnAuthenticationCompleted(context);
 
         public virtual Task AuthenticationFailed(AuthenticationFailedContext context) => OnAuthenticationFailed(context);
 
+        public virtual Task AuthenticationValidated(AuthenticationValidatedContext context) => OnAuthenticationValidated(context);
+
         public virtual Task AuthorizationCodeReceived(AuthorizationCodeReceivedContext context) => OnAuthorizationCodeReceived(context);
 
-        public virtual Task AuthorizationCodeRedeemed(AuthorizationCodeRedeemedContext context) => OnAuthorizationCodeRedeemed(context);
+        public virtual Task AuthorizationResponseReceived(AuthorizationResponseReceivedContext context) => OnAuthorizationResponseReceived(context);
 
         public virtual Task MessageReceived(MessageReceivedContext context) => OnMessageReceived(context);
 
-        public virtual Task RedirectToIdentityProvider(RedirectToIdentityProviderContext context) => OnRedirectToIdentityProvider(context);
+        public virtual Task RedirectToAuthenticationEndpoint(RedirectContext context) => OnRedirectToAuthenticationEndpoint(context);
+
+        public virtual Task RedirectToEndSessionEndpoint(RedirectContext context) => OnRedirectToEndSessionEndpoint(context);
 
-        public virtual Task SecurityTokenReceived(SecurityTokenReceivedContext context) => OnSecurityTokenReceived(context);
+        public virtual Task TokenResponseReceived(TokenResponseReceivedContext context) => OnTokenResponseReceived(context);
 
-        public virtual Task SecurityTokenValidated(SecurityTokenValidatedContext context) => OnSecurityTokenValidated(context);
+        public virtual Task UserInformationReceived(UserInformationReceivedContext context) => OnUserInformationReceived(context);
     }
 }

src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectContext.cs

@@ -0,0 +1,25 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Http;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+
+namespace Microsoft.AspNet.Authentication.OpenIdConnect
+{
+    /// <summary>
+    /// When a user configures the <see cref="OpenIdConnectMiddleware"/> to be notified prior to redirecting to an IdentityProvider
+    /// an instance of <see cref="RedirectContext"/> is passed to the 'RedirectToAuthenticationEndpoint' or 'RedirectToEndSessionEndpoint' events.
+    /// </summary>
+    public class RedirectContext : BaseControlContext<OpenIdConnectOptions>
+    {
+        public RedirectContext(HttpContext context, OpenIdConnectOptions options)
+            : base(context, options)
+        {
+        }
+
+        /// <summary>
+        /// Gets or sets the <see cref="OpenIdConnectMessage"/>.
+        /// </summary>
+        public OpenIdConnectMessage ProtocolMessage { get; set; }
+    }
+}

src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectToIdentityProviderContext.cs

@@ -6,21 +6,16 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
     /// <summary>
     /// This Context can be used to be informed when an 'AuthorizationCode' is redeemed for tokens at the token endpoint.
     /// </summary>
-    public class AuthorizationCodeRedeemedContext : BaseControlContext<OpenIdConnectOptions>
+    public class TokenResponseReceivedContext : BaseControlContext<OpenIdConnectOptions>
     {
         /// <summary>
-        /// Creates a <see cref="AuthorizationCodeRedeemedContext"/>
+        /// Creates a <see cref="TokenResponseReceivedContext"/>
         /// </summary>
-        public AuthorizationCodeRedeemedContext(HttpContext context, OpenIdConnectOptions options)
+        public TokenResponseReceivedContext(HttpContext context, OpenIdConnectOptions options)
             : base(context, options)
         {
         }
 
-        /// <summary>
-        /// Gets or sets the 'code'.
-        /// </summary>
-        public string Code { get; set; }
-
         /// <summary>
         /// Gets or sets the <see cref="OpenIdConnectTokenEndpointResponse"/> that contains the tokens and json response received after redeeming the code at the token endpoint.
         /// </summary>

src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationCodeRedeemedContext.cs renamed to src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs

@@ -0,0 +1,21 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Http;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+using Newtonsoft.Json.Linq;
+
+namespace Microsoft.AspNet.Authentication.OpenIdConnect
+{
+    public class UserInformationReceivedContext : BaseControlContext<OpenIdConnectOptions>
+    {
+        public UserInformationReceivedContext(HttpContext context, OpenIdConnectOptions options)
+            : base(context, options)
+        {
+        }
+
+        public OpenIdConnectMessage ProtocolMessage { get; set; }
+
+        public JObject User { get; set; }
+    }
+}