#340 Split the Redirect event for Authentication and SignOut.

Author: Tratcher

src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/IOpenIdConnectAuthenticationEvents.cs

@@ -36,9 +36,14 @@ public interface IOpenIdConnectAuthenticationEvents
         Task MessageReceived(MessageReceivedContext context);
 
         /// <summary>
-        /// Invoked to manipulate redirects to the identity provider for SignIn, SignOut, or Challenge.
+        /// Invoked before redirecting to the identity provider to authenticate.
         /// </summary>
-        Task RedirectToIdentityProvider(RedirectToIdentityProviderContext context);
+        Task RedirectForAuthentication(RedirectForAuthenticationContext context);
+
+        /// <summary>
+        /// Invoked before redirecting to the identity provider to sign out.
+        /// </summary>
+        Task RedirectForSignOut(RedirectForSignOutContext context);
 
         /// <summary>
         /// Invoked with the security token that has been extracted from the protocol message.

src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/OpenIdConnectAuthenticationEvents.cs

@@ -37,9 +37,14 @@ public class OpenIdConnectAuthenticationEvents : IOpenIdConnectAuthenticationEve
         public Func<MessageReceivedContext, Task> OnMessageReceived { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
-        /// Invoked to manipulate redirects to the identity provider for SignIn, SignOut, or Challenge.
+        /// Invoked before redirecting to the identity provider to authenticate.
         /// </summary>
-        public Func<RedirectToIdentityProviderContext, Task> OnRedirectToIdentityProvider { get; set; } = context => Task.FromResult(0);
+        public Func<RedirectForAuthenticationContext, Task> OnRedirectForAuthentication { get; set; } = context => Task.FromResult(0);
+
+        /// <summary>
+        /// Invoked before redirecting to the identity provider to sign out.
+        /// </summary>
+        public Func<RedirectForSignOutContext, Task> OnRedirectForSignOut { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
         /// Invoked with the security token that has been extracted from the protocol message.
@@ -66,7 +71,9 @@ public class OpenIdConnectAuthenticationEvents : IOpenIdConnectAuthenticationEve
 
         public virtual Task MessageReceived(MessageReceivedContext context) => OnMessageReceived(context);
 
-        public virtual Task RedirectToIdentityProvider(RedirectToIdentityProviderContext context) => OnRedirectToIdentityProvider(context);
+        public virtual Task RedirectForAuthentication(RedirectForAuthenticationContext context) => OnRedirectForAuthentication(context);
+
+        public virtual Task RedirectForSignOut(RedirectForSignOutContext context) => OnRedirectForSignOut(context);
 
         public virtual Task SecurityTokenReceived(SecurityTokenReceivedContext context) => OnSecurityTokenReceived(context);
 

src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectToIdentityProviderContext.cs renamed to src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectForAuthenticationContext.cs

@@ -1,22 +1,19 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System;
 using Microsoft.AspNet.Http;
 using Microsoft.Framework.Internal;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
     /// <summary>
-    /// When a user configures the <see cref="AuthenticationMiddleware{TOptions}"/> to be notified prior to redirecting to an IdentityProvider
-    /// an instance of <see cref="RedirectToIdentityProviderContext"/> is passed to the 'RedirectToIdentityProvider" event.
+    /// When a user configures the <see cref="OpenIdConnectAuthenticationMiddleware"/> to be notified prior to redirecting to an IdentityProvider
+    /// an instance of <see cref="RedirectForAuthenticationContext"/> is passed to the 'RedirectForAuthentication" event.
     /// </summary>
-    /// <typeparam name="TMessage">protocol specific message.</typeparam>
-    /// <typeparam name="TOptions">protocol specific options.</typeparam>
-    public class RedirectToIdentityProviderContext : BaseControlContext<OpenIdConnectAuthenticationOptions>
+    public class RedirectForAuthenticationContext : BaseControlContext<OpenIdConnectAuthenticationOptions>
     {
-        public RedirectToIdentityProviderContext([NotNull] HttpContext context, [NotNull] OpenIdConnectAuthenticationOptions options)
+        public RedirectForAuthenticationContext([NotNull] HttpContext context, [NotNull] OpenIdConnectAuthenticationOptions options)
             : base(context, options)
         {
         }

src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectForSignOutContext.cs

@@ -0,0 +1,27 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Http;
+using Microsoft.Framework.Internal;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+
+namespace Microsoft.AspNet.Authentication.OpenIdConnect
+{
+    /// <summary>
+    /// When a user configures the <see cref="OpenIdConnectAuthenticationMiddleware"/> to be notified prior to redirecting to an IdentityProvider
+    /// an instance of <see cref="RedirectForSignOutContext"/> is passed to the 'RedirectForSignOut" event.
+    /// </summary>
+    public class RedirectForSignOutContext : BaseControlContext<OpenIdConnectAuthenticationOptions>
+    {
+        public RedirectForSignOutContext([NotNull] HttpContext context, [NotNull] OpenIdConnectAuthenticationOptions options)
+            : base(context, options)
+        {
+        }
+
+        /// <summary>
+        /// Gets or sets the <see cref="OpenIdConnectMessage"/>.
+        /// </summary>
+        /// <exception cref="ArgumentNullException">if 'value' is null.</exception>
+        public OpenIdConnectMessage ProtocolMessage { get; [param: NotNull] set; }
+    }
+}

src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs

@@ -76,7 +76,6 @@ protected override async Task HandleSignOutAsync(SignOutContext signout)
                 var message = new OpenIdConnectMessage()
                 {
                     IssuerAddress = _configuration == null ? string.Empty : (_configuration.EndSessionEndpoint ?? string.Empty),
-                    RequestType = OpenIdConnectRequestType.LogoutRequest,
                 };
 
                 // Set End_Session_Endpoint in order:
@@ -92,24 +91,24 @@ protected override async Task HandleSignOutAsync(SignOutContext signout)
                     message.PostLogoutRedirectUri = Options.PostLogoutRedirectUri;
                 }
 
-                var redirectToIdentityProviderContext = new RedirectToIdentityProviderContext(Context, Options)
+                var redirectForSignOutContext = new RedirectForSignOutContext(Context, Options)
                 {
                     ProtocolMessage = message
                 };
 
-                await Options.Events.RedirectToIdentityProvider(redirectToIdentityProviderContext);
-                if (redirectToIdentityProviderContext.HandledResponse)
+                await Options.Events.RedirectForSignOut(redirectForSignOutContext);
+                if (redirectForSignOutContext.HandledResponse)
                 {
-                    Logger.LogVerbose(Resources.OIDCH_0034_RedirectToIdentityProviderContextHandledResponse);
+                    Logger.LogVerbose("RedirectForSignOutContext.HandledResponse");
                     return;
                 }
-                else if (redirectToIdentityProviderContext.Skipped)
+                else if (redirectForSignOutContext.Skipped)
                 {
-                    Logger.LogVerbose(Resources.OIDCH_0035_RedirectToIdentityProviderContextSkipped);
+                    Logger.LogVerbose("RedirectForSignOutContext.Skipped");
                     return;
                 }
 
-                message = redirectToIdentityProviderContext.ProtocolMessage;
+                message = redirectForSignOutContext.ProtocolMessage;
 
                 if (Options.AuthenticationMethod == OpenIdConnectAuthenticationMethod.RedirectGet)
                 {
@@ -185,8 +184,6 @@ protected override async Task<bool> HandleUnauthorizedAsync([NotNull] ChallengeC
                 ClientId = Options.ClientId,
                 IssuerAddress = _configuration?.AuthorizationEndpoint ?? string.Empty,
                 RedirectUri = Options.RedirectUri,
-                // [brentschmaltz] - #215 this should be a property on RedirectToIdentityProviderContext not on the OIDCMessage.
-                RequestType = OpenIdConnectRequestType.AuthenticationRequest,
                 Resource = Options.Resource,
                 ResponseType = Options.ResponseType,
                 Scope = string.Join(" ", Options.Scope)
@@ -225,24 +222,24 @@ protected override async Task<bool> HandleUnauthorizedAsync([NotNull] ChallengeC
 
             GenerateCorrelationId(properties);
 
-            var redirectToIdentityProviderContext = new RedirectToIdentityProviderContext(Context, Options)
+            var redirectForAuthenticationContext = new RedirectForAuthenticationContext(Context, Options)
             {
                 ProtocolMessage = message
             };
 
-            await Options.Events.RedirectToIdentityProvider(redirectToIdentityProviderContext);
-            if (redirectToIdentityProviderContext.HandledResponse)
+            await Options.Events.RedirectForAuthentication(redirectForAuthenticationContext);
+            if (redirectForAuthenticationContext.HandledResponse)
             {
-                Logger.LogVerbose(Resources.OIDCH_0034_RedirectToIdentityProviderContextHandledResponse);
+                Logger.LogVerbose("RedirectForAuthenticationContext.HandledResponse");
                 return true;
             }
-            else if (redirectToIdentityProviderContext.Skipped)
+            else if (redirectForAuthenticationContext.Skipped)
             {
-                Logger.LogVerbose(Resources.OIDCH_0035_RedirectToIdentityProviderContextSkipped);
+                Logger.LogVerbose("RedirectForAuthenticationContext.Skipped");
                 return false;
             }
 
-            message = redirectToIdentityProviderContext.ProtocolMessage;
+            message = redirectForAuthenticationContext.ProtocolMessage;
 
             if (!string.IsNullOrEmpty(message.State))
             {

src/Microsoft.AspNet.Authentication.OpenIdConnect/Properties/Resources.Designer.cs

@@ -150,12 +150,6 @@
   <data name="OIDCH_0033_NonceAlreadyExists" xml:space="preserve">
     <value>OIDCH_0033: ProtocolValidator.RequireNonce == true. The generated nonce already exists: this usually indicates the nonce is not unique or has been used. The nonce is: '{0}'.</value>
   </data>
-  <data name="OIDCH_0034_RedirectToIdentityProviderContextHandledResponse" xml:space="preserve">
-    <value>OIDCH_0034: RedirectToIdentityProviderContext.HandledResponse</value>
-  </data>
-  <data name="OIDCH_0035_RedirectToIdentityProviderContextSkipped" xml:space="preserve">
-    <value>OIDCH_0035: RedirectToIdentityProviderContext.Skipped</value>
-  </data>
   <data name="OIDCH_0036_UriIsNotWellFormed" xml:space="preserve">
     <value>OIDCH_0036: Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute) returned 'false', redirectUri is: '{0}'.</value>
   </data>

src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.resx

@@ -107,30 +107,49 @@ public async Task ChallengeWillUseOptionsProperties()
         }
 
         /// <summary>
-        /// Tests RedirectToIdentityProviderContext replaces the OpenIdConnectMesssage correctly.
+        /// Tests RedirectForAuthenticationContext replaces the OpenIdConnectMesssage correctly.
         /// </summary>
         /// <returns>Task</returns>
-        [Theory]
-        [InlineData(Challenge, OpenIdConnectRequestType.AuthenticationRequest)]
-        [InlineData(Signout, OpenIdConnectRequestType.LogoutRequest)]
-        public async Task ChallengeSettingMessage(string challenge, OpenIdConnectRequestType requestType)
+        [Fact]
+        public async Task ChallengeSettingMessage()
         {
             var configuration = new OpenIdConnectConfiguration
             {
                 AuthorizationEndpoint = ExpectedAuthorizeRequest,
-                EndSessionEndpoint = ExpectedLogoutRequest
             };
 
             var queryValues = new ExpectedQueryValues(DefaultAuthority, configuration)
             {
-                RequestType = requestType
+                RequestType = OpenIdConnectRequestType.AuthenticationRequest
             };
             var server = CreateServer(SetProtocolMessageOptions);
-            var transaction = await SendAsync(server, DefaultHost + challenge);
+            var transaction = await SendAsync(server, DefaultHost + Challenge);
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
             queryValues.CheckValues(transaction.Response.Headers.Location.AbsoluteUri, new string[] {});
         }
 
+        /// <summary>
+        /// Tests RedirectForSignOutContext replaces the OpenIdConnectMesssage correctly.
+        /// </summary>
+        /// <returns>Task</returns>
+        [Fact]
+        public async Task SignOutSettingMessage()
+        {
+            var configuration = new OpenIdConnectConfiguration
+            {
+                EndSessionEndpoint = ExpectedLogoutRequest
+            };
+
+            var queryValues = new ExpectedQueryValues(DefaultAuthority, configuration)
+            {
+                RequestType = OpenIdConnectRequestType.LogoutRequest
+            };
+            var server = CreateServer(SetProtocolMessageOptions);
+            var transaction = await SendAsync(server, DefaultHost + Signout);
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            queryValues.CheckValues(transaction.Response.Headers.Location.AbsoluteUri, new string[] { });
+        }
+
         private static void SetProtocolMessageOptions(OpenIdConnectAuthenticationOptions options)
         {
             var mockOpenIdConnectMessage = new Mock<OpenIdConnectMessage>();
@@ -139,7 +158,12 @@ private static void SetProtocolMessageOptions(OpenIdConnectAuthenticationOptions
             options.AutomaticAuthentication = true;
             options.Events = new OpenIdConnectAuthenticationEvents()
             {
-                OnRedirectToIdentityProvider = (context) =>
+                OnRedirectForAuthentication = (context) =>
+                {
+                    context.ProtocolMessage = mockOpenIdConnectMessage.Object;
+                    return Task.FromResult<object>(null);
+                },
+                OnRedirectForSignOut = (context) =>
                 {
                     context.ProtocolMessage = mockOpenIdConnectMessage.Object;
                     return Task.FromResult<object>(null);
@@ -171,7 +195,7 @@ public async Task ChallengeSettingState(string userState, string challenge)
                 options.AutomaticAuthentication = challenge.Equals(ChallengeWithOutContext);
                 options.Events = new OpenIdConnectAuthenticationEvents()
                 {
-                    OnRedirectToIdentityProvider = context =>
+                    OnRedirectForAuthentication = context =>
                     {
                         context.ProtocolMessage.State = userState;
                         return Task.FromResult<object>(null);
@@ -222,7 +246,7 @@ public async Task ChallengeWillUseEvents()
                 SetOptions(options, DefaultParameters(), queryValues);
                 options.Events = new OpenIdConnectAuthenticationEvents()
                 {
-                    OnRedirectToIdentityProvider = context =>
+                    OnRedirectForAuthentication = context =>
                     {
                         context.ProtocolMessage.ClientId = queryValuesSetInEvent.ClientId;
                         context.ProtocolMessage.RedirectUri = queryValuesSetInEvent.RedirectUri;
@@ -345,7 +369,7 @@ private static TestServer CreateServer(Action<OpenIdConnectAuthenticationOptions
             {
                 app.UseCookieAuthentication(options =>
                 {
-                    options.AuthenticationScheme = OpenIdConnectAuthenticationDefaults.AuthenticationScheme;
+                    options.AuthenticationScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                 });
                 app.UseOpenIdConnectAuthentication(configureOptions);
                 app.Use(async (context, next) =>