Use IPostConfigureOptions for Okta

Use an IPostConfigureOptions implementation to configure the endpoints for Okta (like the Twitter provider), rather than using a custom extension method.

Author: martincostello

src/AspNet.Security.OAuth.Okta/OktaAuthenticationDefaults.cs

@@ -35,18 +35,18 @@ public static class OktaAuthenticationDefaults
         public const string CallbackPath = "/signin-okta";
 
         /// <summary>
-        /// Default format string to use for <see cref="OAuthOptions.AuthorizationEndpoint"/>.
+        /// Default path to use for <see cref="OAuthOptions.AuthorizationEndpoint"/>.
         /// </summary>
-        public const string AuthorizationEndpointFormat = "https://{0}/oauth2/default/v1/authorize";
+        public const string AuthorizationEndpointPath = "/oauth2/default/v1/authorize";
 
         /// <summary>
-        /// Default format string to use for <see cref="OAuthOptions.TokenEndpoint"/>.
+        /// Default path to use for <see cref="OAuthOptions.TokenEndpoint"/>.
         /// </summary>
-        public const string TokenEndpointFormat = "https://{0}/oauth2/default/v1/token";
+        public const string TokenEndpointPath = "/oauth2/default/v1/token";
 
         /// <summary>
-        /// Default format string to use for <see cref="OAuthOptions.UserInformationEndpoint"/>.
+        /// Default path to use for <see cref="OAuthOptions.UserInformationEndpoint"/>.
         /// </summary>
-        public const string UserInformationEndpointFormat = "https://{0}/oauth2/default/v1/userinfo";
+        public const string UserInformationEndpointPath = "/oauth2/default/v1/userinfo";
     }
 }

src/AspNet.Security.OAuth.Okta/OktaAuthenticationExtensions.cs

@@ -8,6 +8,8 @@
 using AspNet.Security.OAuth.Okta;
 using JetBrains.Annotations;
 using Microsoft.AspNetCore.Authentication;
+using Microsoft.Extensions.DependencyInjection.Extensions;
+using Microsoft.Extensions.Options;
 
 namespace Microsoft.Extensions.DependencyInjection
 {
@@ -72,6 +74,7 @@ public static AuthenticationBuilder AddOkta(
             [CanBeNull] string caption,
             [NotNull] Action<OktaAuthenticationOptions> configuration)
         {
+            builder.Services.TryAddSingleton<IPostConfigureOptions<OktaAuthenticationOptions>, OktaPostConfigureOptions>();
             return builder.AddOAuth<OktaAuthenticationOptions, OktaAuthenticationHandler>(scheme, caption, configuration);
         }
     }

src/AspNet.Security.OAuth.Okta/OktaAuthenticationOptions.cs

@@ -24,10 +24,6 @@ public OktaAuthenticationOptions()
             ClaimsIssuer = OktaAuthenticationDefaults.Issuer;
             CallbackPath = OktaAuthenticationDefaults.CallbackPath;
 
-            AuthorizationEndpoint = OktaAuthenticationDefaults.AuthorizationEndpointFormat;
-            TokenEndpoint = OktaAuthenticationDefaults.TokenEndpointFormat;
-            UserInformationEndpoint = OktaAuthenticationDefaults.UserInformationEndpointFormat;
-
             Scope.Add("openid");
             Scope.Add("profile");
             Scope.Add("email");
@@ -39,9 +35,16 @@ public OktaAuthenticationOptions()
             ClaimActions.MapJsonKey(ClaimTypes.Surname, "family_name");
         }
 
+        /// <summary>
+        /// Gets or sets the Okta domain (Org URL) to use for authentication.
+        /// </summary>
+        public string? Domain { get; set; }
+
         /// <inheritdoc/>
         public override void Validate()
         {
+            base.Validate();
+
             if (!Uri.TryCreate(AuthorizationEndpoint, UriKind.Absolute, out var _))
             {
                 throw new ArgumentException(
@@ -62,8 +65,6 @@ public override void Validate()
                     $"The '{nameof(UserInformationEndpoint)}' option must be set to a valid URI.",
                     nameof(UserInformationEndpoint));
             }
-
-            base.Validate();
         }
     }
 }

src/AspNet.Security.OAuth.Okta/OktaAuthenticationOptionsExtensions.cs

@@ -0,0 +1,43 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+using System;
+using Microsoft.Extensions.Options;
+
+namespace AspNet.Security.OAuth.Okta
+{
+    /// <summary>
+    /// A class used to setup defaults for all <see cref="OktaAuthenticationOptions"/>.
+    /// </summary>
+    public class OktaPostConfigureOptions : IPostConfigureOptions<OktaAuthenticationOptions>
+    {
+        /// <inheritdoc/>
+        public void PostConfigure(string name, OktaAuthenticationOptions options)
+        {
+            if (string.IsNullOrWhiteSpace(options.Domain))
+            {
+                throw new ArgumentException("No Okta domain configured.", nameof(options));
+            }
+
+            options.AuthorizationEndpoint = CreateUrl(options.Domain, OktaAuthenticationDefaults.AuthorizationEndpointPath);
+            options.TokenEndpoint = CreateUrl(options.Domain, OktaAuthenticationDefaults.TokenEndpointPath);
+            options.UserInformationEndpoint = CreateUrl(options.Domain, OktaAuthenticationDefaults.UserInformationEndpointPath);
+        }
+
+        private static string CreateUrl(string domain, string path)
+        {
+            // Enforce use of HTTPS
+            var builder = new UriBuilder(domain)
+            {
+                Path = path,
+                Port = -1,
+                Scheme = "https",
+            };
+
+            return builder.Uri.ToString();
+        }
+    }
+}

src/AspNet.Security.OAuth.Okta/OktaPostConfigureOptions.cs

@@ -5,41 +5,12 @@
  */
 
 using System;
-using Shouldly;
 using Xunit;
 
 namespace AspNet.Security.OAuth.Okta
 {
     public static class OktaAuthenticationOptionsTests
     {
-        [Fact]
-        public static void UseDomain_Sets_Valid_Endpoints()
-        {
-            // Arrange
-            var options = new OktaAuthenticationOptions();
-
-            // Act
-            options.UseDomain("okta.local");
-
-            // Assert
-            options.AuthorizationEndpoint.ShouldStartWith("https://okta.local/");
-            options.TokenEndpoint.ShouldStartWith("https://okta.local/");
-            options.UserInformationEndpoint.ShouldStartWith("https://okta.local/");
-        }
-
-        [Theory]
-        [InlineData(null)]
-        [InlineData("")]
-        [InlineData(" ")]
-        public static void UseDomain_Throws_If_Domain_Is_Invald(string value)
-        {
-            // Arrange
-            var options = new OktaAuthenticationOptions();
-
-            // Act and Assert
-            Assert.Throws<ArgumentException>("domain", () => options.UseDomain(value));
-        }
-
         [Fact]
         public static void Validate_Throws_If_AuthorizationEndpoint_Not_Set()
         {

test/AspNet.Security.OAuth.Providers.Tests/Okta/OktaAuthenticationOptionsTests.cs

@@ -0,0 +1,65 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+using System;
+using Shouldly;
+using Xunit;
+
+namespace AspNet.Security.OAuth.Okta
+{
+    public static class OktaPostConfigureOptionsTests
+    {
+        [Theory]
+        [InlineData("okta.local")]
+        [InlineData("http://okta.local")]
+        [InlineData("http://okta.local/")]
+        [InlineData("https://okta.local")]
+        [InlineData("https://okta.local/")]
+        public static void PostConfigure_Configures_Valid_Endpoints(string domain)
+        {
+            // Arrange
+            string name = "Okta";
+            var target = new OktaPostConfigureOptions();
+
+            var options = new OktaAuthenticationOptions()
+            {
+                Domain = domain,
+            };
+
+            // Act
+            target.PostConfigure(name, options);
+
+            // Assert
+            options.AuthorizationEndpoint.ShouldStartWith("https://okta.local/oauth2/default/v1/");
+            Uri.TryCreate(options.AuthorizationEndpoint, UriKind.Absolute, out var _).ShouldBeTrue();
+
+            options.TokenEndpoint.ShouldStartWith("https://okta.local/oauth2/default/v1/");
+            Uri.TryCreate(options.TokenEndpoint, UriKind.Absolute, out var _).ShouldBeTrue();
+
+            options.UserInformationEndpoint.ShouldStartWith("https://okta.local/oauth2/default/v1/");
+            Uri.TryCreate(options.UserInformationEndpoint, UriKind.Absolute, out var _).ShouldBeTrue();
+        }
+
+        [Theory]
+        [InlineData(null)]
+        [InlineData("")]
+        [InlineData(" ")]
+        public static void PostConfigure_Throws_If_Domain_Is_Invalid(string value)
+        {
+            // Arrange
+            string name = "Okta";
+            var target = new OktaPostConfigureOptions();
+
+            var options = new OktaAuthenticationOptions()
+            {
+                Domain = value,
+            };
+
+            // Act and Assert
+            Assert.Throws<ArgumentException>("options", () => target.PostConfigure(name, options));
+        }
+    }
+}

test/AspNet.Security.OAuth.Providers.Tests/Okta/OktaPostConfigureOptionsTests.cs

@@ -27,7 +27,7 @@ protected internal override void RegisterAuthentication(AuthenticationBuilder bu
             builder.AddOkta(options =>
             {
                 ConfigureDefaults(builder, options);
-                options.UseDomain("okta.local");
+                options.Domain = "okta.local";
             });
         }