Address feedback:

* Remove signout Component
* Move IRemoteAuthenticationPathsProvider to the .Internal namespace.
* Change the API for GetAccessToken

Author: javiercn

src/Components/Blazor/WebAssembly.Authentication/src/DefaultRemoteApplicationPathsProvider.cs

@@ -1,7 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNetCore.Components.WebAssembly.Authentication.Infrastructure;
+using Microsoft.AspNetCore.Components.WebAssembly.Authentication.Internal;
 using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNetCore.Components.WebAssembly.Authentication

src/Components/Blazor/WebAssembly.Authentication/src/IRemoteAuthenticationPathsProvider.cs

@@ -1,7 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-namespace Microsoft.AspNetCore.Components.WebAssembly.Authentication.Infrastructure
+namespace Microsoft.AspNetCore.Components.WebAssembly.Authentication.Internal
 {
     /// <summary>
     /// This is an internal API that supports the Microsoft.AspNetCore.Components.WebAssembly.Authentication

src/Components/Blazor/WebAssembly.Authentication/src/RemoteAuthenticatorViewCore.cs

@@ -5,7 +5,7 @@
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Components.Authorization;
 using Microsoft.AspNetCore.Components.Rendering;
-using Microsoft.AspNetCore.Components.WebAssembly.Authentication.Infrastructure;
+using Microsoft.AspNetCore.Components.WebAssembly.Authentication.Internal;
 using Microsoft.JSInterop;
 
 namespace Microsoft.AspNetCore.Components.WebAssembly.Authentication
@@ -92,7 +92,9 @@ public class RemoteAuthenticatorViewCore<TAuthenticationState> : ComponentBase w
         /// <summary>
         /// Gets or sets a default <see cref="IRemoteAuthenticationPathsProvider"/> to use as fallback if an <see cref="ApplicationPaths"/> has not been explicitly specified.
         /// </summary>
+#pragma warning disable PUB0001 // Pubternal type in public API
         [Inject] public IRemoteAuthenticationPathsProvider RemoteApplicationPathsProvider { get; set; }
+#pragma warning restore PUB0001 // Pubternal type in public API
 
         /// <summary>
         /// Gets or sets a default <see cref="AuthenticationStateProvider"/> with the current user.

src/Components/Blazor/WebAssembly.Authentication/src/Services/AccessTokenResult.cs

@@ -10,16 +10,20 @@ namespace Microsoft.AspNetCore.Components.WebAssembly.Authentication
     /// </summary>
     public class AccessTokenResult
     {
+        private AccessToken _token;
+
+        public AccessTokenResult(string status, AccessToken token, string redirectUrl)
+        {
+            Status = status;
+            _token = token;
+            RedirectUrl = redirectUrl;
+        }
+
         /// <summary>
         /// Gets or sets the status of the current operation. See <see cref="AccessTokenResultStatus"/> for a list of statuses.
         /// </summary>
         public string Status { get; set; }
 
-        /// <summary>
-        /// Gets or sets the <see cref="AccessToken"/> if <see cref="Status"/> is <see cref="AccessTokenResultStatus.Success"/>.
-        /// </summary>
-        public AccessToken Token { get; set; }
-
         /// <summary>
         /// Gets or sets the URL to redirect to if <see cref="Status"/> is <see cref="AccessTokenResultStatus.RequiresRedirect"/>.
         /// </summary>
@@ -30,11 +34,11 @@ public class AccessTokenResult
         /// </summary>
         /// <param name="accessToken">The <see cref="AccessToken"/> if the request was successful.</param>
         /// <returns><c>true</c> when the token request is successful; <c>false</c> otherwise.</returns>
-        public bool TryGetAccessToken(out AccessToken accessToken)
+        public bool TryGetToken(out AccessToken accessToken)
         {
             if (string.Equals(Status, AccessTokenResultStatus.Success, StringComparison.OrdinalIgnoreCase))
             {
-                accessToken = Token;
+                accessToken = _token;
                 return true;
             }
             else

src/Components/Blazor/WebAssembly.Authentication/src/Services/IAccessTokenProvider.cs

@@ -14,13 +14,13 @@ public interface IAccessTokenProvider
         /// Tries to get an access token for the current user with the default set of permissions.
         /// </summary>
         /// <returns>A <see cref="ValueTask{AccessTokenResult}"/> that will return contain the <see cref="AccessTokenResult"/> when completed.</returns>
-        ValueTask<AccessTokenResult> GetAccessToken();
+        ValueTask<AccessTokenResult> RequestAccessToken();
 
         /// <summary>
         /// Tries to get an access token with the options specified in <see cref="AccessTokenRequestOptions"/>.
         /// </summary>
         /// <param name="options">The <see cref="AccessTokenRequestOptions"/> for provisioning the access token.</param>
         /// <returns>A <see cref="ValueTask{AccessTokenResult}"/> that will return contain the <see cref="AccessTokenResult"/> when completed.</returns>
-        ValueTask<AccessTokenResult> GetAccessToken(AccessTokenRequestOptions options);
+        ValueTask<AccessTokenResult> RequestAccessToken(AccessTokenRequestOptions options);
     }
 }

src/Components/Blazor/WebAssembly.Authentication/src/Services/IRemoteAuthenticationService.cs

@@ -10,7 +10,7 @@ namespace Microsoft.AspNetCore.Components.WebAssembly.Authentication
     /// Represents a contract for services that perform authentication operations for a Blazor WebAssembly application.
     /// </summary>
     /// <typeparam name="TRemoteAuthenticationState">The state to be persisted across authentication operations.</typeparam>
-    public interface IRemoteAuthenticationService<TRemoteAuthenticationState> : IAccessTokenProvider
+    public interface IRemoteAuthenticationService<TRemoteAuthenticationState>
         where TRemoteAuthenticationState : RemoteAuthenticationState
     {
         /// <summary>

src/Components/Blazor/WebAssembly.Authentication/src/Services/RemoteAuthenticationService.cs

@@ -17,7 +17,10 @@ namespace Microsoft.AspNetCore.Components.WebAssembly.Authentication
     /// </summary>
     /// <typeparam name="TRemoteAuthenticationState">The state to preserve across authentication operations.</typeparam>
     /// <typeparam name="TProviderOptions">The options to be passed down to the underlying JavaScript library handling the authentication operations.</typeparam>
-    public class RemoteAuthenticationService<TRemoteAuthenticationState, TProviderOptions> : AuthenticationStateProvider, IRemoteAuthenticationService<TRemoteAuthenticationState>
+    public class RemoteAuthenticationService<TRemoteAuthenticationState, TProviderOptions> :
+        AuthenticationStateProvider,
+        IRemoteAuthenticationService<TRemoteAuthenticationState>,
+        IAccessTokenProvider
          where TRemoteAuthenticationState : RemoteAuthenticationState
          where TProviderOptions : new()
     {
@@ -118,33 +121,46 @@ public virtual async Task<RemoteAuthenticationResult<TRemoteAuthenticationState>
         }
 
         /// <inheritdoc />
-        public virtual async ValueTask<AccessTokenResult> GetAccessToken()
+        public virtual async ValueTask<AccessTokenResult> RequestAccessToken()
         {
             await EnsureAuthService();
-            return await _jsRuntime.InvokeAsync<AccessTokenResult>("AuthenticationService.getAccessToken");
+            var result = await _jsRuntime.InvokeAsync<InternalAccessTokenResult>("AuthenticationService.getAccessToken");
+
+            var redirectUrl = GetRedirectUrl(null);
+            if (string.Equals(result.Status, AccessTokenResultStatus.RequiresRedirect, StringComparison.OrdinalIgnoreCase))
+            {
+                result.RedirectUrl = redirectUrl.ToString();
+            }
+
+            return new AccessTokenResult(result.Status, result.Token, result.RedirectUrl);
         }
 
         /// <inheritdoc />
-        public virtual async ValueTask<AccessTokenResult> GetAccessToken(AccessTokenRequestOptions options)
+        public virtual async ValueTask<AccessTokenResult> RequestAccessToken(AccessTokenRequestOptions options)
         {
             if (options is null)
             {
                 throw new ArgumentNullException(nameof(options));
             }
 
             await EnsureAuthService();
-            var result = await _jsRuntime.InvokeAsync<AccessTokenResult>("AuthenticationService.getAccessToken", options);
-
-            var returnUrl = options.ReturnUrl != null ? _navigation.ToAbsoluteUri(options.ReturnUrl).ToString() : null;
-            var encodedReturnUrl = Uri.EscapeDataString(returnUrl ?? _navigation.Uri);
-            var redirectUrl = _navigation.ToAbsoluteUri($"{_options.AuthenticationPaths.LogInPath}?returnUrl={encodedReturnUrl}");
+            var result = await _jsRuntime.InvokeAsync<InternalAccessTokenResult>("AuthenticationService.getAccessToken", options);
 
+            var redirectUrl = GetRedirectUrl(options?.ReturnUrl);
             if (string.Equals(result.Status, AccessTokenResultStatus.RequiresRedirect, StringComparison.OrdinalIgnoreCase))
             {
                 result.RedirectUrl = redirectUrl.ToString();
             }
 
-            return result;
+            return new AccessTokenResult(result.Status, result.Token, result.RedirectUrl);
+        }
+
+        private Uri GetRedirectUrl(string customReturnUrl)
+        {
+            var returnUrl = customReturnUrl != null ? _navigation.ToAbsoluteUri(customReturnUrl).ToString() : null;
+            var encodedReturnUrl = Uri.EscapeDataString(returnUrl ?? _navigation.Uri);
+            var redirectUrl = _navigation.ToAbsoluteUri($"{_options.AuthenticationPaths.LogInPath}?returnUrl={encodedReturnUrl}");
+            return redirectUrl;
         }
 
         private async ValueTask<ClaimsPrincipal> GetUser(bool useCache = false)
@@ -217,4 +233,12 @@ private void UpdateUser(ValueTask<ClaimsPrincipal> task)
             static async Task<AuthenticationState> UpdateAuthenticationState(ValueTask<ClaimsPrincipal> futureUser) => new AuthenticationState(await futureUser);
         }
     }
+
+    // Internal for testing purposes
+    internal struct InternalAccessTokenResult
+    {
+        public string Status { get; set; }
+        public AccessToken Token { get; set; }
+        public string RedirectUrl { get; set; }
+    }
 }

src/Components/Blazor/WebAssembly.Authentication/src/SignOut.razor

@@ -5,7 +5,7 @@
 using System.Reflection;
 using Microsoft.AspNetCore.Components.Authorization;
 using Microsoft.AspNetCore.Components.WebAssembly.Authentication;
-using Microsoft.AspNetCore.Components.WebAssembly.Authentication.Infrastructure;
+using Microsoft.AspNetCore.Components.WebAssembly.Authentication.Internal;
 using Microsoft.Extensions.DependencyInjection.Extensions;
 using Microsoft.Extensions.Options;
 

src/Components/Blazor/WebAssembly.Authentication/src/WebAssemblyAuthenticationServiceCollectionExtensions.cs

@@ -248,7 +248,7 @@ public async Task RemoteAuthenticationService_GetAccessToken_ReturnsAccessTokenR
                 new TestNavigationManager());
 
             var state = new RemoteAuthenticationState();
-            testJsRuntime.GetAccessTokenResult = new AccessTokenResult
+            testJsRuntime.GetAccessTokenResult = new InternalAccessTokenResult
             {
                 Status = AccessTokenResultStatus.Success,
                 Token = new AccessToken
@@ -260,14 +260,17 @@ public async Task RemoteAuthenticationService_GetAccessToken_ReturnsAccessTokenR
             };
 
             // Act
-            var result = await runtime.GetAccessToken();
+            var result = await runtime.RequestAccessToken();
 
             // Assert
             Assert.Equal(
                 new[] { "AuthenticationService.init", "AuthenticationService.getAccessToken" },
                 testJsRuntime.PastInvocations.Select(i => i.identifier).ToArray());
 
-            Assert.Equal(result, testJsRuntime.GetAccessTokenResult);
+            Assert.True(result.TryGetToken(out var token));
+            Assert.Equal(result.Status, testJsRuntime.GetAccessTokenResult.Status);
+            Assert.Equal(result.RedirectUrl, testJsRuntime.GetAccessTokenResult.RedirectUrl);
+            Assert.Equal(token, testJsRuntime.GetAccessTokenResult.Token);
         }
 
         [Fact]
@@ -282,7 +285,7 @@ public async Task RemoteAuthenticationService_GetAccessToken_PassesDownOptions()
                 new TestNavigationManager());
 
             var state = new RemoteAuthenticationState();
-            testJsRuntime.GetAccessTokenResult = new AccessTokenResult
+            testJsRuntime.GetAccessTokenResult = new InternalAccessTokenResult
             {
                 Status = AccessTokenResultStatus.RequiresRedirect,
             };
@@ -295,14 +298,16 @@ public async Task RemoteAuthenticationService_GetAccessToken_PassesDownOptions()
             var expectedRedirectUrl = "https://www.example.com/base/login?returnUrl=https%3A%2F%2Fwww.example.com%2Fbase%2Fadd-product";
 
             // Act
-            var result = await runtime.GetAccessToken(tokenOptions);
+            var result = await runtime.RequestAccessToken(tokenOptions);
 
             // Assert
             Assert.Equal(
                 new[] { "AuthenticationService.init", "AuthenticationService.getAccessToken" },
                 testJsRuntime.PastInvocations.Select(i => i.identifier).ToArray());
 
-            Assert.Equal(result, testJsRuntime.GetAccessTokenResult);
+            Assert.False(result.TryGetToken(out var token));
+            Assert.Null(token);
+            Assert.Equal(result.Status, testJsRuntime.GetAccessTokenResult.Status);
             Assert.Equal(expectedRedirectUrl, result.RedirectUrl);
             Assert.Equal(tokenOptions, (AccessTokenRequestOptions)testJsRuntime.PastInvocations[^1].args[0]);
         }
@@ -319,7 +324,7 @@ public async Task RemoteAuthenticationService_GetAccessToken_ComputesDefaultRetu
                 new TestNavigationManager());
 
             var state = new RemoteAuthenticationState();
-            testJsRuntime.GetAccessTokenResult = new AccessTokenResult
+            testJsRuntime.GetAccessTokenResult = new InternalAccessTokenResult
             {
                 Status = AccessTokenResultStatus.RequiresRedirect,
             };
@@ -333,14 +338,16 @@ public async Task RemoteAuthenticationService_GetAccessToken_ComputesDefaultRetu
             var expectedRedirectUrl = "https://www.example.com/base/login?returnUrl=https%3A%2F%2Fwww.example.com%2Fbase%2Fadd-saved-product%2F123413241234";
 
             // Act
-            var result = await runtime.GetAccessToken(tokenOptions);
+            var result = await runtime.RequestAccessToken(tokenOptions);
 
             // Assert
             Assert.Equal(
                 new[] { "AuthenticationService.init", "AuthenticationService.getAccessToken" },
                 testJsRuntime.PastInvocations.Select(i => i.identifier).ToArray());
 
-            Assert.Equal(result, testJsRuntime.GetAccessTokenResult);
+            Assert.False(result.TryGetToken(out var token));
+            Assert.Null(token);
+            Assert.Equal(result.Status, testJsRuntime.GetAccessTokenResult.Status);
             Assert.Equal(expectedRedirectUrl, result.RedirectUrl);
             Assert.Equal(tokenOptions, (AccessTokenRequestOptions)testJsRuntime.PastInvocations[^1].args[0]);
         }
@@ -423,7 +430,7 @@ public async Task RemoteAuthenticationService_GetUser_DoesNotMapScopesToRoles()
             }, serializationOptions);
 
             testJsRuntime.GetUserResult = JsonSerializer.Deserialize<IDictionary<string, object>>(serializedUser);
-            testJsRuntime.GetAccessTokenResult = new AccessTokenResult
+            testJsRuntime.GetAccessTokenResult = new InternalAccessTokenResult
             {
                 Status = AccessTokenResultStatus.Success,
                 Token = new AccessToken
@@ -499,7 +506,7 @@ private class TestJsRuntime : IJSRuntime
 
             public RemoteAuthenticationResult<RemoteAuthenticationState> InitResult { get; set; }
 
-            public AccessTokenResult GetAccessTokenResult { get; set; }
+            public InternalAccessTokenResult GetAccessTokenResult { get; set; }
 
             public IDictionary<string, object> GetUserResult { get; set; }
 

src/Components/Blazor/WebAssembly.Authentication/test/RemoteAuthenticationServiceTests.cs

@@ -1,4 +1,4 @@
-<CascadingAuthenticationState>
+<CascadingAuthenticationState>
     <Router AppAssembly="@typeof(Program).Assembly">
         <Found Context="routeData">
             <AuthorizeRouteView RouteData="@routeData" DefaultLayout="@typeof(MainLayout)">
@@ -13,4 +13,4 @@
             </LayoutView>
         </NotFound>
     </Router>
-</CascadingAuthenticationState>
+</CascadingAuthenticationState>

src/Components/Blazor/testassets/Wasm.Authentication.Client/App.razor

@@ -45,11 +45,11 @@ else
         var httpClient = new HttpClient();
         httpClient.BaseAddress = new Uri(Navigation.BaseUri);
 
-        var tokenResult = await AuthenticationService.GetAccessToken();
+        var tokenResult = await AuthenticationService.RequestAccessToken();
 
-        if (tokenResult.TryGetAccessToken(out var token))
+        if (tokenResult.TryGetToken(out var token))
         {
-            httpClient.DefaultRequestHeaders.Add("Authorization", $"Bearer {tokenResult.Token.Value}");
+            httpClient.DefaultRequestHeaders.Add("Authorization", $"Bearer {token.Value}");
             forecasts = await httpClient.GetJsonAsync<WeatherForecast[]>("WeatherForecast");
         }
         else

src/Components/Blazor/testassets/Wasm.Authentication.Client/Pages/FetchData.razor

@@ -44,13 +44,13 @@
     {
         await base.OnInitializedAsync();
         var state = await AuthenticationState;
-        var accessTokenResult = await AuthorizationService.GetAccessToken();
-        if (accessTokenResult.Status != AccessTokenResultStatus.Success)
+        var accessTokenResult = await AuthorizationService.RequestAccessToken();
+        if (!accessTokenResult.TryGetToken(out var token))
         {
             throw new InvalidOperationException("Failed to provision the access token.");
         }
 
-        AccessToken = accessTokenResult.Token;
+        AccessToken = token;
 
         AuthenticatedUser = state.User;
     }

src/Components/Blazor/testassets/Wasm.Authentication.Client/Pages/User.razor

@@ -1,15 +1,22 @@
 @using Microsoft.AspNetCore.Components.Authorization
+@inject NavigationManager Navigation
+@inject SignOutSessionStateManager SignOutManager
+
 <AuthorizeView Context="authenticationState">
     <Authorized>
         <a href="authentication/profile">Hello, @authenticationState.User.Identity.Name!</a>
-        <SignOut>
-            <OnSignOut Context="BeginSignOut">
-                <button class="nav-link btn btn-link" @onclick="BeginSignOut">Log out</button>
-            </OnSignOut>
-        </SignOut>
+        <button class="nav-link btn btn-link" @onclick="BeginSignOut">Log out</button>
     </Authorized>
     <NotAuthorized>
         <a href="authentication/register">Register</a>
         <a href="authentication/login">Log in</a>
     </NotAuthorized>
 </AuthorizeView>
+
+@code{
+    public async Task BeginSignOut()
+    {
+        await SignOutManager.SetSignOutState();
+        Navigation.NavigateTo("authentication/logout");
+    }
+}