Update access token pattern

Author: javiercn

src/Components/Blazor/WebAssembly.Authentication/src/Services/AccessTokenResult.cs

@@ -1,6 +1,8 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
+
 namespace Microsoft.AspNetCore.Components.WebAssembly.Authentication
 {
     /// <summary>
@@ -22,5 +24,24 @@ public class AccessTokenResult
         /// Gets or sets the URL to redirect to if <see cref="Status"/> is <see cref="AccessTokenResultStatus.RequiresRedirect"/>.
         /// </summary>
         public string RedirectUrl { get; set; }
+
+        /// <summary>
+        /// Determines whether the token request was successful and makes the <see cref="AccessToken"/> available for use when it is.
+        /// </summary>
+        /// <param name="accessToken">The <see cref="AccessToken"/> if the request was successful.</param>
+        /// <returns><c>true</c> when the token request is successful; <c>false</c> otherwise.</returns>
+        public bool TryGetAccessToken(out AccessToken accessToken)
+        {
+            if (string.Equals(Status, AccessTokenResultStatus.Success, StringComparison.OrdinalIgnoreCase))
+            {
+                accessToken = Token;
+                return true;
+            }
+            else
+            {
+                accessToken = null;
+                return false;
+            }
+        }
     }
 }

src/Components/Blazor/WebAssembly.Authentication/src/Services/RemoteAuthenticationService.cs

@@ -33,6 +33,11 @@ public class RemoteAuthenticationService<TRemoteAuthenticationState, TProviderOp
         /// </summary>
         protected readonly IJSRuntime _jsRuntime;
 
+        /// <summary>
+        /// The <see cref="NavigationManager"/> used to compute absolute urls.
+        /// </summary>
+        protected readonly NavigationManager _navigation;
+
         /// <summary>
         /// The options for the underlying JavaScript library handling the authentication operations.
         /// </summary>
@@ -45,9 +50,11 @@ public class RemoteAuthenticationService<TRemoteAuthenticationState, TProviderOp
         /// <param name="options">The options to be passed down to the underlying JavaScript library handling the authentication operations.</param>
         public RemoteAuthenticationService(
             IJSRuntime jsRuntime,
-            IOptions<RemoteAuthenticationOptions<TProviderOptions>> options)
+            IOptions<RemoteAuthenticationOptions<TProviderOptions>> options,
+            NavigationManager navigation)
         {
             _jsRuntime = jsRuntime;
+            _navigation = navigation;
             _options = options.Value;
         }
 
@@ -120,8 +127,24 @@ public virtual async ValueTask<AccessTokenResult> GetAccessToken()
         /// <inheritdoc />
         public virtual async ValueTask<AccessTokenResult> GetAccessToken(AccessTokenRequestOptions options)
         {
+            if (options is null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
             await EnsureAuthService();
-            return await _jsRuntime.InvokeAsync<AccessTokenResult>("AuthenticationService.getAccessToken", options);
+            var result = await _jsRuntime.InvokeAsync<AccessTokenResult>("AuthenticationService.getAccessToken", options);
+
+            var returnUrl = options.ReturnUrl != null ? _navigation.ToAbsoluteUri(options.ReturnUrl).ToString() : null;
+            var encodedReturnUrl = Uri.EscapeDataString(returnUrl ?? _navigation.Uri);
+            var redirectUrl = _navigation.ToAbsoluteUri($"{_options.AuthenticationPaths.LogInPath}?returnUrl={encodedReturnUrl}");
+
+            if (string.Equals(result.Status, AccessTokenResultStatus.RequiresRedirect, StringComparison.OrdinalIgnoreCase))
+            {
+                result.RedirectUrl = redirectUrl.ToString();
+            }
+
+            return result;
         }
 
         private async ValueTask<ClaimsPrincipal> GetUser(bool useCache = false)

src/Components/Blazor/WebAssembly.Authentication/test/RemoteAuthenticationServiceTests.cs

@@ -20,7 +20,8 @@ public async Task RemoteAuthenticationService_SignIn_UpdatesUserOnSuccess()
             var options = CreateOptions();
             var runtime = new RemoteAuthenticationService<RemoteAuthenticationState, OidcProviderOptions>(
                 testJsRuntime,
-                options);
+                options,
+                new TestNavigationManager());
 
             var state = new RemoteAuthenticationState();
             testJsRuntime.SignInResult = new RemoteAuthenticationResult<RemoteAuthenticationState>
@@ -49,7 +50,8 @@ public async Task RemoteAuthenticationService_SignIn_DoesNotUpdateUserOnOtherRes
             var options = CreateOptions();
             var runtime = new RemoteAuthenticationService<RemoteAuthenticationState, OidcProviderOptions>(
                 testJsRuntime,
-                options);
+                options,
+                new TestNavigationManager());
 
             var state = new RemoteAuthenticationState();
             testJsRuntime.SignInResult = new RemoteAuthenticationResult<RemoteAuthenticationState>
@@ -74,7 +76,8 @@ public async Task RemoteAuthenticationService_CompleteSignInAsync_UpdatesUserOnS
             var options = CreateOptions();
             var runtime = new RemoteAuthenticationService<RemoteAuthenticationState, OidcProviderOptions>(
                 testJsRuntime,
-                options);
+                options,
+                new TestNavigationManager());
 
             var state = new RemoteAuthenticationState();
             testJsRuntime.CompleteSignInResult = new RemoteAuthenticationResult<RemoteAuthenticationState>
@@ -103,7 +106,8 @@ public async Task RemoteAuthenticationService_CompleteSignInAsync_DoesNotUpdateU
             var options = CreateOptions();
             var runtime = new RemoteAuthenticationService<RemoteAuthenticationState, OidcProviderOptions>(
                 testJsRuntime,
-                options);
+                options,
+                new TestNavigationManager());
 
             var state = new RemoteAuthenticationState();
             testJsRuntime.CompleteSignInResult = new RemoteAuthenticationResult<RemoteAuthenticationState>
@@ -128,7 +132,8 @@ public async Task RemoteAuthenticationService_SignOut_UpdatesUserOnSuccess()
             var options = CreateOptions();
             var runtime = new RemoteAuthenticationService<RemoteAuthenticationState, OidcProviderOptions>(
                 testJsRuntime,
-                options);
+                options,
+                new TestNavigationManager());
 
             var state = new RemoteAuthenticationState();
             testJsRuntime.SignOutResult = new RemoteAuthenticationResult<RemoteAuthenticationState>
@@ -157,7 +162,8 @@ public async Task RemoteAuthenticationService_SignOut_DoesNotUpdateUserOnOtherRe
             var options = CreateOptions();
             var runtime = new RemoteAuthenticationService<RemoteAuthenticationState, OidcProviderOptions>(
                 testJsRuntime,
-                options);
+                options,
+                new TestNavigationManager());
 
             var state = new RemoteAuthenticationState();
             testJsRuntime.SignOutResult = new RemoteAuthenticationResult<RemoteAuthenticationState>
@@ -182,7 +188,8 @@ public async Task RemoteAuthenticationService_CompleteSignOutAsync_UpdatesUserOn
             var options = CreateOptions();
             var runtime = new RemoteAuthenticationService<RemoteAuthenticationState, OidcProviderOptions>(
                 testJsRuntime,
-                options);
+                options,
+                new TestNavigationManager());
 
             var state = new RemoteAuthenticationState();
             testJsRuntime.CompleteSignOutResult = new RemoteAuthenticationResult<RemoteAuthenticationState>
@@ -211,7 +218,8 @@ public async Task RemoteAuthenticationService_CompleteSignOutAsync_DoesNotUpdate
             var options = CreateOptions();
             var runtime = new RemoteAuthenticationService<RemoteAuthenticationState, OidcProviderOptions>(
                 testJsRuntime,
-                options);
+                options,
+                new TestNavigationManager());
 
             var state = new RemoteAuthenticationState();
             testJsRuntime.CompleteSignOutResult = new RemoteAuthenticationResult<RemoteAuthenticationState>
@@ -236,7 +244,8 @@ public async Task RemoteAuthenticationService_GetAccessToken_ReturnsAccessTokenR
             var options = CreateOptions();
             var runtime = new RemoteAuthenticationService<RemoteAuthenticationState, OidcProviderOptions>(
                 testJsRuntime,
-                options);
+                options,
+                new TestNavigationManager());
 
             var state = new RemoteAuthenticationState();
             testJsRuntime.GetAccessTokenResult = new AccessTokenResult
@@ -269,20 +278,60 @@ public async Task RemoteAuthenticationService_GetAccessToken_PassesDownOptions()
             var options = CreateOptions();
             var runtime = new RemoteAuthenticationService<RemoteAuthenticationState, OidcProviderOptions>(
                 testJsRuntime,
-                options);
+                options,
+                new TestNavigationManager());
 
             var state = new RemoteAuthenticationState();
             testJsRuntime.GetAccessTokenResult = new AccessTokenResult
             {
                 Status = AccessTokenResultStatus.RequiresRedirect,
-                RedirectUrl = "https://www.example.com/base/auth/login"
             };
 
             var tokenOptions = new AccessTokenRequestOptions
             {
                 Scopes = new[] { "something" }
             };
 
+            var expectedRedirectUrl = "https://www.example.com/base/login?returnUrl=https%3A%2F%2Fwww.example.com%2Fbase%2Fadd-product";
+
+            // Act
+            var result = await runtime.GetAccessToken(tokenOptions);
+
+            // Assert
+            Assert.Equal(
+                new[] { "AuthenticationService.init", "AuthenticationService.getAccessToken" },
+                testJsRuntime.PastInvocations.Select(i => i.identifier).ToArray());
+
+            Assert.Equal(result, testJsRuntime.GetAccessTokenResult);
+            Assert.Equal(expectedRedirectUrl, result.RedirectUrl);
+            Assert.Equal(tokenOptions, (AccessTokenRequestOptions)testJsRuntime.PastInvocations[^1].args[0]);
+        }
+
+        [Fact]
+        public async Task RemoteAuthenticationService_GetAccessToken_ComputesDefaultReturnUrlOnRequiresRedirect()
+        {
+            // Arrange
+            var testJsRuntime = new TestJsRuntime();
+            var options = CreateOptions();
+            var runtime = new RemoteAuthenticationService<RemoteAuthenticationState, OidcProviderOptions>(
+                testJsRuntime,
+                options,
+                new TestNavigationManager());
+
+            var state = new RemoteAuthenticationState();
+            testJsRuntime.GetAccessTokenResult = new AccessTokenResult
+            {
+                Status = AccessTokenResultStatus.RequiresRedirect,
+            };
+
+            var tokenOptions = new AccessTokenRequestOptions
+            {
+                Scopes = new[] { "something" },
+                ReturnUrl = "https://www.example.com/base/add-saved-product/123413241234"
+            };
+
+            var expectedRedirectUrl = "https://www.example.com/base/login?returnUrl=https%3A%2F%2Fwww.example.com%2Fbase%2Fadd-saved-product%2F123413241234";
+
             // Act
             var result = await runtime.GetAccessToken(tokenOptions);
 
@@ -292,6 +341,7 @@ public async Task RemoteAuthenticationService_GetAccessToken_PassesDownOptions()
                 testJsRuntime.PastInvocations.Select(i => i.identifier).ToArray());
 
             Assert.Equal(result, testJsRuntime.GetAccessTokenResult);
+            Assert.Equal(expectedRedirectUrl, result.RedirectUrl);
             Assert.Equal(tokenOptions, (AccessTokenRequestOptions)testJsRuntime.PastInvocations[^1].args[0]);
         }
 
@@ -303,7 +353,8 @@ public async Task RemoteAuthenticationService_GetUser_ReturnsAnonymousClaimsPrin
             var options = CreateOptions();
             var runtime = new RemoteAuthenticationService<RemoteAuthenticationState, OidcProviderOptions>(
                 testJsRuntime,
-                options);
+                options,
+                new TestNavigationManager());
 
             testJsRuntime.GetUserResult = null;
 
@@ -328,7 +379,8 @@ public async Task RemoteAuthenticationService_GetUser_ReturnsUser_ForAuthenticat
             var options = CreateOptions();
             var runtime = new RemoteAuthenticationService<RemoteAuthenticationState, OidcProviderOptions>(
                 testJsRuntime,
-                options);
+                options,
+                new TestNavigationManager());
 
             var serializationOptions = new JsonSerializerOptions { PropertyNamingPolicy = JsonNamingPolicy.CamelCase, PropertyNameCaseInsensitive = true };
             var serializedUser = JsonSerializer.Serialize(new
@@ -360,7 +412,8 @@ public async Task RemoteAuthenticationService_GetUser_DoesNotMapScopesToRoles()
             var options = CreateOptions("scope");
             var runtime = new RemoteAuthenticationService<RemoteAuthenticationState, OidcProviderOptions>(
                 testJsRuntime,
-                options);
+                options,
+                new TestNavigationManager());
 
             var serializationOptions = new JsonSerializerOptions { PropertyNamingPolicy = JsonNamingPolicy.CamelCase, PropertyNameCaseInsensitive = true };
             var serializedUser = JsonSerializer.Serialize(new
@@ -402,7 +455,7 @@ private static IOptions<RemoteAuthenticationOptions<OidcProviderOptions>> Create
                 {
                     AuthenticationPaths = new RemoteAuthenticationApplicationPathsOptions
                     {
-                        LogInPath = "a",
+                        LogInPath = "login",
                         LogInCallbackPath = "a",
                         LogInFailedPath = "a",
                         RegisterPath = "a",
@@ -489,4 +542,12 @@ private object GetInvocationResult<TValue>(string identifier)
             }
         }
     }
+
+    internal class TestNavigationManager : NavigationManager
+    {
+        public TestNavigationManager() =>
+            Initialize("https://www.example.com/base/", "https://www.example.com/base/add-product");
+
+        protected override void NavigateToCore(string uri, bool forceLoad) => throw new NotImplementedException();
+    }
 }

src/Components/Blazor/WebAssembly.Authentication/test/RemoteAuthenticatorCoreTests.cs

@@ -535,15 +535,19 @@ private static
             var remoteAuthenticator = new RemoteAuthenticatorViewCore<RemoteAuthenticationState>();
             renderer.Attach(remoteAuthenticator);
 
-            remoteAuthenticator.Navigation = new TestNavigationManager(
+            var navigationManager = new TestNavigationManager(
                 baseUri,
                 currentUri);
+            remoteAuthenticator.Navigation = navigationManager;
 
             remoteAuthenticator.AuthenticationState = new RemoteAuthenticationState();
             remoteAuthenticator.ApplicationPaths = new RemoteAuthenticationApplicationPathsOptions();
 
             var jsRuntime = new TestJsRuntime();
-            var authenticationServiceMock = new TestRemoteAuthenticationService(jsRuntime, Mock.Of<IOptions<RemoteAuthenticationOptions<OidcProviderOptions>>>());
+            var authenticationServiceMock = new TestRemoteAuthenticationService(
+                jsRuntime,
+                Mock.Of<IOptions<RemoteAuthenticationOptions<OidcProviderOptions>>>(),
+                navigationManager);
 
             remoteAuthenticator.AuthenticationService = authenticationServiceMock;
             remoteAuthenticator.AuthenticationProvider = authenticationServiceMock;
@@ -598,7 +602,11 @@ protected override Task OnParametersSetAsync()
 
         private class TestRemoteAuthenticationService : RemoteAuthenticationService<RemoteAuthenticationState, OidcProviderOptions>
         {
-            public TestRemoteAuthenticationService(IJSRuntime jsRuntime, IOptions<RemoteAuthenticationOptions<OidcProviderOptions>> options) : base(jsRuntime, options)
+            public TestRemoteAuthenticationService(
+                IJSRuntime jsRuntime,
+                IOptions<RemoteAuthenticationOptions<OidcProviderOptions>> options,
+                TestNavigationManager navigationManager) :
+                base(jsRuntime, options, navigationManager)
             {
             }
 

src/Components/Blazor/testassets/Wasm.Authentication.Client/Pages/FetchData.razor

@@ -47,18 +47,14 @@ else
 
         var tokenResult = await AuthenticationService.GetAccessToken();
 
-        switch (tokenResult.Status)
+        if (tokenResult.TryGetAccessToken(out var token))
         {
-            case AccessTokenResultStatus.Success:
-                httpClient.DefaultRequestHeaders.Add("Authorization", $"Bearer {tokenResult.Token.Value}");
-                forecasts = await httpClient.GetJsonAsync<WeatherForecast[]>("WeatherForecast");
-
-                break;
-            case AccessTokenResultStatus.RequiresRedirect:
-                Navigation.NavigateTo(tokenResult.RedirectUrl);
-                break;
-            default:
-                break;
+            httpClient.DefaultRequestHeaders.Add("Authorization", $"Bearer {tokenResult.Token.Value}");
+            forecasts = await httpClient.GetJsonAsync<WeatherForecast[]>("WeatherForecast");
+        }
+        else
+        {
+            Navigation.NavigateTo(tokenResult.RedirectUrl);
         }
     }
 }