Merge pull request #2 from EAVFW/ssp/entraidFunctionality

feat: Added support for .net8

src/EAVFW.Extensions.EasyAuth.MicrosoftEntraId/EAVFW.Extensions.EasyAuth.MicrosoftEntraId.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFrameworks>net6.0</TargetFrameworks>
+    <TargetFrameworks>net6.0;net8.0</TargetFrameworks>
 
     <Title>EAVFW.Extensions.EasyAuth.MicrosoftEntraId</Title>
     <Authors>Poul Kjeldager</Authors>

src/EAVFW.Extensions.EasyAuth.MicrosoftEntraId/MicrosoftEntraEasyAuthProvider.cs

@@ -48,14 +48,16 @@ public async Task OnAuthenticate(HttpContext httpcontext, string handleId, strin
         {
             var email = httpcontext.Request.Query["email"].FirstOrDefault();
             var redirectUri = httpcontext.Request.Query["redirectUri"].FirstOrDefault();
-
-            var ru = new RequestUrl(_options.Value.AuthorizationUrl);
+            var callbackUri = $"{httpcontext.Request.Scheme}://{httpcontext.Request.Host}{httpcontext.Request.Path}/callback";
+
+            var ru = new RequestUrl(_options.Value.GetMicrosoftAuthorizationUrl(httpcontext));
             var authUri = ru.CreateAuthorizeUrl(
               clientId: _options.Value.ClientId,
-              redirectUri: _options.Value.RedirectUrl,
+              redirectUri: callbackUri,
               responseType: ResponseTypes.Code,
               responseMode: ResponseModes.FormPost,
               scope: _options.Value.Scope,
+              loginHint: String.IsNullOrEmpty(email) || email == "undefined" ? null : email,
               state: handleId + "&" + redirectUri);
             httpcontext.Response.Redirect(authUri);
         }
@@ -66,25 +68,22 @@ public async Task OnAuthenticate(HttpContext httpcontext, string handleId, strin
             var state = m.State.Split(new char[] { '&' }, 2);
             var handleId = state[0];
             var redirectUri = state[1];
+            var callbackUri = $"{httpcontext.Request.Scheme}://{httpcontext.Request.Host}{httpcontext.Request.Path}";
+
             var http = _clientFactory.CreateClient();
             var response = await http.RequestAuthorizationCodeTokenAsync(new AuthorizationCodeTokenRequest
             {
-                Address = _options.Value.TokenEndpoint,
+                Address = _options.Value.GetMicrosoftTokenEndpoint(httpcontext),
                 ClientId = _options.Value.ClientId,
                 ClientSecret = _options.Value.ClientSecret,
                 Code = m.Code,
-                RedirectUri = _options.Value.RedirectUrl,
+                RedirectUri = callbackUri,
             });
 
-            var handler = new JwtSecurityTokenHandler(); 
-            var jwtSecurityToken = handler.ReadJwtToken(response.IdentityToken);
-            var jti = jwtSecurityToken.Claims.First(claim => claim.Type == "email").Value;
-
             ClaimsPrincipal identity = await _options.Value.ValidateUserAsync(httpcontext, handleId, response);
-
             if (identity == null)
             {
-                httpcontext.Response.Redirect("error=access_denied&error_subcode=user_not_found");
+                httpcontext.Response.Redirect($"{httpcontext.Request.Scheme}://{httpcontext.Request.Host}callback?error=access_denied&error_subcode=user_not_found");
                 //return;
             }
             return await Task.FromResult((new ClaimsPrincipal(identity), redirectUri, handleId));

src/EAVFW.Extensions.EasyAuth.MicrosoftEntraId/MicrosoftEntraIdEasyAuthExtensions.cs

@@ -12,12 +12,14 @@ namespace EAVFW.Extensions.EasyAuth.MicrosoftEntraId
 {
     public static class MicrosoftEntraIdEasyAuthExtensions
     {
-        public static AuthenticatedEAVFrameworkBuilder AddMicrosoftEntraIdEasyAuth(this AuthenticatedEAVFrameworkBuilder builder, Func<HttpContext, string, TokenResponse, Task<ClaimsPrincipal>> validateUserAsync)
+        public static AuthenticatedEAVFrameworkBuilder AddMicrosoftEntraIdEasyAuth(this AuthenticatedEAVFrameworkBuilder builder, Func<HttpContext, string, TokenResponse, Task<ClaimsPrincipal>> validateUserAsync, Func<HttpContext, string> getMicrosoftAuthorizationUrl, Func<HttpContext, string> getMicrosoftTokenEndpoint)
         {
             builder.AddAuthenticationProvider<MicrosoftEntraEasyAuthProvider, MicrosoftEntraIdEasyAuthOptions,IConfiguration>((options, config) =>
             { 
                 config.GetSection("EAVEasyAuth:MicrosoftEntraId").Bind(options);
                 options.ValidateUserAsync = validateUserAsync;
+                options.GetMicrosoftAuthorizationUrl = getMicrosoftAuthorizationUrl;
+                options.GetMicrosoftTokenEndpoint = getMicrosoftTokenEndpoint;
 
             });
             return builder;

src/EAVFW.Extensions.EasyAuth.MicrosoftEntraId/MicrosoftEntraIdEasyAuthOptions.cs

@@ -1,23 +1,21 @@
 using IdentityModel.Client;
 using Microsoft.AspNetCore.Http;
 using System;
-using System.Collections.Generic;
 using System.Security.Claims;
 using System.Threading.Tasks;
 
 namespace EAVFW.Extensions.EasyAuth.MicrosoftEntraId
 {
     public class MicrosoftEntraIdEasyAuthOptions
     {
-        public string AuthorizationUrl { get;  set; }
         public string ClientId { get;  set; }
         public string ClientSecret { get;  set; }
         public string TenantId { get;  set; }
         public string GroupId { get;  set; }
         public string Scope { get;  set; }
-        public string TokenEndpoint { get;  set; }
-        public string RedirectUrl { get;  set; }
-
+
+        public Func<HttpContext, string> GetMicrosoftAuthorizationUrl { get; set; }
+        public Func<HttpContext, string> GetMicrosoftTokenEndpoint { get; set; }
         public Func<HttpContext, string, TokenResponse, Task<ClaimsPrincipal>> ValidateUserAsync { get; set; }
     }
 }