#938 AuthenticationRequestToken -> AuthenticationRequest

AuthenticationRequestProvider -> AuthenticationRequestStore

AuthenticationRequestStore is now an element for the developers to take care of. Tweetinvi no longer relies on it.

Author: linvi

CHANGELOG.md

@@ -40,13 +40,12 @@ As a result, changing a `TwitterClient` credentials will only be possible by cre
 
 ## Authentication Flow
 
-`IAuthenticationTokenProvider` is a new interface that let developers customize how Tweetinvi retrieves the AuthenticationToken.
-  * `CallbackTokenIdParameterName` query parameter added to the callback url.
-  * `ExtractTokenIdFromCallbackUrl` method extracting a token from a callback url.
-  * `GenerateAuthTokenId` generates an identifier that will be used by `GetAuthenticationTokenFromId`
-  * `GetAuthenticationTokenFromId` retrieves an AuthenticationToken from its unique identifier
-  * `AddAuthenticationToken` defines how to add a token into your store
-  * `RemoveAuthenticationToken` defines how to remove a token from your store.
+`IAuthenticationRequestStore` is a new interface that guides developers through the authentication flow of redirection urls. A default in-memory solution is provided but developers are free to implement their own.
+  * `AppendAuthenticationRequestIdToCallbackUrl` append an authenticationRequestId to a url
+  * `ExtractAuthenticationRequestIdFromCallbackUrl` logic to extract an authenticationRequestId from a callback url
+  * `GetAuthenticationRequestFromId` returns the AuthenticationRequest from its identifier
+  * `AddAuthenticationToken` stores the AuthenticationRequest information
+  * `RemoveAuthenticationToken` removes an AuthenticationRequest from the store
 
 A default implementation `new AuthenticationTokenProvider` is an implementation that allow you to make the `AuthenticationToken` accessible from an in-memory store.
 
@@ -67,14 +66,16 @@ A default implementation `new AuthenticationTokenProvider` is an implementation
 
 **`AuthFlow.InitAuthentication`** was moved to `TwitterClient.Auth.RequestAuthenticationUrl`
 
+`RequestAuthenticationUrl` returns an `AuthenticationRequest` which contains the url to redirected the user and authorization information to proceed with the request of credentials.
+
 ``` c#
 // Tweetinvi 4.0
 Auth.SetCredentials(new TwitterCredentials("consumer_key", "consumer_secret"));
-var authenticationContext = AuthFlow.InitAuthentication(applicationCredentials);
+var authenticationRequest = AuthFlow.InitAuthentication(applicationCredentials);
 
 // Tweetinvi 5.0
 var appClient = new TwitterClient(new TwitterCredentials("consumer_key", "consumer_secret"));
-var authenticationContext = await authenticationClient.Auth.RequestAuthenticationUrl();
+var authenticationRequest = await authenticationClient.Auth.RequestAuthenticationUrl();
 ```
 
 **`AuthFlow.CreateCredentialsFromVerifierCode` moved to `TwitterClient.Auth.RequestCredentials`**

Examples/Examplinvi.ASP.NET.Core/Controllers/HomeController.cs

@@ -1,4 +1,5 @@
-using System.Diagnostics;
+using System;
+using System.Diagnostics;
 using System.Threading.Tasks;
 using Examplinvi.ASP.NET.Core.Models;
 using Microsoft.AspNetCore.Mvc;
@@ -13,7 +14,7 @@ public class HomeController : Controller
         /// <summary>
         /// NOTE PLEASE CHANGE THE IMPLEMENTATION OF IAuthenticationTokenProvider to match your needs
         /// </summary>
-        private static readonly IAuthenticationTokenProvider _myAuthProvider = new AuthenticationTokenProvider();
+        private static readonly IAuthenticationRequestStore _myAuthRequestStore = new AuthenticationRequestStore();
 
         public IActionResult Index()
         {
@@ -34,17 +35,25 @@ private static ITwitterClient GetAppClient()
         public async Task<ActionResult> TwitterAuth()
         {
             var appClient = GetAppClient();
-            var redirectURL = "https://" + Request.Host.Value + "/Home/ValidateTwitterAuth";
-            var authenticationContext = await appClient.Auth.RequestAuthenticationUrl(redirectURL, _myAuthProvider);
 
-            return new RedirectResult(authenticationContext.AuthorizationURL);
+            var authRequestId = Guid.NewGuid().ToString();
+            var redirectURL = _myAuthRequestStore.AppendAuthenticationRequestIdToCallbackUrl($"https://{Request.Host.Value}/Home/ValidateTwitterAuth", authRequestId);
+            var authenticationRequestToken = await appClient.Auth.RequestAuthenticationUrl(redirectURL);
+            await _myAuthRequestStore.AddAuthenticationToken(authRequestId, authenticationRequestToken);
+
+            return new RedirectResult(authenticationRequestToken.AuthorizationURL);
         }
 
         public async Task<ActionResult> ValidateTwitterAuth()
         {
             var appClient = GetAppClient();
 
-            var requestParameters = await RequestCredentialsParameters.FromCallbackUrl(Request.QueryString.Value, _myAuthProvider);
+            // RequestCredentialsParameters.FromCallbackUrl does 3 things:
+            // * Extract the id from the callback
+            // * Get the AuthenticationRequest from the store
+            // * Remove the request from the store as it will no longer need it
+            // This logic can be implemented manually if you wish change the behaviour
+            var requestParameters = await RequestCredentialsParameters.FromCallbackUrl(Request.QueryString.Value, _myAuthRequestStore);
             var userCreds = await appClient.Auth.RequestCredentials(requestParameters);
 
             var userClient = new TwitterClient(userCreds);

Tests/xUnitinvi/ClientActions/AuthClient/AuthControllerTests.cs

@@ -72,10 +72,7 @@ public async Task StartAuthProcess_WithRedirectUrl_ReturnsFromRequestExecutor()
             var controller = CreateAuthController();
             var request = A.Fake<ITwitterRequest>();
             var expectedResult = A.Fake<ITwitterResult>();
-            var parameters = new RequestUrlAuthUrlParameters("my_url")
-            {
-                RequestId = null
-            };
+            var parameters = new RequestUrlAuthUrlParameters("my_url");
             var response = "oauth_token=MY_TOKEN&oauth_token_secret=MY_SECRET&oauth_callback_confirmed=true";
 
             A.CallTo(() => _fakeAuthQueryExecutor.RequestAuthUrl(A<RequestAuthUrlInternalParameters>.That.Matches(x => x.CallbackUrl == "my_url"), request))
@@ -90,45 +87,17 @@ public async Task StartAuthProcess_WithRedirectUrl_ReturnsFromRequestExecutor()
             Assert.Equal("MY_SECRET", result.DataTransferObject.AuthorizationSecret);
         }
 
-        [Fact]
-        public async Task StartAuthProcess_WithRedirectUrlAndAuthId_ReturnsFromRequestExecutor()
-        {
-            // Arrange
-            var controller = CreateAuthController();
-            var request = A.Fake<ITwitterRequest>();
-            var expectedResult = A.Fake<ITwitterResult>();
-            var parameters = new RequestUrlAuthUrlParameters("my_url")
-            {
-                RequestId = "my_auth_id"
-            };
-            var response = "oauth_token=MY_TOKEN&oauth_token_secret=MY_SECRET&oauth_callback_confirmed=true";
-
-            A.CallTo(() => _fakeAuthQueryExecutor.RequestAuthUrl(A<RequestAuthUrlInternalParameters>.That.Matches(x => x.CallbackUrl == "my_url?authorization_id=my_auth_id"), request))
-                .Returns(expectedResult);
-            A.CallTo(() => expectedResult.Json).Returns(response);
-
-            // Act
-            var result = await controller.RequestAuthUrl(parameters, request);
-
-            // Assert
-            Assert.Equal("MY_TOKEN", result.DataTransferObject.AuthorizationKey);
-            Assert.Equal("MY_SECRET", result.DataTransferObject.AuthorizationSecret);
-        }
-
         [Fact]
         public async Task StartAuthProcess_WithNonConfirmedCallback_ShouldThrowAsAborted()
         {
             // Arrange
             var controller = CreateAuthController();
             var request = A.Fake<ITwitterRequest>();
             var expectedResult = A.Fake<ITwitterResult>();
-            var parameters = new RequestUrlAuthUrlParameters("my_url")
-            {
-                RequestId = "my_auth_id"
-            };
+            var parameters = new RequestUrlAuthUrlParameters("my_url");
             var response = "oauth_token=MY_TOKEN&oauth_token_secret=MY_SECRET&oauth_callback_confirmed=false";
 
-            A.CallTo(() => _fakeAuthQueryExecutor.RequestAuthUrl(A<RequestAuthUrlInternalParameters>.That.Matches(x => x.CallbackUrl == "my_url?authorization_id=my_auth_id"), request))
+            A.CallTo(() => _fakeAuthQueryExecutor.RequestAuthUrl(A<RequestAuthUrlInternalParameters>.That.Matches(x => x.CallbackUrl == "my_url"), request))
                 .Returns(expectedResult);
             A.CallTo(() => expectedResult.Json).Returns(response);
 
@@ -143,14 +112,11 @@ public async Task StartAuthProcess_WithoutResponse_ShouldThrowAuthException()
             var controller = CreateAuthController();
             var request = A.Fake<ITwitterRequest>();
             var expectedResult = A.Fake<ITwitterResult>();
-            var parameters = new RequestUrlAuthUrlParameters("my_url")
-            {
-                RequestId = "my_auth_id"
-            };
+            var parameters = new RequestUrlAuthUrlParameters("my_url");
 
             var response = "";
 
-            A.CallTo(() => _fakeAuthQueryExecutor.RequestAuthUrl(A<RequestAuthUrlInternalParameters>.That.Matches(x => x.CallbackUrl == "my_url?authorization_id=my_auth_id"), request))
+            A.CallTo(() => _fakeAuthQueryExecutor.RequestAuthUrl(A<RequestAuthUrlInternalParameters>.That.Matches(x => x.CallbackUrl == "my_url"), request))
                 .Returns(expectedResult);
             A.CallTo(() => expectedResult.Json).Returns(response);
 

Tests/xUnitinvi/IntegrationTests/AuthIntegrationTests.cs

@@ -76,12 +76,12 @@ public async Task AuthenticateWithPinCode()
 
             // act
             var authenticationClient = new TwitterClient(IntegrationTestConfig.TweetinviTest.Credentials);
-            var authenticationContext = await authenticationClient.Auth.RequestAuthenticationUrl().ConfigureAwait(false);
-            var authUrl = authenticationContext.AuthorizationURL;
+            var authenticationRequest = await authenticationClient.Auth.RequestAuthenticationUrl().ConfigureAwait(false);
+            var authUrl = authenticationRequest.AuthorizationURL;
 
             // ask the user for the pin code
-            var pinCode = await ExtractPinCodeFromTwitterAuthPage(authUrl).ConfigureAwait(false);
-            var userCredentials = await authenticationClient.Auth.RequestCredentials(pinCode, authenticationContext).ConfigureAwait(false);
+            var verifierCode = await ExtractPinCodeFromTwitterAuthPage(authUrl).ConfigureAwait(false);
+            var userCredentials = await authenticationClient.Auth.RequestCredentialsFromVerifierCode(verifierCode, authenticationRequest).ConfigureAwait(false);
             var authenticatedClient = new TwitterClient(userCredentials);
             var authenticatedUser = await authenticatedClient.Account.GetAuthenticatedUser().ConfigureAwait(false);
 
@@ -138,22 +138,22 @@ public async Task AuthenticateWithReadOnlyPermissions()
             Assert.Equal(authenticatedUser.ScreenName, IntegrationTestConfig.ProtectedUser.AccountId);
         }
 
-        private async Task<TwitterClient> GetAuthenticatedTwitterClientViaRedirect(ITwitterClient client, IAuthenticationRequestToken authRequestToken)
+        private async Task<TwitterClient> GetAuthenticatedTwitterClientViaRedirect(ITwitterClient client, IAuthenticationRequest authRequest)
         {
             var expectAuthRequestTask = AExtensions.HttpRequest(new AssertHttpRequestConfig(_logger.WriteLine))
                 .OnPort(8042)
                 .WithATimeoutOf(TimeSpan.FromSeconds(30))
-                .Matching(request => { return request.Url.AbsoluteUri.Contains(authRequestToken.AuthorizationKey); })
+                .Matching(request => { return request.Url.AbsoluteUri.Contains(authRequest.AuthorizationKey); })
                 .MustHaveHappened();
 
-            await AuthenticateWithRedirectUrlOnTwitterAuthPage(authRequestToken.AuthorizationURL, authRequestToken.AuthorizationKey).ConfigureAwait(false);
+            await AuthenticateWithRedirectUrlOnTwitterAuthPage(authRequest.AuthorizationURL, authRequest.AuthorizationKey).ConfigureAwait(false);
 
-            var authRequest = await expectAuthRequestTask.ConfigureAwait(false);
+            var authHttpRequest = await expectAuthRequestTask.ConfigureAwait(false);
 
             // Ask the user to enter the pin code given by Twitter
-            var callbackUrl = authRequest.Url.AbsoluteUri;
+            var callbackUrl = authHttpRequest.Url.AbsoluteUri;
 
-            var userCredentials = await client.Auth.RequestCredentialsFromCallbackUrl(callbackUrl, authRequestToken).ConfigureAwait(false);
+            var userCredentials = await client.Auth.RequestCredentialsFromCallbackUrl(callbackUrl, authRequest).ConfigureAwait(false);
             var authenticatedClient = new TwitterClient(userCredentials);
             return authenticatedClient;
         }

Tweetinvi.Controllers/Auth/AuthController.cs

@@ -3,7 +3,6 @@
 using Tweetinvi.Controllers.Properties;
 using Tweetinvi.Core.Controllers;
 using Tweetinvi.Core.DTO;
-using Tweetinvi.Core.Extensions;
 using Tweetinvi.Core.Web;
 using Tweetinvi.Credentials.Models;
 using Tweetinvi.Exceptions;
@@ -30,29 +29,16 @@ public Task<ITwitterResult<CreateTokenResponseDTO>> CreateBearerToken(ITwitterRe
             return _authQueryExecutor.CreateBearerToken(request);
         }
 
-        public async Task<ITwitterResult<IAuthenticationRequestToken>> RequestAuthUrl(IRequestAuthUrlParameters parameters, ITwitterRequest request)
+        public async Task<ITwitterResult<IAuthenticationRequest>> RequestAuthUrl(IRequestAuthUrlParameters parameters, ITwitterRequest request)
         {
-            var authToken = new AuthenticationRequestToken(request.Query.TwitterCredentials)
-            {
-                Id = parameters.RequestId
-            };
+            var authToken = new AuthenticationRequest(request.Query.TwitterCredentials);
 
             var authProcessParams = new RequestAuthUrlInternalParameters(parameters, authToken);
 
             if (string.IsNullOrEmpty(parameters.CallbackUrl))
             {
                 authProcessParams.CallbackUrl = Resources.Auth_PinCodeUrl;
             }
-            else if (parameters.RequestId != null)
-            {
-                var tweetinviTokenParameterName = parameters.AuthenticationTokenProvider?.CallbackTokenIdParameterName() ?? Resources.Auth_ProcessIdKey;
-                authProcessParams.CallbackUrl = authProcessParams.CallbackUrl.AddParameterToQuery(tweetinviTokenParameterName, parameters.RequestId);
-
-                if (parameters.AuthenticationTokenProvider != null)
-                {
-                    await parameters.AuthenticationTokenProvider.AddAuthenticationToken(authToken);
-                }
-            }
 
             var requestTokenResponse = await _authQueryExecutor.RequestAuthUrl(authProcessParams, request).ConfigureAwait(false);
 
@@ -72,7 +58,7 @@ public async Task<ITwitterResult<IAuthenticationRequestToken>> RequestAuthUrl(IR
             authToken.AuthorizationSecret = tokenInformation.Groups["oauth_token_secret"].Value;
             authToken.AuthorizationURL = $"{Resources.Auth_AuthorizeBaseUrl}?oauth_token={authToken.AuthorizationKey}";
 
-            return new TwitterResult<IAuthenticationRequestToken>
+            return new TwitterResult<IAuthenticationRequest>
             {
                 Request = requestTokenResponse.Request,
                 Response = requestTokenResponse.Response,
@@ -92,8 +78,8 @@ public async Task<ITwitterResult<ITwitterCredentials>> RequestCredentials(IReque
             }
 
             var credentials = new TwitterCredentials(
-                parameters.AuthRequestToken.ConsumerKey,
-                parameters.AuthRequestToken.ConsumerSecret,
+                parameters.AuthRequest.ConsumerKey,
+                parameters.AuthRequest.ConsumerSecret,
                 responseInformation.Groups["oauth_token"].Value,
                 responseInformation.Groups["oauth_token_secret"].Value);
 

Tweetinvi.Controllers/Auth/AuthQueryExecutor.cs

@@ -47,7 +47,7 @@ public Task<ITwitterResult> RequestAuthUrl(RequestAuthUrlInternalParameters para
 
             request.Query.Url = _queryGenerator.GetRequestAuthUrlQuery(parameters);
             request.Query.HttpMethod = HttpMethod.POST;
-            request.TwitterClientHandler = new AuthHttpHandler(callbackParameter, parameters.AuthRequestToken, oAuthWebRequestGenerator);
+            request.TwitterClientHandler = new AuthHttpHandler(callbackParameter, parameters.AuthRequest, oAuthWebRequestGenerator);
 
             return _twitterAccessor.ExecuteRequest(request);
         }
@@ -59,8 +59,8 @@ public Task<ITwitterResult> RequestCredentials(IRequestCredentialsParameters par
 
             request.Query.Url = _queryGenerator.GetRequestCredentialsQuery(parameters);
             request.Query.HttpMethod = HttpMethod.POST;
-            request.Query.TwitterCredentials = new TwitterCredentials(parameters.AuthRequestToken.ConsumerKey, parameters.AuthRequestToken.ConsumerSecret);
-            request.TwitterClientHandler = new AuthHttpHandler(callbackParameter, parameters.AuthRequestToken, oAuthWebRequestGenerator);
+            request.Query.TwitterCredentials = new TwitterCredentials(parameters.AuthRequest.ConsumerKey, parameters.AuthRequest.ConsumerSecret);
+            request.TwitterClientHandler = new AuthHttpHandler(callbackParameter, parameters.AuthRequest, oAuthWebRequestGenerator);
 
             return _twitterAccessor.ExecuteRequest(request);
         }

Tweetinvi.Controllers/Auth/RequestAuthUrlInternalParameters.cs

@@ -5,11 +5,11 @@ namespace Tweetinvi.Controllers.Auth
 {
     public class RequestAuthUrlInternalParameters : RequestUrlAuthUrlParameters
     {
-        public IAuthenticationRequestToken AuthRequestToken { get; }
+        public IAuthenticationRequest AuthRequest { get; }
 
-        public RequestAuthUrlInternalParameters(IRequestAuthUrlParameters parameters, IAuthenticationRequestToken authRequestToken) : base(parameters)
+        public RequestAuthUrlInternalParameters(IRequestAuthUrlParameters parameters, IAuthenticationRequest authRequest) : base(parameters)
         {
-            AuthRequestToken = authRequestToken;
+            AuthRequest = authRequest;
         }
     }
 }

Tweetinvi.Core/Core/Client/Validators/AuthClientRequiredParametersValidator.cs

@@ -31,11 +31,6 @@ public void Validate(IRequestAuthUrlParameters parameters)
             {
                 throw new ArgumentNullException(nameof(parameters));
             }
-
-            if (parameters.RequestId == string.Empty)
-            {
-                throw new ArgumentException("Cannot be empty", $"{nameof(parameters)}{nameof(parameters.RequestId)}");
-            }
         }
 
         public void Validate(IRequestCredentialsParameters parameters)
@@ -50,19 +45,19 @@ public void Validate(IRequestCredentialsParameters parameters)
                 throw new ArgumentNullException($"{nameof(parameters)}{nameof(parameters.VerifierCode)}", "If you received a null verifier code, the authentication failed");
             }
 
-            if (parameters.AuthRequestToken == null)
+            if (parameters.AuthRequest == null)
             {
-                throw new ArgumentNullException($"{nameof(parameters)}{nameof(parameters.AuthRequestToken)}");
+                throw new ArgumentNullException($"{nameof(parameters)}{nameof(parameters.AuthRequest)}");
             }
 
-            if (string.IsNullOrEmpty(parameters.AuthRequestToken.ConsumerKey))
+            if (string.IsNullOrEmpty(parameters.AuthRequest.ConsumerKey))
             {
-                throw new ArgumentNullException($"{nameof(parameters)}{nameof(parameters.AuthRequestToken)}{nameof(parameters.AuthRequestToken.ConsumerKey)}");
+                throw new ArgumentNullException($"{nameof(parameters)}{nameof(parameters.AuthRequest)}{nameof(parameters.AuthRequest.ConsumerKey)}");
             }
 
-            if (string.IsNullOrEmpty(parameters.AuthRequestToken.ConsumerSecret))
+            if (string.IsNullOrEmpty(parameters.AuthRequest.ConsumerSecret))
             {
-                throw new ArgumentNullException($"{nameof(parameters)}{nameof(parameters.AuthRequestToken)}{nameof(parameters.AuthRequestToken.ConsumerSecret)}");
+                throw new ArgumentNullException($"{nameof(parameters)}{nameof(parameters.AuthRequest)}{nameof(parameters.AuthRequest.ConsumerSecret)}");
             }
         }
     }