File: Events\PushedAuthorizationContext.cs
Web Access
Project: src\src\Security\Authentication\OpenIdConnect\src\Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj (Microsoft.AspNetCore.Authentication.OpenIdConnect)
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.
 
using System.Diagnostics.CodeAnalysis;
using Microsoft.AspNetCore.Http;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
namespace Microsoft.AspNetCore.Authentication.OpenIdConnect;
 
/// <summary>
/// A context for <see cref="OpenIdConnectEvents.PushAuthorization(PushedAuthorizationContext)"/>.
/// </summary>
public sealed class PushedAuthorizationContext : PropertiesContext<OpenIdConnectOptions>
{
    /// <summary>
    /// Initializes a new instance of <see cref="PushedAuthorizationContext"/>.
    /// </summary>
    /// <inheritdoc />
    public PushedAuthorizationContext(HttpContext context, AuthenticationScheme scheme, OpenIdConnectOptions options, OpenIdConnectMessage parRequest, AuthenticationProperties properties)
        : base(context, scheme, options, properties)
    {
        ProtocolMessage = parRequest;
    }
 
    /// <summary>
    /// Gets or sets the <see cref="OpenIdConnectMessage"/> that will be sent to the PAR endpoint.
    /// </summary>
    public OpenIdConnectMessage ProtocolMessage { get; }
 
    /// <summary>
    /// Indicates if the OnPushAuthorization event chose to handle pushing the
    /// authorization request. If true, the handler will not attempt to push the
    /// authorization request, and will instead use the RequestUri from this
    /// event in the subsequent authorize request.
    /// </summary>
    public bool HandledPush { [MemberNotNull("RequestUri")] get; private set; }
 
    /// <summary>
    /// Tells the handler that the OnPushAuthorization event has handled the process of pushing
    /// authorization, and that the handler should use the provided request_uri
    /// on the subsequent authorize call.
    /// </summary>
    public void HandlePush(string requestUri)
    {
        if (SkippedPush || HandledClientAuthentication)
        {
            throw new InvalidOperationException("Only one of HandlePush, SkipPush, and HandledClientAuthentication may be called in the OnPushAuthorization event.");
        }
        HandledPush = true;
        RequestUri = requestUri;
    }
 
    /// <summary>
    /// Indicates if the OnPushAuthorization event chose to skip pushing the
    /// authorization request. If true, the handler will not attempt to push the
    /// authorization request, and will not use pushed authorization in the
    /// subsequent authorize request.
    /// </summary>
    public bool SkippedPush { get; private set; }
 
    /// <summary>
    /// The request_uri parameter to use in the subsequent authorize call, if
    /// the OnPushAuthorization event chose to handle pushing the authorization
    /// request, and null otherwise.
    /// </summary>
    public string? RequestUri { get; private set; }
 
    /// <summary>
    /// Tells the handler to skip pushing authorization entirely. If this is
    /// called, the handler will not use pushed authorization on the subsequent
    /// authorize call.
    /// </summary>
    public void SkipPush()
    {
        if (HandledPush || HandledClientAuthentication)
        {
            throw new InvalidOperationException("Only one of HandlePush, SkipPush, and HandledClientAuthentication may be called in the OnPushAuthorization event.");
        }
        SkippedPush = true;
    }
 
    /// <summary>
    /// Indicates if the OnPushAuthorization event chose to handle client
    /// authentication for the pushed authorization request. If true, the
    /// handler will not attempt to set authentication parameters for the pushed
    /// authorization request.
    /// </summary>
    public bool HandledClientAuthentication { get; private set; }
 
    /// <summary>
    /// Tells the handler to skip setting client authentication properties for
    /// pushed authorization. The handler uses the client_secret_basic
    /// authentication mode by default, but the OnPushAuthorization event may
    /// replace that with an alternative authentication mode, such as
    /// private_key_jwt.
    /// </summary>
    public void HandleClientAuthentication()
    {
        if (SkippedPush || HandledPush)
        {
            throw new InvalidOperationException("Only one of HandlePush, SkipPush, and HandledClientAuthentication may be called in the OnPushAuthorization event.");
        }
        HandledClientAuthentication = true;
    }
}