File: TwitterOptions.cs
Web Access
Project: src\src\Security\Authentication\Twitter\src\Microsoft.AspNetCore.Authentication.Twitter.csproj (Microsoft.AspNetCore.Authentication.Twitter)
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.
 
using System.Security.Claims;
using Microsoft.AspNetCore.Authentication.OAuth.Claims;
using Microsoft.AspNetCore.Http;
 
namespace Microsoft.AspNetCore.Authentication.Twitter;
 
/// <summary>
/// Options for the Twitter authentication handler.
/// </summary>
public class TwitterOptions : RemoteAuthenticationOptions
{
    private const string DefaultStateCookieName = "__TwitterState";
 
    private CookieBuilder _stateCookieBuilder;
 
    /// <summary>
    /// Initializes a new instance of the <see cref="TwitterOptions"/> class.
    /// </summary>
    public TwitterOptions()
    {
        CallbackPath = new PathString("/signin-twitter");
        BackchannelTimeout = TimeSpan.FromSeconds(60);
        Events = new TwitterEvents();
 
        ClaimActions.MapJsonKey(ClaimTypes.Email, "email", ClaimValueTypes.Email);
 
        _stateCookieBuilder = new TwitterCookieBuilder(this)
        {
            Name = DefaultStateCookieName,
            SecurePolicy = CookieSecurePolicy.SameAsRequest,
            HttpOnly = true,
            SameSite = SameSiteMode.Lax,
            IsEssential = true,
        };
    }
 
    /// <summary>
    /// Gets or sets the consumer key used to communicate with Twitter.
    /// </summary>
    /// <value>The consumer key used to communicate with Twitter.</value>
    public string? ConsumerKey { get; set; }
 
    /// <summary>
    /// Gets or sets the consumer secret used to sign requests to Twitter.
    /// </summary>
    /// <value>The consumer secret used to sign requests to Twitter.</value>
    public string? ConsumerSecret { get; set; }
 
    /// <summary>
    /// Enables the retrieval user details during the authentication process, including
    /// e-mail addresses. Retrieving e-mail addresses requires special permissions
    /// from Twitter Support on a per application basis. The default is false.
    /// See <see href="https://dev.twitter.com/rest/reference/get/account/verify_credentials"/>.
    /// </summary>
    public bool RetrieveUserDetails { get; set; }
 
    /// <summary>
    /// A collection of claim actions used to select values from the json user data and create Claims.
    /// </summary>
    public ClaimActionCollection ClaimActions { get; } = new ClaimActionCollection();
 
    /// <summary>
    /// Gets or sets the type used to secure data handled by the handler.
    /// </summary>
    public ISecureDataFormat<RequestToken> StateDataFormat { get; set; } = default!;
 
    /// <summary>
    /// Gets or sets the <see cref="TwitterEvents"/> used to handle authentication events.
    /// </summary>
    public new TwitterEvents Events
    {
        get => (TwitterEvents)base.Events;
        set => base.Events = value;
    }
 
    /// <summary>
    /// Determines the settings used to create the state cookie before the
    /// cookie gets added to the response.
    /// </summary>
    /// <remarks>
    /// <para>
    /// If an explicit <see cref="CookieBuilder.Name"/> is not provided, the system will automatically generate a
    /// unique name that begins with <c>__TwitterState</c>.
    /// </para>
    /// <list type="bullet">
    /// <item><description><see cref="CookieBuilder.SameSite"/> defaults to <see cref="SameSiteMode.Lax"/>.</description></item>
    /// <item><description><see cref="CookieBuilder.HttpOnly"/> defaults to <c>true</c>.</description></item>
    /// <item><description><see cref="CookieBuilder.IsEssential"/> defaults to <c>true</c>.</description></item>
    /// <item><description><see cref="CookieBuilder.SecurePolicy"/> defaults to <see cref="CookieSecurePolicy.SameAsRequest"/>.</description></item>
    /// </list>
    /// </remarks>
    public CookieBuilder StateCookie
    {
        get => _stateCookieBuilder;
        set => _stateCookieBuilder = value ?? throw new ArgumentNullException(nameof(value));
    }
 
    /// <summary>
    /// Added the validate method to ensure that the customer key and customer secret values are not not empty for the twitter authentication middleware
    /// </summary>
    public override void Validate()
    {
        base.Validate();
        ArgumentException.ThrowIfNullOrEmpty(ConsumerKey);
        ArgumentException.ThrowIfNullOrEmpty(ConsumerSecret);
    }
 
    private sealed class TwitterCookieBuilder : CookieBuilder
    {
        private readonly TwitterOptions _twitterOptions;
 
        public TwitterCookieBuilder(TwitterOptions twitterOptions)
        {
            _twitterOptions = twitterOptions;
        }
 
        public override CookieOptions Build(HttpContext context, DateTimeOffset expiresFrom)
        {
            var options = base.Build(context, expiresFrom);
            if (!Expiration.HasValue)
            {
                options.Expires = expiresFrom.Add(_twitterOptions.RemoteAuthenticationTimeout);
            }
            return options;
        }
    }
}