Refactor SenseNetJwtSecurityTokenHandler class to remove dependency on obsolete method & Raise prelease (#2201)

* feat: update token handler to make compatible with sn auth

* Raise prelease

---------

Co-authored-by: vn0804 <129531684+vn0804@users.noreply.github.com>

Author: hashtagnulla

src/Services.Core/Authentication/SenseNetJwtSecurityTokenHandler.cs

@@ -1,64 +1,101 @@
-using Microsoft.IdentityModel.Tokens;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.IdentityModel.Tokens;
+using SenseNet.Configuration;
 using System;
 using System.IdentityModel.Tokens.Jwt;
 using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Security.Claims;
 using System.Threading.Tasks;
 
-namespace SnWebApplication.Api.Sql.TokenAuth.TokenValidator
-{  
-    public class SenseNetJwtSecurityTokenHandler : ISecurityTokenValidator
+namespace SenseNet.Services.Core.Authentication;
+
+public class SenseNetJwtSecurityTokenHandler : TokenHandler
+{
+    private readonly string _validateTokenUrl;
+    private readonly JwtSecurityTokenHandler _defaultHandler;
+    private readonly IHttpClientFactory _httpClientFactory;
+
+    public SenseNetJwtSecurityTokenHandler(string validateTokenUrl)
     {
-        private readonly string _validateTokenUrl;
-        private readonly JwtSecurityTokenHandler _defaultHandler;
+        _httpClientFactory = Providers.Instance.Services.GetRequiredService<IHttpClientFactory>();
+        _validateTokenUrl = validateTokenUrl ?? throw new ArgumentNullException(nameof(validateTokenUrl));
+        _defaultHandler = new JwtSecurityTokenHandler();
+    }
 
-        public bool CanValidateToken => true;
-        public int MaximumTokenSizeInBytes { get; set; } = TokenValidationParameters.DefaultMaximumTokenSizeInBytes;
+    public override int MaximumTokenSizeInBytes
+    {
+        get => base.MaximumTokenSizeInBytes;
+        set => base.MaximumTokenSizeInBytes = value;
+    }
 
-        public SenseNetJwtSecurityTokenHandler(string validateTokenUrl)
-        {
-            _validateTokenUrl = validateTokenUrl ?? throw new ArgumentNullException(nameof(validateTokenUrl));
-            _defaultHandler = new JwtSecurityTokenHandler();
-        }
+    public override SecurityToken ReadToken(string token)
+    {
+        if (string.IsNullOrWhiteSpace(token))
+            throw new ArgumentNullException(nameof(token));
 
-        public bool CanReadToken(string securityToken) => 
-            _defaultHandler.CanReadToken(securityToken);
+        return _defaultHandler.ReadJwtToken(token);
+    }
+
+    public override async Task<TokenValidationResult> ValidateTokenAsync(string token, TokenValidationParameters validationParameters)
+    {
+        await ValidateTokenAsync(token);
 
-        private async Task ValidateTokenAsync(string token)
+        try
         {
-            if (string.IsNullOrWhiteSpace(token))
-                return;
+            var jwtToken = ReadToken(token) as JwtSecurityToken;
 
-            using var httpClient = new HttpClient();
+            return new TokenValidationResult
+            {
+                ClaimsIdentity = new ClaimsIdentity(jwtToken.Claims, "Custom"),
+                SecurityToken = jwtToken,
+                IsValid = true
+            };
+        }
+        catch (Exception ex)
+        {
+            return new TokenValidationResult
+            {
+                Exception = ex
+            };
+        }
+    }
 
-            httpClient.DefaultRequestHeaders.Clear();
-            httpClient.DefaultRequestHeaders
-                .Accept
-                .Add(new MediaTypeWithQualityHeaderValue("application/json"));
-            httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);
+    public override async Task<TokenValidationResult> ValidateTokenAsync(SecurityToken token, TokenValidationParameters validationParameters)
+    {
+        ArgumentNullException.ThrowIfNull(token);
 
-            var response = await httpClient.GetAsync(_validateTokenUrl);
-            if (!response.IsSuccessStatusCode)
-                throw new SecurityTokenValidationException("Invalid token.");
+        var jwtToken = token as JwtSecurityToken ?? throw new ArgumentException("The token must be of type JwtSecurityToken.");
 
-            var result = bool.Parse(await response.Content.ReadAsStringAsync());
-            if (!result)
-                throw new SecurityTokenValidationException("Invalid token.");
-        }
+        await ValidateTokenAsync(jwtToken.RawData);
 
-        public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken)
+        return new TokenValidationResult
         {
-            ValidateTokenAsync(securityToken).GetAwaiter().GetResult();
+            ClaimsIdentity = new ClaimsIdentity(jwtToken.Claims, "Custom"),
+            SecurityToken = jwtToken,
+            IsValid = true
+        };
+    }
 
-            var jwtToken = _defaultHandler.ReadJwtToken(securityToken);
+    private async Task ValidateTokenAsync(string token)
+    {
+        if (string.IsNullOrWhiteSpace(token))
+            return;
 
-            var identity = new ClaimsIdentity(jwtToken.Claims, "Custom");
-            var principal = new ClaimsPrincipal(identity);
+        using var httpClient = _httpClientFactory.CreateClient();
 
-            validatedToken = jwtToken;
+        httpClient.DefaultRequestHeaders.Clear();
+        httpClient.DefaultRequestHeaders
+            .Accept
+            .Add(new MediaTypeWithQualityHeaderValue("application/json"));
+        httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);
 
-            return principal;
-        }
+        var response = await httpClient.GetAsync(_validateTokenUrl);
+        if (!response.IsSuccessStatusCode)
+            throw new SecurityTokenValidationException("Invalid token.");
+
+        var result = bool.Parse(await response.Content.ReadAsStringAsync());
+        if (!result)
+            throw new SecurityTokenValidationException("Invalid token.");
     }
 }

src/Services.Core/SenseNet.Services.Core.csproj

@@ -2,7 +2,7 @@
 
 	<PropertyGroup>
 		<TargetFramework>net8.0</TargetFramework>
-		<Version>1.1.1-alpha.3</Version>
+		<Version>1.1.1-alpha.4</Version>
 		<Authors>kavics,joe,tusmester,hashtagnulla</Authors>
 		<GeneratePackageOnBuild>true</GeneratePackageOnBuild>
 		<Company>Sense/Net Inc.</Company>

src/WebApps/SnWebApplication.Api.InMem.TokenAuth/Startup.cs

@@ -50,8 +50,8 @@ public void ConfigureServices(IServiceCollection services)
                             ValidateIssuerSigningKey = false
                         };
 
-                        options.SecurityTokenValidators.Clear();
-                        options.SecurityTokenValidators.Add(new SenseNetJwtSecurityTokenHandler(
+                        options.TokenHandlers.Clear();
+                        options.TokenHandlers.Add(new SenseNetJwtSecurityTokenHandler(
                             $"{authOptions.Authority}/api/auth/validate-token"));
                     }
                     else

src/WebApps/SnWebApplication.Api.Sql.SearchService.TokenAuth/Startup.cs

@@ -18,7 +18,6 @@
 using SenseNet.Search.Lucene29.Centralized.GrpcClient;
 using SenseNet.Security.Messaging.RabbitMQ;
 using SenseNet.Services.Core.Authentication;
-using SnWebApplication.Api.Sql.TokenAuth.TokenValidator;
 
 namespace SnWebApplication.Api.Sql.SearchService.TokenAuth
 {
@@ -55,8 +54,8 @@ public void ConfigureServices(IServiceCollection services)
                             ValidateIssuerSigningKey = false
                         };
 
-                        options.SecurityTokenValidators.Clear();
-                        options.SecurityTokenValidators.Add(new SenseNetJwtSecurityTokenHandler(
+                        options.TokenHandlers.Clear();
+                        options.TokenHandlers.Add(new SenseNetJwtSecurityTokenHandler(
                             $"{authOptions.Authority}/api/auth/validate-token"));
                     }
                     else

src/WebApps/SnWebApplication.Api.Sql.TokenAuth.Preview/Startup.cs

@@ -18,7 +18,6 @@
 using SenseNet.Extensions.DependencyInjection;
 using SenseNet.Search.Lucene29;
 using SenseNet.Services.Core.Authentication;
-using SnWebApplication.Api.Sql.TokenAuth.TokenValidator;
 
 namespace SnWebApplication.Api.Sql.TokenAuth.Preview
 {
@@ -55,8 +54,8 @@ public void ConfigureServices(IServiceCollection services)
                             ValidateIssuerSigningKey = false
                         };
 
-                        options.SecurityTokenValidators.Clear();
-                        options.SecurityTokenValidators.Add(new SenseNetJwtSecurityTokenHandler(
+                        options.TokenHandlers.Clear();
+                        options.TokenHandlers.Add(new SenseNetJwtSecurityTokenHandler(
                             $"{authOptions.Authority}/api/auth/validate-token"));
                     }
                     else

src/WebApps/SnWebApplication.Api.Sql.TokenAuth/Startup.cs

@@ -19,7 +19,6 @@
 using SenseNet.Extensions.DependencyInjection;
 using SenseNet.Search.Lucene29;
 using SenseNet.Services.Core.Authentication;
-using SnWebApplication.Api.Sql.TokenAuth.TokenValidator;
 
 namespace SnWebApplication.Api.Sql.TokenAuth
 {
@@ -56,8 +55,8 @@ public void ConfigureServices(IServiceCollection services)
                             ValidateIssuerSigningKey = false
                         };
 
-                        options.SecurityTokenValidators.Clear();
-                        options.SecurityTokenValidators.Add(new SenseNetJwtSecurityTokenHandler(
+                        options.TokenHandlers.Clear();
+                        options.TokenHandlers.Add(new SenseNetJwtSecurityTokenHandler(
                             $"{authOptions.Authority}/api/auth/validate-token"));
                     }
                     else