Introduce events support

.gitignore

@@ -21,6 +21,7 @@ x64/
 build/
 [Bb]in/
 [Oo]bj/
+.build/
 
 # Enable "build/" folder in the NuGet Packages folder since NuGet packages use it for MSBuild targets
 !packages/*/build/

src/AspNet.Security.OAuth.Introspection/AspNet.Security.OAuth.Introspection.xproj

@@ -4,17 +4,15 @@
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
   </PropertyGroup>
-
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>a8569260-142c-427a-8b14-a8df56cc15b7</ProjectGuid>
-    <RootNamespace>AspNet.Security.OpenIdConnect.Introspection</RootNamespace>
+    <RootNamespace>AspNet.Security.OAuth.Introspection</RootNamespace>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
     <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
   </PropertyGroup>
-
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
+</Project>

src/AspNet.Security.OAuth.Introspection/Events/BaseIntrospectionContext.cs

@@ -0,0 +1,33 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Extensions for more information
+ * concerning the license and the contributors participating to this project.
+ */
+
+using JetBrains.Annotations;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Http;
+
+namespace AspNet.Security.OAuth.Introspection {
+    /// <summary>
+    /// Base class for all introspection events that holds common properties.
+    /// </summary>
+    public abstract class BaseIntrospectionContext : BaseContext {
+        public BaseIntrospectionContext(
+            [NotNull]HttpContext context, 
+            [NotNull]OAuthIntrospectionOptions options) 
+            : base(context) {
+            Options = options;
+        }
+
+        /// <summary>
+        /// Indicates the application has handled the event process.
+        /// </summary>
+        internal bool Handled { get; set; }
+
+        /// <summary>
+        /// The middleware Options.
+        /// </summary>
+        public OAuthIntrospectionOptions Options { get; }
+    }
+}

src/AspNet.Security.OAuth.Introspection/Events/CreateTicketContext.cs

@@ -0,0 +1,48 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Extensions for more information
+ * concerning the license and the contributors participating to this project.
+ */
+
+using JetBrains.Annotations;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Http;
+using Newtonsoft.Json.Linq;
+
+namespace AspNet.Security.OAuth.Introspection {
+    /// <summary>
+    /// Allows interception of the AuthenticationTicket creation process.
+    /// </summary>
+    public class CreateTicketContext : BaseIntrospectionContext {
+        public CreateTicketContext(
+            [NotNull]HttpContext context,
+            [NotNull]OAuthIntrospectionOptions options,
+            [NotNull]JObject payload)
+            : base(context, options) {
+            Payload = payload;
+        }
+
+        /// <summary>
+        /// The payload from the introspection request to the authorization server.
+        /// </summary>
+        public JObject Payload { get; }
+
+        private AuthenticationTicket _ticket { get; set; }
+
+        /// <summary>
+        /// An <see cref="AuthenticationTicket"/> created by the application.
+        /// <remarks>
+        /// Set this property to indicate that the application has handled the creation of the
+        /// ticket. Set this property to null to instruct the middleware there was a failure
+        /// during ticket creation.
+        /// </remarks>
+        /// </summary>
+        public AuthenticationTicket Ticket {
+            get { return _ticket; }
+            set {
+                Handled = true;
+                _ticket = value;
+            }
+        }
+    }
+}

src/AspNet.Security.OAuth.Introspection/Events/IOAuthIntrospectionEvents.cs

@@ -0,0 +1,34 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Extensions for more information
+ * concerning the license and the contributors participating to this project.
+ */
+
+using System.Threading.Tasks;
+
+namespace AspNet.Security.OAuth.Introspection {
+    /// <summary>
+    /// Allows customization of introspection handling within the middleware.
+    /// </summary>
+    public interface IOAuthIntrospectionEvents {
+        /// <summary>
+        /// Invoked when a token is to be parsed from a newly-received request.
+        /// </summary>
+        Task ParseAccessToken(ParseAccessTokenContext context);
+
+        /// <summary>
+        /// Invoked when a ticket is to be created from an introspection response.
+        /// </summary>
+        Task CreateTicket(CreateTicketContext context);
+
+        /// <summary>
+        /// Invoked when a token is to be sent to the authorization server for introspection.
+        /// </summary>
+        Task RequestTokenIntrospection(RequestTokenIntrospectionContext context);
+
+        /// <summary>
+        /// Invoked when a token is to be validated, before final processing.
+        /// </summary>
+        Task ValidateToken(ValidateTokenContext context);
+    }
+}

src/AspNet.Security.OAuth.Introspection/Events/OAuthIntrospectionEvents.cs

@@ -0,0 +1,55 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Extensions for more information
+ * concerning the license and the contributors participating to this project.
+ */
+
+using System;
+using System.Threading.Tasks;
+
+namespace AspNet.Security.OAuth.Introspection {
+    /// <summary>
+    /// Allows customization of introspection handling within the middleware.
+    /// </summary>
+    public class OAuthIntrospectionEvents : IOAuthIntrospectionEvents {
+        /// <summary>
+        /// Invoked when a ticket is to be created from an introspection response.
+        /// </summary>
+        public Func<CreateTicketContext, Task> OnCreateTicket { get; set; } = context => Task.FromResult(0);
+
+        /// <summary>
+        /// Invoked when a token is to be parsed from a newly-received request.
+        /// </summary>
+        public Func<ParseAccessTokenContext, Task> OnParseAccessToken { get; set; } = context => Task.FromResult(0);
+
+        /// <summary>
+        /// Invoked when a token is to be sent to the authorization server for introspection.
+        /// </summary>
+        public Func<RequestTokenIntrospectionContext, Task> OnRequestTokenIntrospection { get; set; } = context => Task.FromResult(0);
+
+        /// <summary>
+        /// Invoked when a token is to be validated, before final processing.
+        /// </summary>
+        public Func<ValidateTokenContext, Task> OnValidateToken { get; set; } = context => Task.FromResult(0);
+
+        /// <summary>
+        /// Invoked when a ticket is to be created from an introspection response.
+        /// </summary>
+        public virtual Task CreateTicket(CreateTicketContext context) => OnCreateTicket(context);
+
+        /// <summary>
+        /// Invoked when a token is to be parsed from a newly-received request.
+        /// </summary>
+        public virtual Task ParseAccessToken(ParseAccessTokenContext context) => OnParseAccessToken(context);
+
+        /// <summary>
+        /// Invoked when a token is to be sent to the authorization server for introspection.
+        /// </summary>
+        public virtual Task RequestTokenIntrospection(RequestTokenIntrospectionContext context) => OnRequestTokenIntrospection(context);
+
+        /// <summary>
+        /// Invoked when a token is to be validated, before final processing.
+        /// </summary>
+        public virtual Task ValidateToken(ValidateTokenContext context) => OnValidateToken(context);
+    }
+}

src/AspNet.Security.OAuth.Introspection/Events/ParseAccessTokenContext.cs

@@ -0,0 +1,38 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Extensions for more information
+ * concerning the license and the contributors participating to this project.
+ */
+
+using JetBrains.Annotations;
+using Microsoft.AspNetCore.Http;
+
+namespace AspNet.Security.OAuth.Introspection {
+    /// <summary>
+    /// Allows custom parsing of access tokens from requests.
+    /// </summary>
+    public class ParseAccessTokenContext : BaseIntrospectionContext {
+        public ParseAccessTokenContext(
+            [NotNull]HttpContext context,
+            [NotNull]OAuthIntrospectionOptions options)
+            : base(context, options) {
+        }
+
+        private string _token { get; set; }
+
+        /// <summary>
+        /// Gets or sets the access token.
+        /// <remarks>
+        /// Setting this property indicates to the middleware that the request has been processed
+        /// and a token extracted. Setting this to null will invalidate the token.
+        /// </remarks>
+        /// </summary>
+        public string Token {
+            get { return _token; }
+            set {
+                Handled = true;
+                _token = value;
+            }
+        }
+    }
+}

src/AspNet.Security.OAuth.Introspection/Events/RequestTokenIntrospectionContext.cs

@@ -0,0 +1,53 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Extensions for more information
+ * concerning the license and the contributors participating to this project.
+ */
+
+using System.Net.Http;
+using Microsoft.AspNetCore.Http;
+using Newtonsoft.Json.Linq;
+using JetBrains.Annotations;
+
+namespace AspNet.Security.OAuth.Introspection {
+    /// <summary>
+    /// Allows for custom handling of the call to the Authorization Server's Introspection endpoint.
+    /// </summary>
+    public class RequestTokenIntrospectionContext : BaseIntrospectionContext {
+        public RequestTokenIntrospectionContext(
+            [NotNull]HttpContext context,
+            [NotNull]OAuthIntrospectionOptions options,
+            [NotNull]string token)
+            : base(context, options) {
+            Token = token;
+        }
+
+        /// <summary>
+        /// An <see cref="HttpClient"/> for use by the application to call the authorization server.
+        /// </summary>
+        public HttpClient Client => Options.HttpClient;
+
+        /// <summary>
+        /// The access token parsed from the client request.
+        /// </summary>
+        public string Token { get; }
+
+        private JObject _payload { get; set; }
+
+        /// <summary>
+        /// The data retrieved from the call to the introspection endpoint on the authorization server.
+        /// <remarks>
+        /// Set this property to indicate that the introspection call was handled
+        /// by the application. Set this property to null to instruct the middleware
+        /// to indicate a failure.
+        /// </remarks>
+        /// </summary>
+        public JObject Payload {
+            get { return _payload; }
+            set {
+                Handled = true;
+                Payload = value;
+            }
+        }
+    }
+}

src/AspNet.Security.OAuth.Introspection/Events/ValidateTokenContext.cs

@@ -0,0 +1,46 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Extensions for more information
+ * concerning the license and the contributors participating to this project.
+ */
+
+using JetBrains.Annotations;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Http;
+
+namespace AspNet.Security.OAuth.Introspection {
+    /// <summary>
+    /// Allows customization of the token validation logic.
+    /// </summary>
+    public class ValidateTokenContext : BaseIntrospectionContext {
+        public ValidateTokenContext(
+            [NotNull]HttpContext context,
+            [NotNull]OAuthIntrospectionOptions options,
+            [NotNull]AuthenticationTicket ticket) 
+            : base(context, options) {
+            Ticket = ticket;
+        }
+
+        /// <summary>
+        /// The <see cref="AuthenticationTicket"/> created from the introspection data.
+        /// </summary>
+        public AuthenticationTicket Ticket { get; }
+
+        private bool _isValid { get; set; } = true;
+
+        /// <summary>
+        /// Indicates the ticket is valid.
+        /// <remarks>
+        /// Setting this property indicates to the middleware that token validation
+        /// has been handled by the application.
+        /// </remarks>
+        /// </summary>
+        public bool IsValid {
+            get { return _isValid; }
+            set {
+                Handled = true;
+                _isValid = value;
+            }
+        }
+    }
+}

src/AspNet.Security.OAuth.Introspection/OAuthIntrospectionConstants.cs

@@ -27,6 +27,10 @@ public static class Parameters {
             public const string TokenTypeHint = "token_type_hint";
         }
 
+        public static class Properties {
+            public const string Audiences = ".audiences";
+        }
+
         public static class TokenTypes {
             public const string AccessToken = "access_token";
         }