From 9ff5396363ffaec0a3060cb30a4b58fc6687be60 Mon Sep 17 00:00:00 2001 From: Pranav K Date: Mon, 12 Oct 2020 13:54:32 -0700 Subject: [PATCH 1/3] Add docs for remaining security items * Google / Facebook / Microsoft Account auth * Authorization, Authorization.Policy Contributes to https://github.com/dotnet/aspnetcore/issues/26397 --- .../CertificateAuthenticationExtensions.cs | 10 ++-- .../Facebook/src/FacebookDefaults.cs | 22 ++++++++- .../Facebook/src/FacebookExtensions.cs | 44 +++++++++++++++++ .../Facebook/src/FacebookHandler.cs | 10 ++++ .../Facebook/src/FacebookOptions.cs | 13 +++-- ....AspNetCore.Authentication.Facebook.csproj | 4 +- .../Google/src/GoogleChallengeProperties.cs | 16 ++++++- .../Google/src/GoogleDefaults.cs | 23 ++++++++- .../Google/src/GoogleExtensions.cs | 45 ++++++++++++++++++ .../Google/src/GoogleHandler.cs | 10 +++- .../Google/src/GoogleOptions.cs | 6 ++- ...ft.AspNetCore.Authentication.Google.csproj | 4 +- ...ore.Authentication.MicrosoftAccount.csproj | 2 +- .../src/MicrosoftAccountDefaults.cs | 22 ++++++++- .../src/MicrosoftAccountExtensions.cs | 47 ++++++++++++++++++- .../src/MicrosoftAccountHandler.cs | 9 ++++ .../src/MicrosoftChallengeProperties.cs | 31 ++++++++++-- .../Core/src/AssertionRequirement.cs | 1 + .../Core/src/AuthorizationPolicyBuilder.cs | 32 +++++++------ .../Core/src/AuthorizationResult.cs | 10 +++- .../src/ClaimsAuthorizationRequirement.cs | 1 + .../DefaultAuthorizationHandlerProvider.cs | 1 + .../DenyAnonymousAuthorizationRequirement.cs | 1 + .../Microsoft.AspNetCore.Authorization.csproj | 2 +- .../Core/src/NameAuthorizationRequirement.cs | 1 + .../src/OperationAuthorizationRequirement.cs | 1 + .../Core/src/RolesAuthorizationRequirement.cs | 1 + .../src/AuthorizationAppBuilderExtensions.cs | 6 ++- ...tionEndpointConventionBuilderExtensions.cs | 2 - .../Policy/src/AuthorizationMiddleware.cs | 12 +++++ .../AuthorizationMiddlewareResultHandler.cs | 4 ++ .../IAuthorizationMiddlewareResultHandler.cs | 12 +++++ ...oft.AspNetCore.Authorization.Policy.csproj | 2 +- .../Policy/src/PolicyAuthorizationResult.cs | 20 ++++++++ .../Policy/src/PolicyEvaluator.cs | 3 ++ .../src/PolicyServiceCollectionExtensions.cs | 2 +- 36 files changed, 383 insertions(+), 49 deletions(-) diff --git a/src/Security/Authentication/Certificate/src/CertificateAuthenticationExtensions.cs b/src/Security/Authentication/Certificate/src/CertificateAuthenticationExtensions.cs index a1007108271a..fca00ee7eb1d 100644 --- a/src/Security/Authentication/Certificate/src/CertificateAuthenticationExtensions.cs +++ b/src/Security/Authentication/Certificate/src/CertificateAuthenticationExtensions.cs @@ -36,7 +36,7 @@ public static AuthenticationBuilder AddCertificate(this AuthenticationBuilder bu /// /// /// The . - /// + /// The authentication scheme. /// The . public static AuthenticationBuilder AddCertificate(this AuthenticationBuilder builder, string authenticationScheme) => builder.AddCertificate(authenticationScheme, configureOptions: null); @@ -50,7 +50,7 @@ public static AuthenticationBuilder AddCertificate(this AuthenticationBuilder bu /// /// /// The . - /// + /// A delegate to configure . /// The . public static AuthenticationBuilder AddCertificate(this AuthenticationBuilder builder, Action configureOptions) => builder.AddCertificate(CertificateAuthenticationDefaults.AuthenticationScheme, configureOptions); @@ -64,8 +64,8 @@ public static AuthenticationBuilder AddCertificate(this AuthenticationBuilder bu /// /// /// The . - /// - /// + /// The authentication scheme. + /// A delegate to configure . /// The . public static AuthenticationBuilder AddCertificate( this AuthenticationBuilder builder, @@ -82,7 +82,7 @@ public static AuthenticationBuilder AddCertificate( /// /// /// The . - /// + /// A delegate to configure . /// The . public static AuthenticationBuilder AddCertificateCache( this AuthenticationBuilder builder, diff --git a/src/Security/Authentication/Facebook/src/FacebookDefaults.cs b/src/Security/Authentication/Facebook/src/FacebookDefaults.cs index bab049a7bf73..6ca5c3c0726b 100644 --- a/src/Security/Authentication/Facebook/src/FacebookDefaults.cs +++ b/src/Security/Authentication/Facebook/src/FacebookDefaults.cs @@ -3,17 +3,37 @@ namespace Microsoft.AspNetCore.Authentication.Facebook { + /// + /// Default values related to Facebook-based authentication handler. + /// public static class FacebookDefaults { + /// + /// The default scheme for Facebook authentication. Defaults to Facebook. + /// public const string AuthenticationScheme = "Facebook"; + /// + /// The default display name for Facebook authentication. Defaults to Facebook. + /// public static readonly string DisplayName = "Facebook"; - // https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow#login + /// + /// The default endpoint used to perform Facebook authentication. + /// + /// + /// For more details about this endpoint, see https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow#login. + /// public static readonly string AuthorizationEndpoint = "https://www.facebook.com/v8.0/dialog/oauth"; + /// + /// The OAuth endpoint used to exchange access tokens. + /// public static readonly string TokenEndpoint = "https://graph.facebook.com/v8.0/oauth/access_token"; + /// + /// The Facebook Graph API endpoint that is used to gather additional user information. + /// public static readonly string UserInformationEndpoint = "https://graph.facebook.com/v8.0/me"; } } diff --git a/src/Security/Authentication/Facebook/src/FacebookExtensions.cs b/src/Security/Authentication/Facebook/src/FacebookExtensions.cs index 2273724a42ff..7af0077e23bc 100644 --- a/src/Security/Authentication/Facebook/src/FacebookExtensions.cs +++ b/src/Security/Authentication/Facebook/src/FacebookExtensions.cs @@ -7,17 +7,61 @@ namespace Microsoft.Extensions.DependencyInjection { + /// + /// Extension methods to configure Facebook OAuth authentication. + /// public static class FacebookAuthenticationOptionsExtensions { + /// + /// Adds Facebook OAuth-based authentication to using the default scheme. + /// The default scheme is specified by . + /// + /// Facebook authentication allows application users to sign in with their Facebook account. + /// + /// + /// The . + /// A reference to after the operation has completed. public static AuthenticationBuilder AddFacebook(this AuthenticationBuilder builder) => builder.AddFacebook(FacebookDefaults.AuthenticationScheme, _ => { }); + /// + /// Adds Facebook OAuth-based authentication to using the default scheme. + /// The default scheme is specified by . + /// + /// Facebook authentication allows application users to sign in with their Facebook account. + /// + /// + /// The . + /// A delegate to configure . + /// A reference to after the operation has completed. public static AuthenticationBuilder AddFacebook(this AuthenticationBuilder builder, Action configureOptions) => builder.AddFacebook(FacebookDefaults.AuthenticationScheme, configureOptions); + /// + /// Adds Facebook OAuth-based authentication to using the default scheme. + /// The default scheme is specified by . + /// + /// Facebook authentication allows application users to sign in with their Facebook account. + /// + /// + /// The . + /// The authentication scheme. + /// A delegate to configure . + /// A reference to after the operation has completed. public static AuthenticationBuilder AddFacebook(this AuthenticationBuilder builder, string authenticationScheme, Action configureOptions) => builder.AddFacebook(authenticationScheme, FacebookDefaults.DisplayName, configureOptions); + /// + /// Adds Facebook OAuth-based authentication to using the default scheme. + /// The default scheme is specified by . + /// + /// Facebook authentication allows application users to sign in with their Facebook account. + /// + /// + /// The . + /// The authentication scheme. + /// A display name for the authentication handler. + /// A delegate to configure . public static AuthenticationBuilder AddFacebook(this AuthenticationBuilder builder, string authenticationScheme, string displayName, Action configureOptions) => builder.AddOAuth(authenticationScheme, displayName, configureOptions); } diff --git a/src/Security/Authentication/Facebook/src/FacebookHandler.cs b/src/Security/Authentication/Facebook/src/FacebookHandler.cs index 7fe350385e80..fe8c4a9d3fea 100644 --- a/src/Security/Authentication/Facebook/src/FacebookHandler.cs +++ b/src/Security/Authentication/Facebook/src/FacebookHandler.cs @@ -17,12 +17,20 @@ namespace Microsoft.AspNetCore.Authentication.Facebook { + /// + /// Authentication handler for Facebook's OAuth based authentication. + /// public class FacebookHandler : OAuthHandler { + /// + /// Initializes a new instance of . + /// + /// public FacebookHandler(IOptionsMonitor options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock) : base(options, logger, encoder, clock) { } + /// protected override async Task CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, OAuthTokenResponse tokens) { var endpoint = QueryHelpers.AddQueryString(Options.UserInformationEndpoint, "access_token", tokens.AccessToken); @@ -64,6 +72,7 @@ private string GenerateAppSecretProof(string accessToken) } } + /// protected override string FormatScope(IEnumerable scopes) { // Facebook deviates from the OAuth spec here. They require comma separated instead of space separated. @@ -72,6 +81,7 @@ protected override string FormatScope(IEnumerable scopes) return string.Join(",", scopes); } + /// protected override string FormatScope() => base.FormatScope(); } diff --git a/src/Security/Authentication/Facebook/src/FacebookOptions.cs b/src/Security/Authentication/Facebook/src/FacebookOptions.cs index c2078a017bf2..cc2eb9c9e4fa 100644 --- a/src/Security/Authentication/Facebook/src/FacebookOptions.cs +++ b/src/Security/Authentication/Facebook/src/FacebookOptions.cs @@ -3,9 +3,8 @@ using System; using System.Collections.Generic; -using System.Security.Claims; -using Microsoft.AspNetCore.Authentication; using System.Globalization; +using System.Security.Claims; using Microsoft.AspNetCore.Authentication.OAuth; using Microsoft.AspNetCore.Http; @@ -68,7 +67,7 @@ public override void Validate() // Facebook uses a non-standard term for this field. /// - /// Gets or sets the Facebook-assigned appId. + /// Gets or sets the Facebook-assigned App ID. /// public string AppId { @@ -87,15 +86,19 @@ public string AppSecret } /// - /// Gets or sets if the appsecret_proof should be generated and sent with Facebook API calls. - /// This is enabled by default. + /// Gets or sets if the appsecret_proof should be generated and sent with Facebook API calls. /// + /// See https://developers.facebook.com/docs/graph-api/securing-requests/#appsecret_proof for more details. + /// Defaults to . public bool SendAppSecretProof { get; set; } /// /// The list of fields to retrieve from the UserInformationEndpoint. /// https://developers.facebook.com/docs/graph-api/reference/user /// + /// + /// Defaults to include the following fields: "name", "email", "first_name", and "last_name". + /// public ICollection Fields { get; } = new HashSet(); } } diff --git a/src/Security/Authentication/Facebook/src/Microsoft.AspNetCore.Authentication.Facebook.csproj b/src/Security/Authentication/Facebook/src/Microsoft.AspNetCore.Authentication.Facebook.csproj index 12e6e562b556..36f93e275b67 100644 --- a/src/Security/Authentication/Facebook/src/Microsoft.AspNetCore.Authentication.Facebook.csproj +++ b/src/Security/Authentication/Facebook/src/Microsoft.AspNetCore.Authentication.Facebook.csproj @@ -1,9 +1,9 @@ - + ASP.NET Core middleware that enables an application to support Facebook's OAuth 2.0 authentication workflow. $(DefaultNetCoreTargetFramework) - $(NoWarn);CS1591 + $(NoWarn.Replace('1591', '')) true aspnetcore;authentication;security diff --git a/src/Security/Authentication/Google/src/GoogleChallengeProperties.cs b/src/Security/Authentication/Google/src/GoogleChallengeProperties.cs index 714df4565522..a2cfaef1d03a 100644 --- a/src/Security/Authentication/Google/src/GoogleChallengeProperties.cs +++ b/src/Security/Authentication/Google/src/GoogleChallengeProperties.cs @@ -1,8 +1,11 @@ -using System.Collections.Generic; +using System.Collections.Generic; using Microsoft.AspNetCore.Authentication.OAuth; namespace Microsoft.AspNetCore.Authentication.Google { + /// + /// for a Google OAuth challenge. + /// public class GoogleChallengeProperties : OAuthChallengeProperties { /// @@ -30,13 +33,24 @@ public class GoogleChallengeProperties : OAuthChallengeProperties /// public static readonly string PromptParameterKey = "prompt"; + /// + /// Initializes a new instance of . + /// public GoogleChallengeProperties() { } + /// + /// Initializes a new instance of . + /// + /// public GoogleChallengeProperties(IDictionary items) : base(items) { } + /// + /// Initializes a new instance of . + /// + /// public GoogleChallengeProperties(IDictionary items, IDictionary parameters) : base(items, parameters) { } diff --git a/src/Security/Authentication/Google/src/GoogleDefaults.cs b/src/Security/Authentication/Google/src/GoogleDefaults.cs index 006abde8b396..5c2a29200e3e 100644 --- a/src/Security/Authentication/Google/src/GoogleDefaults.cs +++ b/src/Security/Authentication/Google/src/GoogleDefaults.cs @@ -10,16 +10,35 @@ namespace Microsoft.AspNetCore.Authentication.Google /// public static class GoogleDefaults { + /// + /// The default scheme for Google authentication. Defaults to Google. + /// public const string AuthenticationScheme = "Google"; + /// + /// The default display name for Google authentication. Defaults to Google. + /// public static readonly string DisplayName = "Google"; - // https://developers.google.com/identity/protocols/oauth2/web-server#httprest + /// + /// The default endpoint used to perform Google authentication. + /// + /// + /// For more details about this endpoint, see https://developers.google.com/identity/protocols/oauth2/web-server#httprest + /// public static readonly string AuthorizationEndpoint = "https://accounts.google.com/o/oauth2/v2/auth"; + /// + /// The OAuth endpoint used to exchange access tokens. + /// public static readonly string TokenEndpoint = "https://oauth2.googleapis.com/token"; - // https://developers.google.com/apis-explorer/#search/oauth2/oauth2/v2/ + /// + /// The Google endpoint that is used to gather additional user information. + /// + /// + /// For more details about this endpoint, see https://developers.google.com/apis-explorer/#search/oauth2/oauth2/v2/. + /// public static readonly string UserInformationEndpoint = "https://www.googleapis.com/oauth2/v2/userinfo"; } } diff --git a/src/Security/Authentication/Google/src/GoogleExtensions.cs b/src/Security/Authentication/Google/src/GoogleExtensions.cs index 95547014ca2e..655efa404075 100644 --- a/src/Security/Authentication/Google/src/GoogleExtensions.cs +++ b/src/Security/Authentication/Google/src/GoogleExtensions.cs @@ -7,17 +7,62 @@ namespace Microsoft.Extensions.DependencyInjection { + /// + /// Extension methods to configure Google OAuth authentication. + /// public static class GoogleExtensions { + /// + /// Adds Google OAuth-based authentication to using the default scheme. + /// The default scheme is specified by . + /// + /// Google authentication allows application users to sign in with their Google account. + /// + /// + /// The . + /// A reference to after the operation has completed. public static AuthenticationBuilder AddGoogle(this AuthenticationBuilder builder) => builder.AddGoogle(GoogleDefaults.AuthenticationScheme, _ => { }); + /// + /// Adds Google OAuth-based authentication to using the default scheme. + /// The default scheme is specified by . + /// + /// Google authentication allows application users to sign in with their Google account. + /// + /// + /// The . + /// A delegate to configure . + /// A reference to after the operation has completed. public static AuthenticationBuilder AddGoogle(this AuthenticationBuilder builder, Action configureOptions) => builder.AddGoogle(GoogleDefaults.AuthenticationScheme, configureOptions); + /// + /// Adds Google OAuth-based authentication to using the default scheme. + /// The default scheme is specified by . + /// + /// Google authentication allows application users to sign in with their Google account. + /// + /// + /// The . + /// The authentication scheme. + /// A delegate to configure . + /// A reference to after the operation has completed. public static AuthenticationBuilder AddGoogle(this AuthenticationBuilder builder, string authenticationScheme, Action configureOptions) => builder.AddGoogle(authenticationScheme, GoogleDefaults.DisplayName, configureOptions); + /// + /// Adds Google OAuth-based authentication to using the default scheme. + /// The default scheme is specified by . + /// + /// Google authentication allows application users to sign in with their Google account. + /// + /// + /// The . + /// The authentication scheme. + /// A display name for the authentication handler. + /// A delegate to configure . + /// A reference to after the operation has completed. public static AuthenticationBuilder AddGoogle(this AuthenticationBuilder builder, string authenticationScheme, string displayName, Action configureOptions) => builder.AddOAuth(authenticationScheme, displayName, configureOptions); } diff --git a/src/Security/Authentication/Google/src/GoogleHandler.cs b/src/Security/Authentication/Google/src/GoogleHandler.cs index 84f713f4404a..6c703609599b 100644 --- a/src/Security/Authentication/Google/src/GoogleHandler.cs +++ b/src/Security/Authentication/Google/src/GoogleHandler.cs @@ -16,12 +16,20 @@ namespace Microsoft.AspNetCore.Authentication.Google { + /// + /// Authentication handler for Google's OAuth based authentication. + /// public class GoogleHandler : OAuthHandler { + /// + /// Initializes a new instance of . + /// + /// public GoogleHandler(IOptionsMonitor options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock) : base(options, logger, encoder, clock) { } + /// protected override async Task CreateTicketAsync( ClaimsIdentity identity, AuthenticationProperties properties, @@ -46,7 +54,7 @@ protected override async Task CreateTicketAsync( } } - // TODO: Abstract this properties override pattern into the base class? + /// protected override string BuildChallengeUrl(AuthenticationProperties properties, string redirectUri) { // Google Identity Platform Manual: diff --git a/src/Security/Authentication/Google/src/GoogleOptions.cs b/src/Security/Authentication/Google/src/GoogleOptions.cs index 9d08bfc56a87..5c8937d383db 100644 --- a/src/Security/Authentication/Google/src/GoogleOptions.cs +++ b/src/Security/Authentication/Google/src/GoogleOptions.cs @@ -34,7 +34,11 @@ public GoogleOptions() } /// - /// access_type. Set to 'offline' to request a refresh token. + /// Indicates whether your application can refresh access tokens when the user is not present at the browser. + /// Valid values are online, which is the default value, and offline. + /// + /// Set the value to offline if your application needs to refresh access tokens when the user is not present at the browser. + /// /// public string AccessType { get; set; } } diff --git a/src/Security/Authentication/Google/src/Microsoft.AspNetCore.Authentication.Google.csproj b/src/Security/Authentication/Google/src/Microsoft.AspNetCore.Authentication.Google.csproj index cfbc074c0e3a..0dba04e82bc4 100644 --- a/src/Security/Authentication/Google/src/Microsoft.AspNetCore.Authentication.Google.csproj +++ b/src/Security/Authentication/Google/src/Microsoft.AspNetCore.Authentication.Google.csproj @@ -1,9 +1,9 @@ - + ASP.NET Core contains middleware to support Google's OpenId and OAuth 2.0 authentication workflows. $(DefaultNetCoreTargetFramework) - $(NoWarn);CS1591 + $(NoWarn.Replace('1591', '')) true aspnetcore;authentication;security diff --git a/src/Security/Authentication/MicrosoftAccount/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj b/src/Security/Authentication/MicrosoftAccount/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj index 8b60e587d132..7cacb73ac213 100644 --- a/src/Security/Authentication/MicrosoftAccount/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj +++ b/src/Security/Authentication/MicrosoftAccount/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj @@ -3,7 +3,7 @@ ASP.NET Core middleware that enables an application to support the Microsoft Account authentication workflow. $(DefaultNetCoreTargetFramework) - $(NoWarn);CS1591 + $(NoWarn.Replace('1591', '')) true aspnetcore;authentication;security diff --git a/src/Security/Authentication/MicrosoftAccount/src/MicrosoftAccountDefaults.cs b/src/Security/Authentication/MicrosoftAccount/src/MicrosoftAccountDefaults.cs index 0421fa14b4ad..f89fb757c20e 100644 --- a/src/Security/Authentication/MicrosoftAccount/src/MicrosoftAccountDefaults.cs +++ b/src/Security/Authentication/MicrosoftAccount/src/MicrosoftAccountDefaults.cs @@ -3,17 +3,37 @@ namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount { + /// + /// Default values for Microsoft account authentication + /// public static class MicrosoftAccountDefaults { + /// + /// The default scheme for Microsoft account authentication. Defaults to Microsoft. + /// public const string AuthenticationScheme = "Microsoft"; + /// + /// The default display name for Microsoft account authentication. Defaults to Microsoft. + /// public static readonly string DisplayName = "Microsoft"; - // https://developer.microsoft.com/en-us/graph/docs/concepts/auth_v2_user + /// + /// The default endpoint used to perform Microsoft account authentication. + /// + /// + /// For more details about this endpoint, see https://developer.microsoft.com/en-us/graph/docs/concepts/auth_v2_user + /// public static readonly string AuthorizationEndpoint = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"; + /// + /// The OAuth endpoint used to exchange access tokens. + /// public static readonly string TokenEndpoint = "https://login.microsoftonline.com/common/oauth2/v2.0/token"; + /// + /// The Microsoft Graph API endpoint that is used to gather additional user information. + /// public static readonly string UserInformationEndpoint = "https://graph.microsoft.com/v1.0/me"; } } diff --git a/src/Security/Authentication/MicrosoftAccount/src/MicrosoftAccountExtensions.cs b/src/Security/Authentication/MicrosoftAccount/src/MicrosoftAccountExtensions.cs index 7f24e5af77a6..fc88468654e3 100644 --- a/src/Security/Authentication/MicrosoftAccount/src/MicrosoftAccountExtensions.cs +++ b/src/Security/Authentication/MicrosoftAccount/src/MicrosoftAccountExtensions.cs @@ -7,18 +7,63 @@ namespace Microsoft.Extensions.DependencyInjection { + /// + /// Extension methods to configure Microsoft Account OAuth authentication. + /// public static class MicrosoftAccountExtensions { + /// + /// Adds Microsoft Account OAuth-based authentication to using the default scheme. + /// The default scheme is specified by . + /// + /// Microsoft Account authentication allows application users to sign in with their work, school, or personal Microsoft account. + /// + /// + /// The . + /// A reference to after the operation has completed. public static AuthenticationBuilder AddMicrosoftAccount(this AuthenticationBuilder builder) => builder.AddMicrosoftAccount(MicrosoftAccountDefaults.AuthenticationScheme, _ => { }); + /// + /// Adds Microsoft Account OAuth-based authentication to using the default scheme. + /// The default scheme is specified by . + /// + /// Microsoft Account authentication allows application users to sign in with their work, school, or personal Microsoft account. + /// + /// + /// The . + /// A delegate to configure . + /// A reference to after the operation has completed. public static AuthenticationBuilder AddMicrosoftAccount(this AuthenticationBuilder builder, Action configureOptions) => builder.AddMicrosoftAccount(MicrosoftAccountDefaults.AuthenticationScheme, configureOptions); + /// + /// Adds Microsoft Account OAuth-based authentication to using the default scheme. + /// The default scheme is specified by . + /// + /// Microsoft Account authentication allows application users to sign in with their work, school, or personal Microsoft account. + /// + /// + /// The . + /// The authentication scheme. + /// A delegate to configure . + /// A reference to after the operation has completed. public static AuthenticationBuilder AddMicrosoftAccount(this AuthenticationBuilder builder, string authenticationScheme, Action configureOptions) => builder.AddMicrosoftAccount(authenticationScheme, MicrosoftAccountDefaults.DisplayName, configureOptions); + /// + /// Adds Microsoft Account OAuth-based authentication to using the default scheme. + /// The default scheme is specified by . + /// + /// Microsoft Account authentication allows application users to sign in with their work, school, or personal Microsoft account. + /// + /// + /// The . + /// The authentication scheme. + /// A display name for the authentication handler. + /// A delegate to configure . + /// A reference to after the operation has completed. public static AuthenticationBuilder AddMicrosoftAccount(this AuthenticationBuilder builder, string authenticationScheme, string displayName, Action configureOptions) => builder.AddOAuth(authenticationScheme, displayName, configureOptions); } -} \ No newline at end of file +} diff --git a/src/Security/Authentication/MicrosoftAccount/src/MicrosoftAccountHandler.cs b/src/Security/Authentication/MicrosoftAccount/src/MicrosoftAccountHandler.cs index d16a8c1301f1..796a5750fd28 100644 --- a/src/Security/Authentication/MicrosoftAccount/src/MicrosoftAccountHandler.cs +++ b/src/Security/Authentication/MicrosoftAccount/src/MicrosoftAccountHandler.cs @@ -18,12 +18,20 @@ namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount { + /// + /// Authentication handler for Microsoft Account based authentication. + /// public class MicrosoftAccountHandler : OAuthHandler { + /// + /// Initializes a new instance of . + /// + /// public MicrosoftAccountHandler(IOptionsMonitor options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock) : base(options, logger, encoder, clock) { } + /// protected override async Task CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, OAuthTokenResponse tokens) { var request = new HttpRequestMessage(HttpMethod.Get, Options.UserInformationEndpoint); @@ -44,6 +52,7 @@ protected override async Task CreateTicketAsync(ClaimsIden } } + /// protected override string BuildChallengeUrl(AuthenticationProperties properties, string redirectUri) { var queryStrings = new Dictionary diff --git a/src/Security/Authentication/MicrosoftAccount/src/MicrosoftChallengeProperties.cs b/src/Security/Authentication/MicrosoftAccount/src/MicrosoftChallengeProperties.cs index 4e9737b50942..a5fa744cec3d 100644 --- a/src/Security/Authentication/MicrosoftAccount/src/MicrosoftChallengeProperties.cs +++ b/src/Security/Authentication/MicrosoftAccount/src/MicrosoftChallengeProperties.cs @@ -4,6 +4,7 @@ namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount { /// + /// for Microsoft OAuth challenge request. /// See https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow#request-an-authorization-code for reference /// public class MicrosoftChallengeProperties : OAuthChallengeProperties @@ -28,19 +29,31 @@ public class MicrosoftChallengeProperties : OAuthChallengeProperties /// public static readonly string PromptKey = "prompt"; + /// + /// Initializes a new instance for . + /// public MicrosoftChallengeProperties() { } + /// + /// Initializes a new instance for . + /// + /// public MicrosoftChallengeProperties(IDictionary items) : base(items) { } + /// + /// Initializes a new instance for . + /// + /// public MicrosoftChallengeProperties(IDictionary items, IDictionary parameters) : base(items, parameters) { } /// - /// The "response_mode" parameter value being used for a challenge request. + /// Gets or sets the value for the response_mode parameter used for a challenge request. The response mode specifies the method + /// that should be used to send the resulting token back to the app. Can be one of the following: query, fragment, form_post. /// public string ResponseMode { @@ -49,7 +62,11 @@ public string ResponseMode } /// - /// The "domain_hint" parameter value being used for a challenge request. + /// Gets or sets the value for the "domain_hint" parameter value being used for a challenge request. + /// + /// If included, authentication will skip the email-based discovery process that user goes through on the sign-in page, + /// leading to a slightly more streamlined user experience + /// /// public string DomainHint { @@ -58,7 +75,10 @@ public string DomainHint } /// - /// The "login_hint" parameter value being used for a challenge request. + /// Gets or sets the value for the "login_hint" parameter value being used for a challenge request. + /// + /// Can be used to pre-fill the username/email address field of the sign-in page for the user, if their username is known ahead of time. + /// /// public string LoginHint { @@ -67,7 +87,10 @@ public string LoginHint } /// - /// The "prompt" parameter value being used for a challenge request. + /// Gets or sets the value for the "prompt" parameter value being used for a challenge request. + /// + /// Indicates the type of user interaction that is required. The only valid values at this time are login, none, and consent. + /// /// public string Prompt { diff --git a/src/Security/Authorization/Core/src/AssertionRequirement.cs b/src/Security/Authorization/Core/src/AssertionRequirement.cs index 0c31f5710540..b5fc210ab77c 100644 --- a/src/Security/Authorization/Core/src/AssertionRequirement.cs +++ b/src/Security/Authorization/Core/src/AssertionRequirement.cs @@ -57,6 +57,7 @@ public async Task HandleAsync(AuthorizationHandlerContext context) } } + /// public override string ToString() { return $"{nameof(Handler)} assertion should evaluate to true."; diff --git a/src/Security/Authorization/Core/src/AuthorizationPolicyBuilder.cs b/src/Security/Authorization/Core/src/AuthorizationPolicyBuilder.cs index ffcc339aae0a..8def57d1b22c 100644 --- a/src/Security/Authorization/Core/src/AuthorizationPolicyBuilder.cs +++ b/src/Security/Authorization/Core/src/AuthorizationPolicyBuilder.cs @@ -10,7 +10,7 @@ namespace Microsoft.AspNetCore.Authorization { /// - /// Used for building policies during application startup. + /// Used for building policies. /// public class AuthorizationPolicyBuilder { @@ -26,7 +26,7 @@ public AuthorizationPolicyBuilder(params string[] authenticationSchemes) /// /// Creates a new instance of . /// - /// The to build. + /// The to copy. public AuthorizationPolicyBuilder(AuthorizationPolicy policy) { Combine(policy); @@ -41,6 +41,9 @@ public AuthorizationPolicyBuilder(AuthorizationPolicy policy) /// /// Gets or sets a list authentication schemes the /// are evaluated against. + /// + /// When not specified, the requirements are evaluated against default schemes. + /// /// public IList AuthenticationSchemes { get; set; } = new List(); @@ -92,8 +95,8 @@ public AuthorizationPolicyBuilder Combine(AuthorizationPolicy policy) } /// - /// Adds a - /// to the current instance. + /// Adds a to the current instance which requires + /// that the current user has the specified claim and that the claim value must be one of the allowed values. /// /// The claim type required. /// Values the claim must process one or more of for evaluation to succeed. @@ -109,8 +112,8 @@ public AuthorizationPolicyBuilder RequireClaim(string claimType, params string[] } /// - /// Adds a - /// to the current instance. + /// Adds a to the current instance which requires + /// that the current user has the specified claim and that the claim value must be one of the allowed values. /// /// The claim type required. /// Values the claim must process one or more of for evaluation to succeed. @@ -127,8 +130,8 @@ public AuthorizationPolicyBuilder RequireClaim(string claimType, IEnumerable - /// Adds a - /// to the current instance. + /// Adds a to the current instance which requires + /// that the current user has the specified claim. /// /// The claim type required, with no restrictions on claim value. /// A reference to this instance after the operation has completed. @@ -144,8 +147,8 @@ public AuthorizationPolicyBuilder RequireClaim(string claimType) } /// - /// Adds a - /// to the current instance. + /// Adds a to the current instance which enforces that the current user + /// must have at least one of the specified roles. /// /// The allowed roles. /// A reference to this instance after the operation has completed. @@ -160,8 +163,8 @@ public AuthorizationPolicyBuilder RequireRole(params string[] roles) } /// - /// Adds a - /// to the current instance. + /// Adds a to the current instance which enforces that the current user + /// must have at least one of the specified roles. /// /// The allowed roles. /// A reference to this instance after the operation has completed. @@ -177,8 +180,7 @@ public AuthorizationPolicyBuilder RequireRole(IEnumerable roles) } /// - /// Adds a - /// to the current instance. + /// Adds a to the current instance which enforces that the current user matches the specified name. /// /// The user name the current user must possess. /// A reference to this instance after the operation has completed. @@ -194,7 +196,7 @@ public AuthorizationPolicyBuilder RequireUserName(string userName) } /// - /// Adds a to the current instance. + /// Adds to the current instance which enforces that the current user is authenticated. /// /// A reference to this instance after the operation has completed. public AuthorizationPolicyBuilder RequireAuthenticatedUser() diff --git a/src/Security/Authorization/Core/src/AuthorizationResult.cs b/src/Security/Authorization/Core/src/AuthorizationResult.cs index 416e74daec2c..453ca2e0bd10 100644 --- a/src/Security/Authorization/Core/src/AuthorizationResult.cs +++ b/src/Security/Authorization/Core/src/AuthorizationResult.cs @@ -2,7 +2,6 @@ // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. using System.Collections.Generic; -using System.Diagnostics.CodeAnalysis; using System.Security.Claims; namespace Microsoft.AspNetCore.Authorization @@ -30,8 +29,17 @@ private AuthorizationResult() { } /// A successful result. public static AuthorizationResult Success() => new AuthorizationResult { Succeeded = true }; + /// + /// Creates a failed authorization result. + /// + /// Contains information about why authorization failed. + /// The . public static AuthorizationResult Failed(AuthorizationFailure failure) => new AuthorizationResult { Failure = failure }; + /// + /// Creates a failed authorization result. + /// + /// The . public static AuthorizationResult Failed() => new AuthorizationResult { Failure = AuthorizationFailure.ExplicitFail() }; } diff --git a/src/Security/Authorization/Core/src/ClaimsAuthorizationRequirement.cs b/src/Security/Authorization/Core/src/ClaimsAuthorizationRequirement.cs index 9a898176bbd0..a1d603e2dd46 100644 --- a/src/Security/Authorization/Core/src/ClaimsAuthorizationRequirement.cs +++ b/src/Security/Authorization/Core/src/ClaimsAuthorizationRequirement.cs @@ -71,6 +71,7 @@ protected override Task HandleRequirementAsync(AuthorizationHandlerContext conte return Task.CompletedTask; } + /// public override string ToString() { var value = (AllowedValues == null || !AllowedValues.Any()) diff --git a/src/Security/Authorization/Core/src/DefaultAuthorizationHandlerProvider.cs b/src/Security/Authorization/Core/src/DefaultAuthorizationHandlerProvider.cs index d297d4cdc6f3..db6934b82d96 100644 --- a/src/Security/Authorization/Core/src/DefaultAuthorizationHandlerProvider.cs +++ b/src/Security/Authorization/Core/src/DefaultAuthorizationHandlerProvider.cs @@ -29,6 +29,7 @@ public DefaultAuthorizationHandlerProvider(IEnumerable ha _handlers = handlers; } + /// public Task> GetHandlersAsync(AuthorizationHandlerContext context) => Task.FromResult(_handlers); } diff --git a/src/Security/Authorization/Core/src/DenyAnonymousAuthorizationRequirement.cs b/src/Security/Authorization/Core/src/DenyAnonymousAuthorizationRequirement.cs index ccb896bbe118..0d0c22d5f9e6 100644 --- a/src/Security/Authorization/Core/src/DenyAnonymousAuthorizationRequirement.cs +++ b/src/Security/Authorization/Core/src/DenyAnonymousAuthorizationRequirement.cs @@ -30,6 +30,7 @@ protected override Task HandleRequirementAsync(AuthorizationHandlerContext conte return Task.CompletedTask; } + /// public override string ToString() { return $"{nameof(DenyAnonymousAuthorizationRequirement)}: Requires an authenticated user."; diff --git a/src/Security/Authorization/Core/src/Microsoft.AspNetCore.Authorization.csproj b/src/Security/Authorization/Core/src/Microsoft.AspNetCore.Authorization.csproj index 904fe35cf82d..8bb6f76bee48 100644 --- a/src/Security/Authorization/Core/src/Microsoft.AspNetCore.Authorization.csproj +++ b/src/Security/Authorization/Core/src/Microsoft.AspNetCore.Authorization.csproj @@ -8,7 +8,7 @@ Microsoft.AspNetCore.Authorization.AuthorizeAttribute $(DefaultNetFxTargetFramework);netstandard2.0;$(DefaultNetCoreTargetFramework) $(DefaultNetCoreTargetFramework) true - $(NoWarn);CS1591 + $(NoWarn.Replace('1591', '')) true aspnetcore;authorization enable diff --git a/src/Security/Authorization/Core/src/NameAuthorizationRequirement.cs b/src/Security/Authorization/Core/src/NameAuthorizationRequirement.cs index 36cee10aac63..4a6c930054cd 100644 --- a/src/Security/Authorization/Core/src/NameAuthorizationRequirement.cs +++ b/src/Security/Authorization/Core/src/NameAuthorizationRequirement.cs @@ -49,6 +49,7 @@ protected override Task HandleRequirementAsync(AuthorizationHandlerContext conte return Task.CompletedTask; } + /// public override string ToString() { return $"{nameof(NameAuthorizationRequirement)}:Requires a user identity with Name equal to {RequiredName}"; diff --git a/src/Security/Authorization/Core/src/OperationAuthorizationRequirement.cs b/src/Security/Authorization/Core/src/OperationAuthorizationRequirement.cs index 51cb29ed2004..0e0c4580a0f1 100644 --- a/src/Security/Authorization/Core/src/OperationAuthorizationRequirement.cs +++ b/src/Security/Authorization/Core/src/OperationAuthorizationRequirement.cs @@ -14,6 +14,7 @@ public class OperationAuthorizationRequirement : IAuthorizationRequirement /// public string Name { get; set; } = default!; + /// public override string ToString() { return $"{nameof(OperationAuthorizationRequirement)}:Name={Name}"; diff --git a/src/Security/Authorization/Core/src/RolesAuthorizationRequirement.cs b/src/Security/Authorization/Core/src/RolesAuthorizationRequirement.cs index e5a2251a146f..1626d0208985 100644 --- a/src/Security/Authorization/Core/src/RolesAuthorizationRequirement.cs +++ b/src/Security/Authorization/Core/src/RolesAuthorizationRequirement.cs @@ -64,6 +64,7 @@ protected override Task HandleRequirementAsync(AuthorizationHandlerContext conte return Task.CompletedTask; } + /// public override string ToString() { var roles = $"User.IsInRole must be true for one of the following roles: ({string.Join("|", AllowedRoles)})"; diff --git a/src/Security/Authorization/Policy/src/AuthorizationAppBuilderExtensions.cs b/src/Security/Authorization/Policy/src/AuthorizationAppBuilderExtensions.cs index 41cfcb96fb68..9a216975235f 100644 --- a/src/Security/Authorization/Policy/src/AuthorizationAppBuilderExtensions.cs +++ b/src/Security/Authorization/Policy/src/AuthorizationAppBuilderExtensions.cs @@ -15,9 +15,13 @@ public static class AuthorizationAppBuilderExtensions { /// /// Adds the to the specified , which enables authorization capabilities. + /// + /// When authorizing a resource that is routed using endpoint routing, this call must appear between the calls to + /// app.UseRouting() and app.UseEndpoints(...) for the middleware to function correctly. + /// /// /// The to add the middleware to. - /// A reference to this instance after the operation has completed. + /// A reference to after the operation has completed. public static IApplicationBuilder UseAuthorization(this IApplicationBuilder app) { if (app == null) diff --git a/src/Security/Authorization/Policy/src/AuthorizationEndpointConventionBuilderExtensions.cs b/src/Security/Authorization/Policy/src/AuthorizationEndpointConventionBuilderExtensions.cs index c526e32ee01e..43f46d0facec 100644 --- a/src/Security/Authorization/Policy/src/AuthorizationEndpointConventionBuilderExtensions.cs +++ b/src/Security/Authorization/Policy/src/AuthorizationEndpointConventionBuilderExtensions.cs @@ -13,7 +13,6 @@ namespace Microsoft.AspNetCore.Builder /// public static class AuthorizationEndpointConventionBuilderExtensions { - private static readonly IAllowAnonymous _allowAnonymousMetadata = new AllowAnonymousAttribute(); /// @@ -97,7 +96,6 @@ public static TBuilder AllowAnonymous(this TBuilder builder) where TBu return builder; } - private static void RequireAuthorizationCore(TBuilder builder, IEnumerable authorizeData) where TBuilder : IEndpointConventionBuilder { diff --git a/src/Security/Authorization/Policy/src/AuthorizationMiddleware.cs b/src/Security/Authorization/Policy/src/AuthorizationMiddleware.cs index d876781f96f8..41bdae2b045d 100644 --- a/src/Security/Authorization/Policy/src/AuthorizationMiddleware.cs +++ b/src/Security/Authorization/Policy/src/AuthorizationMiddleware.cs @@ -9,6 +9,9 @@ namespace Microsoft.AspNetCore.Authorization { + /// + /// A middleware that enables authorization capabilities. + /// public class AuthorizationMiddleware { // AppContext switch used to control whether HttpContext or endpoint is passed as a resource to AuthZ @@ -21,12 +24,21 @@ public class AuthorizationMiddleware private readonly RequestDelegate _next; private readonly IAuthorizationPolicyProvider _policyProvider; + /// + /// Initializes a new instance of . + /// + /// The next middleware in the application middleware pipeline. + /// The . public AuthorizationMiddleware(RequestDelegate next, IAuthorizationPolicyProvider policyProvider) { _next = next ?? throw new ArgumentNullException(nameof(next)); _policyProvider = policyProvider ?? throw new ArgumentNullException(nameof(policyProvider)); } + /// + /// Invokes the middleware performing authentication. + /// + /// The . public async Task Invoke(HttpContext context) { if (context == null) diff --git a/src/Security/Authorization/Policy/src/AuthorizationMiddlewareResultHandler.cs b/src/Security/Authorization/Policy/src/AuthorizationMiddlewareResultHandler.cs index 7c7d4592b416..f293670cfa4e 100644 --- a/src/Security/Authorization/Policy/src/AuthorizationMiddlewareResultHandler.cs +++ b/src/Security/Authorization/Policy/src/AuthorizationMiddlewareResultHandler.cs @@ -4,8 +4,12 @@ namespace Microsoft.AspNetCore.Authorization.Policy { + /// + /// Default implementation for . + /// public class AuthorizationMiddlewareResultHandler : IAuthorizationMiddlewareResultHandler { + /// public async Task HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult) { if (authorizeResult.Challenged) diff --git a/src/Security/Authorization/Policy/src/IAuthorizationMiddlewareResultHandler.cs b/src/Security/Authorization/Policy/src/IAuthorizationMiddlewareResultHandler.cs index af07449df419..635ef6f0ec87 100644 --- a/src/Security/Authorization/Policy/src/IAuthorizationMiddlewareResultHandler.cs +++ b/src/Security/Authorization/Policy/src/IAuthorizationMiddlewareResultHandler.cs @@ -4,8 +4,20 @@ namespace Microsoft.AspNetCore.Authorization { + /// + /// Allow custom handling of authorization and handling of the authorization response. + /// public interface IAuthorizationMiddlewareResultHandler { + /// + /// Evaluates the authorization requirement and processes the authorization result. + /// + /// + /// The next middleware in the application pipeline. Implementations may not invoke this if the authorization did not succeed. + /// + /// The . + /// The for the resource. + /// The result of authorization. Task HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult); } } diff --git a/src/Security/Authorization/Policy/src/Microsoft.AspNetCore.Authorization.Policy.csproj b/src/Security/Authorization/Policy/src/Microsoft.AspNetCore.Authorization.Policy.csproj index 17e646635bd7..4a8cfb19656f 100644 --- a/src/Security/Authorization/Policy/src/Microsoft.AspNetCore.Authorization.Policy.csproj +++ b/src/Security/Authorization/Policy/src/Microsoft.AspNetCore.Authorization.Policy.csproj @@ -4,7 +4,7 @@ ASP.NET Core authorization policy helper classes. $(DefaultNetCoreTargetFramework) true - $(NoWarn);CS1591 + $(NoWarn.Replace('1591', '')) true aspnetcore;authorization false diff --git a/src/Security/Authorization/Policy/src/PolicyAuthorizationResult.cs b/src/Security/Authorization/Policy/src/PolicyAuthorizationResult.cs index c653be105f3b..6bd6bce86aba 100644 --- a/src/Security/Authorization/Policy/src/PolicyAuthorizationResult.cs +++ b/src/Security/Authorization/Policy/src/PolicyAuthorizationResult.cs @@ -3,6 +3,9 @@ namespace Microsoft.AspNetCore.Authorization.Policy { + /// + /// The result of . + /// public class PolicyAuthorizationResult { private PolicyAuthorizationResult() { } @@ -27,15 +30,32 @@ private PolicyAuthorizationResult() { } /// public AuthorizationFailure? AuthorizationFailure { get; private set; } + /// + ///Indicates that an unauthenticated user requested access to an endpoint that requires authentication. + /// + /// The . public static PolicyAuthorizationResult Challenge() => new PolicyAuthorizationResult { Challenged = true }; + /// + /// Indiciates that the access to a resource was forbidden. + /// + /// The . public static PolicyAuthorizationResult Forbid() => Forbid(null); + /// + /// Indiciates that the access to a resource was forbidden. + /// + /// Specifies the reason the authorization failed.s + /// The . public static PolicyAuthorizationResult Forbid(AuthorizationFailure? authorizationFailure) => new PolicyAuthorizationResult { Forbidden = true, AuthorizationFailure = authorizationFailure }; + /// + /// Indicates a successful authorization. + /// + /// The . public static PolicyAuthorizationResult Success() => new PolicyAuthorizationResult { Succeeded = true }; diff --git a/src/Security/Authorization/Policy/src/PolicyEvaluator.cs b/src/Security/Authorization/Policy/src/PolicyEvaluator.cs index 21f0c4e9f009..06da4e969cb0 100644 --- a/src/Security/Authorization/Policy/src/PolicyEvaluator.cs +++ b/src/Security/Authorization/Policy/src/PolicyEvaluator.cs @@ -10,6 +10,9 @@ namespace Microsoft.AspNetCore.Authorization.Policy { + /// + /// Default implementation for . + /// public class PolicyEvaluator : IPolicyEvaluator { private readonly IAuthorizationService _authorization; diff --git a/src/Security/Authorization/Policy/src/PolicyServiceCollectionExtensions.cs b/src/Security/Authorization/Policy/src/PolicyServiceCollectionExtensions.cs index f15413706862..f056bc890cea 100644 --- a/src/Security/Authorization/Policy/src/PolicyServiceCollectionExtensions.cs +++ b/src/Security/Authorization/Policy/src/PolicyServiceCollectionExtensions.cs @@ -14,7 +14,7 @@ namespace Microsoft.Extensions.DependencyInjection public static class PolicyServiceCollectionExtensions { /// - /// Adds the authorization policy evaluator service to the specified . + /// Adds the authorization policy evaluator service to the specified . /// /// The to add services to. /// The so that additional calls can be chained. From 9ba1f672444287c853d4f089004d25b162c93bad Mon Sep 17 00:00:00 2001 From: Pranav K Date: Tue, 13 Oct 2020 15:25:48 -0700 Subject: [PATCH 2/3] Apply suggestions from code review Co-authored-by: Chris Ross --- .../Authentication/Facebook/src/FacebookDefaults.cs | 6 +++--- src/Security/Authentication/Facebook/src/FacebookOptions.cs | 2 +- .../MicrosoftAccount/src/MicrosoftChallengeProperties.cs | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/Security/Authentication/Facebook/src/FacebookDefaults.cs b/src/Security/Authentication/Facebook/src/FacebookDefaults.cs index 6ca5c3c0726b..6e3b67b54c9b 100644 --- a/src/Security/Authentication/Facebook/src/FacebookDefaults.cs +++ b/src/Security/Authentication/Facebook/src/FacebookDefaults.cs @@ -4,12 +4,12 @@ namespace Microsoft.AspNetCore.Authentication.Facebook { /// - /// Default values related to Facebook-based authentication handler. + /// Default values for the Facebook authentication handler. /// public static class FacebookDefaults { /// - /// The default scheme for Facebook authentication. Defaults to Facebook. + /// The default scheme for Facebook authentication. The value is Facebook. /// public const string AuthenticationScheme = "Facebook"; @@ -27,7 +27,7 @@ public static class FacebookDefaults public static readonly string AuthorizationEndpoint = "https://www.facebook.com/v8.0/dialog/oauth"; /// - /// The OAuth endpoint used to exchange access tokens. + /// The OAuth endpoint used to retrieve access tokens. /// public static readonly string TokenEndpoint = "https://graph.facebook.com/v8.0/oauth/access_token"; diff --git a/src/Security/Authentication/Facebook/src/FacebookOptions.cs b/src/Security/Authentication/Facebook/src/FacebookOptions.cs index cc2eb9c9e4fa..5dc529e4ceda 100644 --- a/src/Security/Authentication/Facebook/src/FacebookOptions.cs +++ b/src/Security/Authentication/Facebook/src/FacebookOptions.cs @@ -97,7 +97,7 @@ public string AppSecret /// https://developers.facebook.com/docs/graph-api/reference/user /// /// - /// Defaults to include the following fields: "name", "email", "first_name", and "last_name". + /// Defaults to include the following fields if none are specified: "name", "email", "first_name", and "last_name". /// public ICollection Fields { get; } = new HashSet(); } diff --git a/src/Security/Authentication/MicrosoftAccount/src/MicrosoftChallengeProperties.cs b/src/Security/Authentication/MicrosoftAccount/src/MicrosoftChallengeProperties.cs index a5fa744cec3d..461beafb2063 100644 --- a/src/Security/Authentication/MicrosoftAccount/src/MicrosoftChallengeProperties.cs +++ b/src/Security/Authentication/MicrosoftAccount/src/MicrosoftChallengeProperties.cs @@ -65,7 +65,7 @@ public string ResponseMode /// Gets or sets the value for the "domain_hint" parameter value being used for a challenge request. /// /// If included, authentication will skip the email-based discovery process that user goes through on the sign-in page, - /// leading to a slightly more streamlined user experience + /// leading to a slightly more streamlined user experience. /// /// public string DomainHint From 4d427b8b6c8572933b1d2d0a6457c9309b64f698 Mon Sep 17 00:00:00 2001 From: Pranav K Date: Wed, 14 Oct 2020 10:26:21 -0700 Subject: [PATCH 3/3] Update src/Security/Authorization/Policy/src/AuthorizationMiddleware.cs --- .../Authorization/Policy/src/AuthorizationMiddleware.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Security/Authorization/Policy/src/AuthorizationMiddleware.cs b/src/Security/Authorization/Policy/src/AuthorizationMiddleware.cs index 41bdae2b045d..0fddd96878f7 100644 --- a/src/Security/Authorization/Policy/src/AuthorizationMiddleware.cs +++ b/src/Security/Authorization/Policy/src/AuthorizationMiddleware.cs @@ -36,7 +36,7 @@ public AuthorizationMiddleware(RequestDelegate next, IAuthorizationPolicyProvide } /// - /// Invokes the middleware performing authentication. + /// Invokes the middleware performing authorization. /// /// The . public async Task Invoke(HttpContext context)