From a635c167b06ccfa4a08dae6d3899933ebac6f10f Mon Sep 17 00:00:00 2001 From: Tanay Parikh Date: Thu, 9 Sep 2021 18:41:45 -0700 Subject: [PATCH 1/3] Invalidate Cached WASM Auth Token on Authentication State Change --- .../src/RemoteAuthenticatorViewCore.cs | 2 +- .../src/Services/AuthorizationMessageHandler.cs | 7 +++++++ .../Properties/launchSettings.json | 2 ++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/src/Components/WebAssembly/WebAssembly.Authentication/src/RemoteAuthenticatorViewCore.cs b/src/Components/WebAssembly/WebAssembly.Authentication/src/RemoteAuthenticatorViewCore.cs index 777cf6cef12a..ddb4cc659149 100644 --- a/src/Components/WebAssembly/WebAssembly.Authentication/src/RemoteAuthenticatorViewCore.cs +++ b/src/Components/WebAssembly/WebAssembly.Authentication/src/RemoteAuthenticatorViewCore.cs @@ -85,7 +85,7 @@ public class RemoteAuthenticatorViewCore : ComponentBase w [Parameter] public EventCallback OnLogOutSucceeded { get; set; } /// - /// Gets or sets the to use for performin JavaScript interop. + /// Gets or sets the to use for performing JavaScript interop. /// [Inject] internal IJSRuntime JS { get; set; } diff --git a/src/Components/WebAssembly/WebAssembly.Authentication/src/Services/AuthorizationMessageHandler.cs b/src/Components/WebAssembly/WebAssembly.Authentication/src/Services/AuthorizationMessageHandler.cs index c49d2273147d..42626629406f 100644 --- a/src/Components/WebAssembly/WebAssembly.Authentication/src/Services/AuthorizationMessageHandler.cs +++ b/src/Components/WebAssembly/WebAssembly.Authentication/src/Services/AuthorizationMessageHandler.cs @@ -8,6 +8,7 @@ using System.Net.Http.Headers; using System.Threading; using System.Threading.Tasks; +using Microsoft.AspNetCore.Components.Authorization; namespace Microsoft.AspNetCore.Components.WebAssembly.Authentication { @@ -36,6 +37,12 @@ public AuthorizationMessageHandler( { _provider = provider; _navigation = navigation; + + // Invalidate the cached _lastToken when the authentication state changes + if (_provider is AuthenticationStateProvider authStateProvider) + { + authStateProvider.AuthenticationStateChanged += _ => { _lastToken = null; }; + } } /// diff --git a/src/Components/WebAssembly/testassets/Wasm.Authentication.Server/Properties/launchSettings.json b/src/Components/WebAssembly/testassets/Wasm.Authentication.Server/Properties/launchSettings.json index 284cf7e80a9a..a01d1d080399 100644 --- a/src/Components/WebAssembly/testassets/Wasm.Authentication.Server/Properties/launchSettings.json +++ b/src/Components/WebAssembly/testassets/Wasm.Authentication.Server/Properties/launchSettings.json @@ -11,6 +11,7 @@ "Wasm.Authentication.Server": { "commandName": "Project", "launchBrowser": true, + "inspectUri": "{wsProtocol}://{url.hostname}:{url.port}/_framework/debug/ws-proxy?browser={browserInspectUri}", "environmentVariables": { "ASPNETCORE_ENVIRONMENT": "Development" }, @@ -19,6 +20,7 @@ "IIS Express": { "commandName": "IISExpress", "launchBrowser": true, + "inspectUri": "{wsProtocol}://{url.hostname}:{url.port}/_framework/debug/ws-proxy?browser={browserInspectUri}", "environmentVariables": { "ASPNETCORE_ENVIRONMENT": "Development" } From deb1460f8ea67078d2b5ae5d41296d541e653a2d Mon Sep 17 00:00:00 2001 From: Tanay Parikh Date: Fri, 10 Sep 2021 09:08:18 -0700 Subject: [PATCH 2/3] PR Feedback --- .../src/PublicAPI.Unshipped.txt | 1 + .../src/Services/AuthorizationMessageHandler.cs | 15 ++++++++++++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/src/Components/WebAssembly/WebAssembly.Authentication/src/PublicAPI.Unshipped.txt b/src/Components/WebAssembly/WebAssembly.Authentication/src/PublicAPI.Unshipped.txt index ac1276c6738f..4c1b5f93168f 100644 --- a/src/Components/WebAssembly/WebAssembly.Authentication/src/PublicAPI.Unshipped.txt +++ b/src/Components/WebAssembly/WebAssembly.Authentication/src/PublicAPI.Unshipped.txt @@ -1,4 +1,5 @@ #nullable enable +override Microsoft.AspNetCore.Components.WebAssembly.Authentication.AuthorizationMessageHandler.Dispose(bool disposing) -> void ~Microsoft.AspNetCore.Components.WebAssembly.Authentication.OidcProviderOptions.AdditionalProviderParameters.get -> System.Collections.Generic.IDictionary ~Microsoft.AspNetCore.Components.WebAssembly.Authentication.RemoteAuthenticationService.RemoteAuthenticationService(Microsoft.JSInterop.IJSRuntime jsRuntime, Microsoft.Extensions.Options.IOptionsSnapshot> options, Microsoft.AspNetCore.Components.NavigationManager navigation, Microsoft.AspNetCore.Components.WebAssembly.Authentication.AccountClaimsPrincipalFactory accountClaimsPrincipalFactory) -> void *REMOVED*~Microsoft.AspNetCore.Components.WebAssembly.Authentication.RemoteAuthenticationService.RemoteAuthenticationService(Microsoft.JSInterop.IJSRuntime jsRuntime, Microsoft.Extensions.Options.IOptions> options, Microsoft.AspNetCore.Components.NavigationManager navigation, Microsoft.AspNetCore.Components.WebAssembly.Authentication.AccountClaimsPrincipalFactory accountClaimsPrincipalFactory) -> void \ No newline at end of file diff --git a/src/Components/WebAssembly/WebAssembly.Authentication/src/Services/AuthorizationMessageHandler.cs b/src/Components/WebAssembly/WebAssembly.Authentication/src/Services/AuthorizationMessageHandler.cs index 42626629406f..8f35042dc4bf 100644 --- a/src/Components/WebAssembly/WebAssembly.Authentication/src/Services/AuthorizationMessageHandler.cs +++ b/src/Components/WebAssembly/WebAssembly.Authentication/src/Services/AuthorizationMessageHandler.cs @@ -21,6 +21,7 @@ public class AuthorizationMessageHandler : DelegatingHandler { private readonly IAccessTokenProvider _provider; private readonly NavigationManager _navigation; + private readonly AuthenticationStateChangedHandler _authenticationStateChangedHandler; private AccessToken _lastToken; private AuthenticationHeaderValue _cachedHeader; private Uri[] _authorizedUris; @@ -41,7 +42,8 @@ public AuthorizationMessageHandler( // Invalidate the cached _lastToken when the authentication state changes if (_provider is AuthenticationStateProvider authStateProvider) { - authStateProvider.AuthenticationStateChanged += _ => { _lastToken = null; }; + _authenticationStateChangedHandler = _ => { _lastToken = null; }; + authStateProvider.AuthenticationStateChanged += _authenticationStateChangedHandler; } } @@ -127,5 +129,16 @@ public AuthorizationMessageHandler ConfigureHandler( return this; } + + /// + protected override void Dispose(bool disposing) + { + if (_provider is AuthenticationStateProvider authStateProvider) + { + authStateProvider.AuthenticationStateChanged -= _authenticationStateChangedHandler; + } + + base.Dispose(disposing); + } } } From 2ac42210cc365ff0cecfaf525accb7fd27e28082 Mon Sep 17 00:00:00 2001 From: Tanay Parikh Date: Fri, 10 Sep 2021 09:14:03 -0700 Subject: [PATCH 3/3] Remove Public API --- .../src/PublicAPI.Unshipped.txt | 1 - .../src/Services/AuthorizationMessageHandler.cs | 13 ++++--------- 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/src/Components/WebAssembly/WebAssembly.Authentication/src/PublicAPI.Unshipped.txt b/src/Components/WebAssembly/WebAssembly.Authentication/src/PublicAPI.Unshipped.txt index 4c1b5f93168f..ac1276c6738f 100644 --- a/src/Components/WebAssembly/WebAssembly.Authentication/src/PublicAPI.Unshipped.txt +++ b/src/Components/WebAssembly/WebAssembly.Authentication/src/PublicAPI.Unshipped.txt @@ -1,5 +1,4 @@ #nullable enable -override Microsoft.AspNetCore.Components.WebAssembly.Authentication.AuthorizationMessageHandler.Dispose(bool disposing) -> void ~Microsoft.AspNetCore.Components.WebAssembly.Authentication.OidcProviderOptions.AdditionalProviderParameters.get -> System.Collections.Generic.IDictionary ~Microsoft.AspNetCore.Components.WebAssembly.Authentication.RemoteAuthenticationService.RemoteAuthenticationService(Microsoft.JSInterop.IJSRuntime jsRuntime, Microsoft.Extensions.Options.IOptionsSnapshot> options, Microsoft.AspNetCore.Components.NavigationManager navigation, Microsoft.AspNetCore.Components.WebAssembly.Authentication.AccountClaimsPrincipalFactory accountClaimsPrincipalFactory) -> void *REMOVED*~Microsoft.AspNetCore.Components.WebAssembly.Authentication.RemoteAuthenticationService.RemoteAuthenticationService(Microsoft.JSInterop.IJSRuntime jsRuntime, Microsoft.Extensions.Options.IOptions> options, Microsoft.AspNetCore.Components.NavigationManager navigation, Microsoft.AspNetCore.Components.WebAssembly.Authentication.AccountClaimsPrincipalFactory accountClaimsPrincipalFactory) -> void \ No newline at end of file diff --git a/src/Components/WebAssembly/WebAssembly.Authentication/src/Services/AuthorizationMessageHandler.cs b/src/Components/WebAssembly/WebAssembly.Authentication/src/Services/AuthorizationMessageHandler.cs index 8f35042dc4bf..d9cf8c926307 100644 --- a/src/Components/WebAssembly/WebAssembly.Authentication/src/Services/AuthorizationMessageHandler.cs +++ b/src/Components/WebAssembly/WebAssembly.Authentication/src/Services/AuthorizationMessageHandler.cs @@ -1,13 +1,9 @@ // Licensed to the .NET Foundation under one or more agreements. // The .NET Foundation licenses this file to you under the MIT license. -using System; -using System.Collections.Generic; using System.Linq; using System.Net.Http; using System.Net.Http.Headers; -using System.Threading; -using System.Threading.Tasks; using Microsoft.AspNetCore.Components.Authorization; namespace Microsoft.AspNetCore.Components.WebAssembly.Authentication @@ -17,7 +13,7 @@ namespace Microsoft.AspNetCore.Components.WebAssembly.Authentication /// Access tokens will only be added when the request URI is within one of the base addresses configured using /// . /// - public class AuthorizationMessageHandler : DelegatingHandler + public class AuthorizationMessageHandler : DelegatingHandler, IDisposable { private readonly IAccessTokenProvider _provider; private readonly NavigationManager _navigation; @@ -130,15 +126,14 @@ public AuthorizationMessageHandler ConfigureHandler( return this; } - /// - protected override void Dispose(bool disposing) + + void IDisposable.Dispose() { if (_provider is AuthenticationStateProvider authStateProvider) { authStateProvider.AuthenticationStateChanged -= _authenticationStateChangedHandler; } - - base.Dispose(disposing); + Dispose(disposing: true); } } }