Added ctor to AuthSession with required props

Abblix · Apr 15, 2024 · 0f24d25 · 0f24d25
1 parent f466640
commit 0f24d25
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 33 deletions.
diff --git a/Abblix.Oidc.Server.Mvc/AuthenticationSchemeAdapter.cs b/Abblix.Oidc.Server.Mvc/AuthenticationSchemeAdapter.cs
@@ -116,13 +116,12 @@ public async IAsyncEnumerable<AuthSession> GetAvailableAuthSessions()
 			return null;
 
 		// TODO think about the support for a list of several user accounts below
-		var authSession = new AuthSession
+		var authSession = new AuthSession(
+			principal.FindFirstValue(JwtClaimTypes.Subject).NotNull(JwtClaimTypes.Subject),
+			sessionId,
+			DateTimeOffset.FromUnixTimeSeconds(long.Parse(authenticationTime)))
 		{
 			IdentityProvider = principal.Identity!.AuthenticationType,
-			Subject = principal.FindFirstValue(JwtClaimTypes.Subject).NotNull(JwtClaimTypes.Subject),
-
-			SessionId = sessionId,
-			AuthenticationTime = DateTimeOffset.FromUnixTimeSeconds(long.Parse(authenticationTime)),
 			AuthContextClassRef = properties.GetString(JwtClaimTypes.AuthContextClassRef),
 		};
 

diff --git a/Abblix.Oidc.Server.UnitTests/Endpoints/Token/AuthorizationCodeGrantHandlerTests.cs b/Abblix.Oidc.Server.UnitTests/Endpoints/Token/AuthorizationCodeGrantHandlerTests.cs
@@ -100,13 +100,8 @@ private async Task<GrantAuthorizationResult> PkceTest(string codeChallengeMethod
 			.Setup(_ => _.AuthorizeByCodeAsync(tokenRequest.Code))
 			.ReturnsAsync(
 				new AuthorizedGrantResult(
-					new AuthSession
-					{
-						Subject = "123",
-						SessionId = "session1",
-						AuthenticationTime = DateTimeOffset.UtcNow,
-					},
-					new AuthorizationContext(clientInfo.ClientId, new[] { Scopes.OpenId }, null)
+					new AuthSession("123", "session1", DateTimeOffset.UtcNow),
+					Context: new AuthorizationContext(clientInfo.ClientId, [Scopes.OpenId], null)
 					{
 						CodeChallenge = codeChallenge,
 						CodeChallengeMethod = codeChallengeMethod,

diff --git a/Abblix.Oidc.Server/Common/AuthorizationContext.cs b/Abblix.Oidc.Server/Common/AuthorizationContext.cs
@@ -53,6 +53,19 @@ public record AuthorizationContext(string ClientId, string[] Scope, RequestedCla
     /// </summary>
     public string ClientId { get; init; } = ClientId;
 
+    /// <summary>
+    /// Defines the scope of access requested by the client. Scopes are used to specify the level of access or permissions
+    /// that the client is requesting on the user's behalf. They play a key role in enforcing principle of least privilege.
+    /// </summary>
+    public string[] Scope { get; init; } = Scope;
+
+    /// <summary>
+    /// Optional. Specifies the individual Claims requested by the client, providing detailed instructions
+    /// for the authorization server on the Claims to be returned, either in the ID Token or via the UserInfo endpoint.
+    /// This mechanism supports clients in obtaining consented user information in a structured and controlled manner.
+    /// </summary>
+    public RequestedClaims? RequestedClaims { get; init; } = RequestedClaims;
+
     /// <summary>
     /// The URI where the authorization response should be sent. This URI must match one of the registered redirect URIs
     /// for the client application, ensuring that authorization responses are delivered to the correct destination securely.
@@ -77,17 +90,4 @@ public record AuthorizationContext(string ClientId, string[] Scope, RequestedCla
     /// enhancing the security of PKCE by allowing the authorization server to verify the code exchange authenticity.
     /// </summary>
     public string? CodeChallengeMethod { get; init; }
-
-    /// <summary>
-    /// Defines the scope of access requested by the client. Scopes are used to specify the level of access or permissions
-    /// that the client is requesting on the user's behalf. They play a key role in enforcing principle of least privilege.
-    /// </summary>
-    public string[] Scope { get; init; } = Scope;
-
-    /// <summary>
-    /// Optional. Specifies the individual Claims requested by the client, providing detailed instructions
-    /// for the authorization server on the Claims to be returned, either in the ID Token or via the UserInfo endpoint.
-    /// This mechanism supports clients in obtaining consented user information in a structured and controlled manner.
-    /// </summary>
-    public RequestedClaims? RequestedClaims { get; init; } = RequestedClaims;
 }
diff --git a/Abblix.Oidc.Server/Features/UserAuthentication/AuthSession.cs b/Abblix.Oidc.Server/Features/UserAuthentication/AuthSession.cs
@@ -33,25 +33,25 @@ namespace Abblix.Oidc.Server.Features.UserAuthentication;
 /// Represents a model of an authentication session for a logged-in user, capturing essential details about the user's
 /// authentication state and interactions within the system.
 /// </summary>
-public record AuthSession
+public record AuthSession(string Subject, string SessionId, DateTimeOffset AuthenticationTime)
 {
     /// <summary>
     /// The unique identifier for the user in the session. This is typically a user-specific identifier that can be
     /// used to retrieve user details or verify the user's identity across different parts of the application.
     /// </summary>
-    public string Subject { get; init; } = null!;
+    public string Subject { get; init; } = Subject;
 
     /// <summary>
     /// The unique identifier of the session, used to track the session across requests and possibly across
     /// different services.
     /// </summary>
-    public string SessionId { get; init; } = null!;
+    public string SessionId { get; init; } = SessionId;
 
     /// <summary>
     /// The timestamp indicating when the user was authenticated. This is used for session management purposes such as
     /// session expiration and activity logging.
     /// </summary>
-    public DateTimeOffset AuthenticationTime { get; init; }
+    public DateTimeOffset AuthenticationTime { get; init; } = AuthenticationTime;
 
     /// <summary>
     /// The provider used to authenticate the user's identity. This could be a local database, an external identity

diff --git a/Abblix.Oidc.Server/Features/UserAuthentication/AuthSessionExtensions.cs b/Abblix.Oidc.Server/Features/UserAuthentication/AuthSessionExtensions.cs
@@ -65,11 +65,11 @@ public static void ApplyTo(this AuthSession authSession, JsonWebTokenPayload pay
     /// This method allows for the reconstruction of an authentication session from the claims encoded in a JWT.
     /// It is particularly useful when processing JWTs to extract authentication and user session details.
     /// </remarks>
-    public static AuthSession ToAuthSession(this JsonWebTokenPayload payload) => new()
+    public static AuthSession ToAuthSession(this JsonWebTokenPayload payload) => new(
+        payload.Subject.NotNull(nameof(payload.Subject)),
+        payload.SessionId.NotNull(nameof(payload.SessionId)),
+        payload.AuthenticationTime.NotNull(nameof(payload.AuthenticationTime)))
     {
-        Subject = payload.Subject.NotNull(nameof(payload.Subject)),
-        SessionId = payload.SessionId.NotNull(nameof(payload.SessionId)),
         IdentityProvider = payload.IdentityProvider,
-        AuthenticationTime = payload.AuthenticationTime.NotNull(nameof(payload.AuthenticationTime)),
     };
 }