Remove IClock interface and implementation, use own TimeProvider for …

….NET 6/7

Abblix.Oidc.Server.Mvc/AuthenticationSchemeAdapter.cs

@@ -37,15 +37,14 @@
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Http;
-using IAuthenticationService = Abblix.Oidc.Server.Features.UserAuthentication.IAuthenticationService;
 
 namespace Abblix.Oidc.Server.Mvc;
 
 /// <summary>
-/// Adapts ASP.NET Authentication Scheme to the <see cref="IAuthenticationService"/> interface.
+/// Adapts ASP.NET Authentication Scheme to the <see cref="IAuthSessionService"/> interface.
 /// Allows integration of Abblix Oidc Server with standard ASP.NET Authentication capability.
 /// </summary>
-public class AuthenticationSchemeAdapter : IAuthenticationService
+public class AuthenticationSchemeAdapter : IAuthSessionService
 {
 	/// <summary>
 	/// Initializes a new instance of the <see cref="AuthenticationSchemeAdapter"/> class.
@@ -147,21 +146,6 @@ public Task SignInAsync(AuthSession authSession)
 		return HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal, properties);
 	}
 
-	/// <summary>
-	/// Updates the specified authentication session with the given client ID.
-	/// </summary>
-	/// <param name="authSession">The authentication session to be updated.</param>
-	/// <param name="clientId">The client ID to be added to the session.</param>
-	/// <returns>A task that represents the asynchronous update operation.</returns>
-	public Task UpdateAsync(AuthSession authSession, string clientId)
-	{
-		if (authSession.AffectedClientIds.Contains(clientId))
-			return Task.CompletedTask;
-
-		authSession.AffectedClientIds = authSession.AffectedClientIds.Append(clientId);
-		return SignInAsync(authSession);
-	}
-
 	/// <summary>
 	/// Signs out the current user from the application.
 	/// </summary>

Abblix.Oidc.Server.Mvc/Formatters/UserInfoResponseFormatter.cs

@@ -31,7 +31,6 @@
 using Abblix.Oidc.Server.Common.Constants;
 using Abblix.Oidc.Server.Common.Exceptions;
 using Abblix.Oidc.Server.Endpoints.UserInfo.Interfaces;
-using Abblix.Oidc.Server.Features.Clock;
 using Abblix.Oidc.Server.Features.Tokens.Formatters;
 using Abblix.Oidc.Server.Model;
 using Abblix.Oidc.Server.Mvc.Formatters.Interfaces;
@@ -51,15 +50,15 @@ public class UserInfoResponseFormatter : IUserInfoResponseFormatter
     /// <param name="clock">Provides the current time.</param>
     /// <param name="clientJwtFormatter">Formats JWTs for clients.</param>
     public UserInfoResponseFormatter(
-        IClock clock,
+        TimeProvider clock,
         IClientJwtFormatter clientJwtFormatter)
     {
         _clock = clock;
         _clientJwtFormatter = clientJwtFormatter;
     }
 
     private readonly IClientJwtFormatter _clientJwtFormatter;
-    private readonly IClock _clock;
+    private readonly TimeProvider _clock;
 
     /// <summary>
     /// Asynchronously formats the response for a user information request.
@@ -93,7 +92,7 @@ public async Task<ActionResult<UserInfoResponse>> FormatResponseAsync(
                     Payload = new JsonWebTokenPayload(user)
                     {
                         Issuer = issuer,
-                        IssuedAt = _clock.UtcNow,
+                        IssuedAt = _clock.GetUtcNow(),
                         Audiences = new[] { clientInfo.ClientId },
                     }
                 };

Abblix.Oidc.Server.Mvc/ServiceCollectionExtensions.cs

@@ -94,7 +94,7 @@ public static IServiceCollection AddOidcMvc(
 		    .AddSingleton<IParameterValidator, ParameterValidator>()
 			.AddSingleton<IParametersProvider, ParametersProvider>()
 		    .AddSingleton<IRequestInfoProvider, HttpRequestInfoAdapter>()
-			.AddSingleton<IAuthenticationService, AuthenticationSchemeAdapter>()
+			.AddSingleton<IAuthSessionService, AuthenticationSchemeAdapter>()
 			.AddSingleton<IUriResolver, UriResolver>()
 			.AddSingleton<IActionContextAccessor, ActionContextAccessor>()
 			.AddSingleton<IUrlHelperFactory, UrlHelperFactory>()

Abblix.Oidc.Server/Endpoints/Authorization/AuthorizationRequestProcessor.cs

@@ -31,14 +31,12 @@
 using Abblix.Oidc.Server.Common.Constants;
 using Abblix.Oidc.Server.Common.Interfaces;
 using Abblix.Oidc.Server.Endpoints.Authorization.Interfaces;
-using Abblix.Oidc.Server.Features.Clock;
 using Abblix.Oidc.Server.Features.Licensing;
 using Abblix.Oidc.Server.Features.Tokens;
 using Abblix.Oidc.Server.Features.UserAuthentication;
 using Abblix.Oidc.Server.Model;
 using Abblix.Utils;
 using AuthorizationResponse = Abblix.Oidc.Server.Endpoints.Authorization.Interfaces.AuthorizationResponse;
-using IAuthenticationService = Abblix.Oidc.Server.Features.UserAuthentication.IAuthenticationService;
 
 
 namespace Abblix.Oidc.Server.Endpoints.Authorization;
@@ -57,21 +55,21 @@ public class AuthorizationRequestProcessor : IAuthorizationRequestProcessor
 	/// including user authentication, consent handling, authorization code generation, access
 	/// and identity token services, and time-related functionality.
 	/// </summary>
-	/// <param name="authenticationService">Service for handling user authentication.</param>
+	/// <param name="authSessionService">Service for handling user authentication.</param>
 	/// <param name="consentService">Service for managing user consent.</param>
 	/// <param name="authorizationCodeService">Service for generating and managing authorization codes.</param>
 	/// <param name="accessTokenService">Service for creating access tokens.</param>
 	/// <param name="identityTokenService">Service for generating identity tokens.</param>
 	/// <param name="clock">Service for managing time-related operations.</param>
 	public AuthorizationRequestProcessor(
-		IAuthenticationService authenticationService,
+		IAuthSessionService authSessionService,
 		IConsentService consentService,
 		IAuthorizationCodeService authorizationCodeService,
 		IAccessTokenService accessTokenService,
 		IIdentityTokenService identityTokenService,
-		IClock clock)
+		TimeProvider clock)
 	{
-		_authenticationService = authenticationService;
+		_authSessionService = authSessionService;
 		_consentService = consentService;
 		_authorizationCodeService = authorizationCodeService;
 		_accessTokenService = accessTokenService;
@@ -81,10 +79,10 @@ public AuthorizationRequestProcessor(
 
 	private readonly IAccessTokenService _accessTokenService;
 	private readonly IAuthorizationCodeService _authorizationCodeService;
-	private readonly IAuthenticationService _authenticationService;
+	private readonly IAuthSessionService _authSessionService;
 	private readonly IConsentService _consentService;
 	private readonly IIdentityTokenService _identityTokenService;
-	private readonly IClock _clock;
+	private readonly TimeProvider _clock;
 
 	/// <summary>
 	/// Asynchronously processes a valid authorization request.
@@ -161,7 +159,11 @@ public async Task<AuthorizationResponse> ProcessAsync(ValidAuthorizationRequest
 			CodeChallengeMethod = model.CodeChallengeMethod,
 		};
 
-		await _authenticationService.UpdateAsync(authSession, authContext.ClientId);
+		if (!authSession.AffectedClientIds.Contains(authContext.ClientId))
+		{
+			authSession.AffectedClientIds = authSession.AffectedClientIds.Append(authContext.ClientId);
+			await _authSessionService.SignInAsync(authSession);
+		}
 
 		var result = new SuccessfullyAuthenticated(
 			model,
@@ -210,12 +212,12 @@ public async Task<AuthorizationResponse> ProcessAsync(ValidAuthorizationRequest
 
 	private Task<List<AuthSession>> GetAvailableAuthSessionsAsync(AuthorizationRequest model)
 	{
-		var authSessions = _authenticationService.GetAvailableAuthSessions();
+		var authSessions = _authSessionService.GetAvailableAuthSessions();
 
 		if (model.MaxAge.HasValue)
 		{
 			// skip all sessions older than max_age value
-			var minAuthenticationTime = _clock.UtcNow - model.MaxAge;
+			var minAuthenticationTime = _clock.GetUtcNow() - model.MaxAge;
 			authSessions = authSessions
 				.WhereAsync(session => minAuthenticationTime < session.AuthenticationTime);
 		}

Abblix.Oidc.Server/Endpoints/DynamicClientManagement/RegisterClientRequestProcessor.cs

@@ -32,7 +32,6 @@
 using Abblix.Oidc.Server.Common.Constants;
 using Abblix.Oidc.Server.Endpoints.DynamicClientManagement.Interfaces;
 using Abblix.Oidc.Server.Features.ClientInformation;
-using Abblix.Oidc.Server.Features.Clock;
 using Abblix.Oidc.Server.Features.Hashing;
 using Abblix.Oidc.Server.Features.Issuer;
 using Abblix.Oidc.Server.Features.Licensing;
@@ -67,7 +66,7 @@ public RegisterClientRequestProcessor(
         IClientSecretGenerator clientSecretGenerator,
         IHashService hashService,
         IClientInfoManager clientInfoManager,
-        IClock clock,
+        TimeProvider clock,
         NewClientOptions options,
         IAuthServiceJwtFormatter serviceJwtFormatter,
         IIssuerProvider issuerProvider)
@@ -86,7 +85,7 @@ public RegisterClientRequestProcessor(
     private readonly IClientInfoManager _clientInfoManager;
     private readonly IClientSecretGenerator _clientSecretGenerator;
     private readonly IHashService _hashService;
-    private readonly IClock _clock;
+    private readonly TimeProvider _clock;
     private readonly IIssuerProvider _issuerProvider;
     private readonly NewClientOptions _options;
     private readonly IAuthServiceJwtFormatter _serviceJwtFormatter;
@@ -109,7 +108,7 @@ public async Task<ClientRegistrationResponse> ProcessAsync(ValidClientRegistrati
     {
         var model = request.Model;
 
-        var issuedAt = _clock.UtcNow;
+        var issuedAt = _clock.GetUtcNow();
         var clientId = model.ClientId.HasValue() ? model.ClientId : _clientIdGenerator.GenerateClientId();
         var (clientSecret, expiresAt) = GenerateClientSecret(model.TokenEndpointAuthMethod, issuedAt);
 

Abblix.Oidc.Server/Endpoints/EndSession/EndSessionRequestProcessor.cs

@@ -53,26 +53,26 @@ public class EndSessionRequestProcessor : IEndSessionRequestProcessor
 	/// Initializes a new instance of the <see cref="EndSessionRequestProcessor"/> class.
 	/// </summary>
 	/// <param name="logger">The logger.</param>
-	/// <param name="authenticationService">The authentication service.</param>
+	/// <param name="authSessionService">The authentication service.</param>
 	/// <param name="issuerProvider">The issuer provider.</param>
 	/// <param name="clientInfoProvider">The client info provider.</param>
 	/// <param name="logoutNotifier">The logout notifier.</param>
 	public EndSessionRequestProcessor(
 		ILogger<EndSessionRequestProcessor> logger,
-		IAuthenticationService authenticationService,
+		IAuthSessionService authSessionService,
 		IIssuerProvider issuerProvider,
 		IClientInfoProvider clientInfoProvider,
 		ILogoutNotifier logoutNotifier)
 	{
 		_logger = logger;
-		_authenticationService = authenticationService;
+		_authSessionService = authSessionService;
 		_issuerProvider = issuerProvider;
 		_clientInfoProvider = clientInfoProvider;
 		_logoutNotifier = logoutNotifier;
 	}
 
 	private readonly ILogger _logger;
-	private readonly IAuthenticationService _authenticationService;
+	private readonly IAuthSessionService _authSessionService;
 	private readonly IClientInfoProvider _clientInfoProvider;
 	private readonly IIssuerProvider _issuerProvider;
 	private readonly ILogoutNotifier _logoutNotifier;
@@ -96,7 +96,7 @@ public async Task<EndSessionResponse> ProcessAsync(ValidEndSessionRequest reques
 			};
 		}
 
-		var authSession = await _authenticationService.AuthenticateAsync();
+		var authSession = await _authSessionService.AuthenticateAsync();
 		if (authSession == null)
 		{
 			return new EndSessionSuccessfulResponse(postLogoutRedirectUri, Array.Empty<Uri>());
@@ -111,7 +111,7 @@ public async Task<EndSessionResponse> ProcessAsync(ValidEndSessionRequest reques
 				$"The claim {JwtClaimTypes.Subject} must contain the unique identifier of the user logged in");
 		}
 
-		await _authenticationService.SignOutAsync();
+		await _authSessionService.SignOutAsync();
 		_logger.LogDebug("The user with subject={Subject} was logged out from session {Session}", subjectId, sessionId);
 
 		var context = new LogoutContext(sessionId, subjectId, LicenseChecker.CheckIssuer(_issuerProvider.GetIssuer()));

Abblix.Oidc.Server/Features/ClientAuthentication/ClientSecretAuthenticator.cs

@@ -28,7 +28,6 @@
 // https://github.com/Abblix/Oidc.Server/blob/master/README.md
 
 using Abblix.Oidc.Server.Features.ClientInformation;
-using Abblix.Oidc.Server.Features.Clock;
 using Abblix.Oidc.Server.Features.Hashing;
 using Abblix.Oidc.Server.Features.Licensing;
 using Abblix.Utils;
@@ -54,7 +53,7 @@ public abstract class ClientSecretAuthenticator
 	protected ClientSecretAuthenticator(
 		ILogger<ClientSecretAuthenticator> logger,
 		IClientInfoProvider clientInfoProvider,
-		IClock clock,
+		TimeProvider clock,
 		IHashService hashService)
 	{
 		_logger = logger;
@@ -65,7 +64,7 @@ protected ClientSecretAuthenticator(
 
 	private readonly ILogger _logger;
 	private readonly IClientInfoProvider _clientInfoProvider;
-	private readonly IClock _clock;
+	private readonly TimeProvider _clock;
 	private readonly IHashService _hashService;
 
 	/// <summary>
@@ -139,7 +138,7 @@ private bool TryValidateClientSecret(ClientInfo client, string secret)
 			return false; // Invalid secret
 		}
 
-		if (matchingSecret.ExpiresAt.HasValue && matchingSecret.ExpiresAt.Value < _clock.UtcNow)
+		if (matchingSecret.ExpiresAt.HasValue && matchingSecret.ExpiresAt.Value < _clock.GetUtcNow())
 		{
 			_logger.LogWarning("Client authentication failed: Secret has expired for client {ClientId}",
 				client.ClientId);

Abblix.Oidc.Server/Features/ClientAuthentication/ClientSecretBasicAuthenticator.cs

@@ -30,7 +30,6 @@
 using System.Text;
 using Abblix.Oidc.Server.Common.Constants;
 using Abblix.Oidc.Server.Features.ClientInformation;
-using Abblix.Oidc.Server.Features.Clock;
 using Abblix.Oidc.Server.Features.Hashing;
 using Abblix.Oidc.Server.Model;
 using Microsoft.Extensions.Logging;
@@ -53,7 +52,8 @@ public class ClientSecretBasicAuthenticator : ClientSecretAuthenticator, IClient
 	public ClientSecretBasicAuthenticator(
 		ILogger<ClientSecretBasicAuthenticator> logger,
 		IClientInfoProvider clientInfoProvider,
-		IClock clock, IHashService hashService)
+		TimeProvider clock,
+		IHashService hashService)
 		: base(logger, clientInfoProvider, clock, hashService)
 	{
 	}

Abblix.Oidc.Server/Features/ClientAuthentication/ClientSecretPostAuthenticator.cs

@@ -29,7 +29,6 @@
 
 using Abblix.Oidc.Server.Common.Constants;
 using Abblix.Oidc.Server.Features.ClientInformation;
-using Abblix.Oidc.Server.Features.Clock;
 using Abblix.Oidc.Server.Features.Hashing;
 using Abblix.Oidc.Server.Model;
 using Abblix.Utils;
@@ -55,7 +54,7 @@ public class ClientSecretPostAuthenticator : ClientSecretAuthenticator, IClientA
 	public ClientSecretPostAuthenticator(
 		ILogger<ClientSecretPostAuthenticator> logger,
 		IClientInfoProvider clientInfoProvider,
-		IClock clock,
+		TimeProvider clock,
 		IHashService hashService)
 		: base(logger, clientInfoProvider, clock, hashService)
 	{