Finished work on the middleware events.

Renamed the AccessTokenReceived event to ParseAccessToken (+10 squashed commit)

Squashed commit:

[c6cdb40] Ensured the System using directives are listed before the others

[daeb53c] Added NotNull attributes to all of the required constructor parameters of the events.

[b7038ac] Aligned Owin.Security.OAuth.Validation with AspNet.Security.OAuth.Validation

[b52f8f5] Added licensing to all the re-worked events so far and more whitespace work; Aligned Owin.Security.OAuth.Introspection to do the same thing as AspNet.Security.OAuth.Introspection; Fixed and added Introspection tests.

[d35e849] Forgot to rename the delegate for token validation in the AspNet...Introspection middleware, fixed the tests and aligned test tokens to be the same values.

[29c2428] Refactored the events of AspNet.Security.OAuth.Validation to be in-line with the changes to AspNet.Security.OAuth.Introspection.

[0d18f2e] Rename the token validation event, whitespace an comment formatting.

[2025b86] Fixed the logic that was blowing up all of the unit tests for AspNet.Security.OAuth.Introspection (+2 squashed commit)

Squashed commit:

[ea3cf84] Unsure why dotnet test crashes corehost.exe

[cd63d7d] Removed BaseControlContext from events and customized the events and streamlined the process for AspNet.Security.OAuth.Introspection... But tests crash corehost.exe with a Stack Overflow for some odd reason (possible bug in corehost or with my environment).

[87b3dc5] Removed the AuthenticationFailedContext events and the related try/catch blocks in all of the middleware.

[7a7fbab] Finished initial work on Events for the middlewares.

Squashed commit:

[3ff2c22] WHY WON'T MY TESTS WORK AGH

[3d7d436] Finished events - Build error fixes and exclusion of .build folder from tracked files.

Squashed commits:

[6e9a9fe] Finished work on Introspection and Validation events except for tests on a couple of the Introspection events. Also fixed the RootNamespaces of all of the projects. (+3 squashed commit)

Squashed commit:

[c572f5b] Whitespace changes mostly

[c1ea6bc] Wrote some tests but missing AuthenticationFailedContext tests and tests for exceptions thrown.

[f8ae71c] Finished events for the Validation middleware. Tests need to be created. (+1 squashed commits)

Squashed commits:

[36b8003] Finished events for the Validation middleware. Tests need to be created. (+8 squashed commit)

Squashed commit:

[b7038ac] Aligned Owin.Security.OAuth.Validation with AspNet.Security.OAuth.Validation

[b52f8f5] Added licensing to all the re-worked events so far and more whitespace work; Aligned Owin.Security.OAuth.Introspection to do the same thing as AspNet.Security.OAuth.Introspection; Fixed and added Introspection tests.

[d35e849] Forgot to rename the delegate for token validation in the AspNet...Introspection middleware, fixed the tests and aligned test tokens to be the same values.

[29c2428] Refactored the events of AspNet.Security.OAuth.Validation to be in-line with the changes to AspNet.Security.OAuth.Introspection.

[0d18f2e] Rename the token validation event, whitespace an comment formatting.

[2025b86] Fixed the logic that was blowing up all of the unit tests for AspNet.Security.OAuth.Introspection (+2 squashed commit)

Squashed commit:

[ea3cf84] Unsure why dotnet test crashes corehost.exe

[cd63d7d] Removed BaseControlContext from events and customized the events and streamlined the process for AspNet.Security.OAuth.Introspection... But tests crash corehost.exe with a Stack Overflow for some odd reason (possible bug in corehost or with my environment).

[87b3dc5] Removed the AuthenticationFailedContext events and the related try/catch blocks in all of the middleware.

[7a7fbab] Finished initial work on Events for the middlewares.

Squashed commit:

[3ff2c22] WHY WON'T MY TESTS WORK AGH

[3d7d436] Finished events - Build error fixes and exclusion of .build folder from tracked files.

Squashed commits:

[6e9a9fe] Finished work on Introspection and Validation events except for tests on a couple of the Introspection events. Also fixed the RootNamespaces of all of the projects. (+3 squashed commit)

Squashed commit:

[c572f5b] Whitespace changes mostly

[c1ea6bc] Wrote some tests but missing AuthenticationFailedContext tests and tests for exceptions thrown.

[f8ae71c] Finished events for the Validation middleware. Tests need to be created. (+1 squashed commits)

Squashed commits:

[36b8003] Finished events for the Validation middleware. Tests need to be created. (+6 squashed commit)

Squashed commit:

[d35e849] Forgot to rename the delegate for token validation in the AspNet...Introspection middleware, fixed the tests and aligned test tokens to be the same values.

[29c2428] Refactored the events of AspNet.Security.OAuth.Validation to be in-line with the changes to AspNet.Security.OAuth.Introspection.

[0d18f2e] Rename the token validation event, whitespace an comment formatting.

[2025b86] Fixed the logic that was blowing up all of the unit tests for AspNet.Security.OAuth.Introspection (+2 squashed commit)

Squashed commit:

[ea3cf84] Unsure why dotnet test crashes corehost.exe

[cd63d7d] Removed BaseControlContext from events and customized the events and streamlined the process for AspNet.Security.OAuth.Introspection... But tests crash corehost.exe with a Stack Overflow for some odd reason (possible bug in corehost or with my environment).

[87b3dc5] Removed the AuthenticationFailedContext events and the related try/catch blocks in all of the middleware.

[7a7fbab] Finished initial work on Events for the middlewares.

Squashed commit:

[3ff2c22] WHY WON'T MY TESTS WORK AGH

[3d7d436] Finished events - Build error fixes and exclusion of .build folder from tracked files.

Squashed commits:

[6e9a9fe] Finished work on Introspection and Validation events except for tests on a couple of the Introspection events. Also fixed the RootNamespaces of all of the projects. (+3 squashed commit)

Squashed commit:

[c572f5b] Whitespace changes mostly

[c1ea6bc] Wrote some tests but missing AuthenticationFailedContext tests and tests for exceptions thrown.

[f8ae71c] Finished events for the Validation middleware. Tests need to be created. (+1 squashed commits)

Squashed commits:

[36b8003] Finished events for the Validation middleware. Tests need to be created. (+2 squashed commit)

Squashed commit:

[0d18f2e] Rename the token validation event, whitespace an comment formatting.

[2025b86] Fixed the logic that was blowing up all of the unit tests for AspNet.Security.OAuth.Introspection (+2 squashed commit)

Squashed commit:

[ea3cf84] Unsure why dotnet test crashes corehost.exe

[cd63d7d] Removed BaseControlContext from events and customized the events and streamlined the process for AspNet.Security.OAuth.Introspection... But tests crash corehost.exe with a Stack Overflow for some odd reason (possible bug in corehost or with my environment). (+1 squashed commits)

Squashed commits:

[87b3dc5] Removed the AuthenticationFailedContext events and the related try/catch blocks in all of the middleware.

Author: MonkeyJamboree

src/AspNet.Security.OAuth.Introspection/Events/AccessTokenReceivedContext.cs

@@ -1,17 +1,33 @@
-using Microsoft.AspNetCore.Authentication;
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Extensions for more information
+ * concerning the license and the contributors participating to this project.
+ */
+
+using JetBrains.Annotations;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Http;
 
-namespace AspNet.Security.OAuth.Introspection
-{
-    public abstract class BaseIntrospectionContext : BaseControlContext
-    {
+namespace AspNet.Security.OAuth.Introspection {
+    /// <summary>
+    /// Base class for all introspection events that holds common properties.
+    /// </summary>
+    public abstract class BaseIntrospectionContext : BaseContext {
         public BaseIntrospectionContext(
-            HttpContext context, 
-            OAuthIntrospectionOptions options) 
+            [NotNull]HttpContext context, 
+            [NotNull]OAuthIntrospectionOptions options) 
             : base(context) {
             Options = options;
         }
 
+        /// <summary>
+        /// Indicates the application has handled the event process.
+        /// </summary>
+        internal bool Handled { get; set; }
+
+        /// <summary>
+        /// The middleware Options.
+        /// </summary>
         public OAuthIntrospectionOptions Options { get; }
     }
 }

src/AspNet.Security.OAuth.Introspection/Events/AuthenticationFailedContext.cs

@@ -1,16 +1,48 @@
-using Microsoft.AspNetCore.Http;
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Extensions for more information
+ * concerning the license and the contributors participating to this project.
+ */
+
+using JetBrains.Annotations;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Http;
 using Newtonsoft.Json.Linq;
 
 namespace AspNet.Security.OAuth.Introspection {
+    /// <summary>
+    /// Allows interception of the AuthenticationTicket creation process.
+    /// </summary>
     public class CreateTicketContext : BaseIntrospectionContext {
         public CreateTicketContext(
-            HttpContext context,
-            OAuthIntrospectionOptions options,
-            JObject payload)
+            [NotNull]HttpContext context,
+            [NotNull]OAuthIntrospectionOptions options,
+            [NotNull]JObject payload)
             : base(context, options) {
             Payload = payload;
         }
 
-        public JObject Payload { get; set; }
+        /// <summary>
+        /// The payload from the introspection request to the authorization server.
+        /// </summary>
+        public JObject Payload { get; }
+
+        private AuthenticationTicket _ticket { get; set; }
+
+        /// <summary>
+        /// An <see cref="AuthenticationTicket"/> created by the application.
+        /// <remarks>
+        /// Set this property to indicate that the application has handled the creation of the
+        /// ticket. Set this property to null to instruct the middleware there was a failure
+        /// during ticket creation.
+        /// </remarks>
+        /// </summary>
+        public AuthenticationTicket Ticket {
+            get { return _ticket; }
+            set {
+                Handled = true;
+                _ticket = value;
+            }
+        }
     }
 }

src/AspNet.Security.OAuth.Introspection/Events/BaseIntrospectionContext.cs

@@ -1,17 +1,20 @@
-using System.Threading.Tasks;
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Extensions for more information
+ * concerning the license and the contributors participating to this project.
+ */
 
-namespace AspNet.Security.OAuth.Introspection {
-    public interface IOAuthIntrospectionEvents
-    {
-        /// <summary>
-        /// Invoked when an access token is first received.
-        /// </summary>
-        Task AccessTokenReceived(AccessTokenReceivedContext context);
+using System.Threading.Tasks;
 
+namespace AspNet.Security.OAuth.Introspection {
+    /// <summary>
+    /// Allows customization of introspection handling within the middleware.
+    /// </summary>
+    public interface IOAuthIntrospectionEvents {
         /// <summary>
-        /// Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
+        /// Invoked when a token is to be parsed from a newly-received request.
         /// </summary>
-        Task AuthenticationFailed(AuthenticationFailedContext context);
+        Task ParseAccessToken(ParseAccessTokenContext context);
 
         /// <summary>
         /// Invoked when a ticket is to be created from an introspection response.
@@ -24,13 +27,8 @@ public interface IOAuthIntrospectionEvents
         Task RequestTokenIntrospection(RequestTokenIntrospectionContext context);
 
         /// <summary>
-        /// Invoked after processing, when a token has been validated.
-        /// </summary>
-        Task TokenValidated(TokenValidatedContext context);
-
-        /// <summary>
-        /// Invoked when audiences are to be validated for a message.
+        /// Invoked when a token is to be validated, before final processing.
         /// </summary>
-        Task ValidateAudience(ValidateAudienceContext context);
+        Task ValidateToken(ValidateTokenContext context);
     }
 }

src/AspNet.Security.OAuth.Introspection/Events/CreateTicketContext.cs

@@ -1,67 +1,55 @@
-using System;
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Extensions for more information
+ * concerning the license and the contributors participating to this project.
+ */
+
+using System;
 using System.Threading.Tasks;
 
 namespace AspNet.Security.OAuth.Introspection {
-    public class OAuthIntrospectionEvents : IOAuthIntrospectionEvents
-    {
-        /// <summary>
-        /// Invoked when an access token is first received.
-        /// </summary>
-        public Func<AccessTokenReceivedContext, Task> OnAccessTokenReceived { get; set; } = context => Task.FromResult(0);
-
-        /// <summary>
-        /// Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
-        /// </summary>
-        public Func<AuthenticationFailedContext, Task> OnAuthenticationFailed { get; set; } = context => Task.FromResult(0);
-
+    /// <summary>
+    /// Allows customization of introspection handling within the middleware.
+    /// </summary>
+    public class OAuthIntrospectionEvents : IOAuthIntrospectionEvents {
         /// <summary>
         /// Invoked when a ticket is to be created from an introspection response.
         /// </summary>
         public Func<CreateTicketContext, Task> OnCreateTicket { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
-        /// Invoked when a token is to be sent to the authorization server for introspection.
+        /// Invoked when a token is to be parsed from a newly-received request.
         /// </summary>
-        public Func<RequestTokenIntrospectionContext, Task> OnRequestTokenIntrospection { get; set; } = context => Task.FromResult(0);
+        public Func<ParseAccessTokenContext, Task> OnParseAccessToken { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
-        /// Invoked after processing, when a token has been validated.
-        /// </summary>
-        public Func<TokenValidatedContext, Task> OnTokenValidated { get; set; } = context => Task.FromResult(0);
-
-        /// <summary>
-        /// Invoked when audiences are to be validated for a message.
-        /// </summary>
-        public Func<ValidateAudienceContext, Task> OnValidateAudience { get; set; } = context => Task.FromResult(0);
-
-        /// <summary>
-        /// Invoked when an access token is first received.
+        /// Invoked when a token is to be sent to the authorization server for introspection.
         /// </summary>
-        public virtual Task AccessTokenReceived(AccessTokenReceivedContext context) => OnAccessTokenReceived(context);
+        public Func<RequestTokenIntrospectionContext, Task> OnRequestTokenIntrospection { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
-        /// Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
+        /// Invoked when a token is to be validated, before final processing.
         /// </summary>
-        public virtual Task AuthenticationFailed(AuthenticationFailedContext context) => OnAuthenticationFailed(context);
+        public Func<ValidateTokenContext, Task> OnValidateToken { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
         /// Invoked when a ticket is to be created from an introspection response.
         /// </summary>
         public virtual Task CreateTicket(CreateTicketContext context) => OnCreateTicket(context);
 
         /// <summary>
-        /// Invoked when a token is to be sent to the authorization server for introspection.
+        /// Invoked when a token is to be parsed from a newly-received request.
         /// </summary>
-        public virtual Task RequestTokenIntrospection(RequestTokenIntrospectionContext context) => OnRequestTokenIntrospection(context);
+        public virtual Task ParseAccessToken(ParseAccessTokenContext context) => OnParseAccessToken(context);
 
         /// <summary>
-        /// Invoked after processing, when a token has been validated.
+        /// Invoked when a token is to be sent to the authorization server for introspection.
         /// </summary>
-        public virtual Task TokenValidated(TokenValidatedContext context) => OnTokenValidated(context);
+        public virtual Task RequestTokenIntrospection(RequestTokenIntrospectionContext context) => OnRequestTokenIntrospection(context);
 
         /// <summary>
-        /// Invoked when audiences are to be validated for a message.
+        /// Invoked when a token is to be validated, before final processing.
         /// </summary>
-        public virtual Task ValidateAudience(ValidateAudienceContext context) => OnValidateAudience(context);
+        public virtual Task ValidateToken(ValidateTokenContext context) => OnValidateToken(context);
     }
 }

src/AspNet.Security.OAuth.Introspection/Events/IOAuthIntrospectionEvents.cs

@@ -0,0 +1,38 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Extensions for more information
+ * concerning the license and the contributors participating to this project.
+ */
+
+using JetBrains.Annotations;
+using Microsoft.AspNetCore.Http;
+
+namespace AspNet.Security.OAuth.Introspection {
+    /// <summary>
+    /// Allows custom parsing of access tokens from requests.
+    /// </summary>
+    public class ParseAccessTokenContext : BaseIntrospectionContext {
+        public ParseAccessTokenContext(
+            [NotNull]HttpContext context,
+            [NotNull]OAuthIntrospectionOptions options)
+            : base(context, options) {
+        }
+
+        private string _token { get; set; }
+
+        /// <summary>
+        /// Gets or sets the access token.
+        /// <remarks>
+        /// Setting this property indicates to the middleware that the request has been processed
+        /// and a token extracted. Setting this to null will invalidate the token.
+        /// </remarks>
+        /// </summary>
+        public string Token {
+            get { return _token; }
+            set {
+                Handled = true;
+                _token = value;
+            }
+        }
+    }
+}

src/AspNet.Security.OAuth.Introspection/Events/OAuthIntrospectionEvents.cs

@@ -1,18 +1,53 @@
-using Microsoft.AspNetCore.Http;
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Extensions for more information
+ * concerning the license and the contributors participating to this project.
+ */
+
+using System.Net.Http;
+using Microsoft.AspNetCore.Http;
 using Newtonsoft.Json.Linq;
+using JetBrains.Annotations;
 
 namespace AspNet.Security.OAuth.Introspection {
+    /// <summary>
+    /// Allows for custom handling of the call to the Authorization Server's Introspection endpoint.
+    /// </summary>
     public class RequestTokenIntrospectionContext : BaseIntrospectionContext {
         public RequestTokenIntrospectionContext(
-            HttpContext context,
-            OAuthIntrospectionOptions options,
-            string token)
+            [NotNull]HttpContext context,
+            [NotNull]OAuthIntrospectionOptions options,
+            [NotNull]string token)
             : base(context, options) {
             Token = token;
         }
 
+        /// <summary>
+        /// An <see cref="HttpClient"/> for use by the application to call the authorization server.
+        /// </summary>
+        public HttpClient Client => Options.HttpClient;
+
+        /// <summary>
+        /// The access token parsed from the client request.
+        /// </summary>
         public string Token { get; }
 
-        public JObject Payload { get; set; }
+        private JObject _payload { get; set; }
+
+        /// <summary>
+        /// The data retrieved from the call to the introspection endpoint on the authorization server.
+        /// <remarks>
+        /// Set this property to indicate that the introspection call was handled
+        /// by the application. Set this property to null to instruct the middleware
+        /// to indicate a failure.
+        /// </remarks>
+        /// </summary>
+        public JObject Payload {
+            get { return _payload; }
+            set {
+                Handled = true;
+                Payload = value;
+            }
+        }
     }
 }