Add Webflow provider (#1047)

Add Webflow provider.

Author: jerriep

AspNet.Security.OAuth.Providers.sln

@@ -221,6 +221,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "docs", "docs", "{C2CA4B38-A
 		docs\workweixin.md = docs\workweixin.md
 		docs\xumm.md = docs\xumm.md
 		docs\zendesk.md = docs\zendesk.md
+		docs\webflow.md = docs\webflow.md
 		docs\miro.md = docs\miro.md
 		docs\linear.md = docs\linear.md
 	EndProjectSection
@@ -320,6 +321,8 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AspNet.Security.OAuth.GitCo
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AspNet.Security.OAuth.Atlassian", "src\AspNet.Security.OAuth.Atlassian\AspNet.Security.OAuth.Atlassian.csproj", "{D2110C1B-6FE1-4D9A-81ED-93FB2AC85049}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AspNet.Security.OAuth.Webflow", "src\AspNet.Security.OAuth.Webflow\AspNet.Security.OAuth.Webflow.csproj", "{F5DA8A08-5089-4076-B0FC-3F4A5CBB9664}"
+EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AspNet.Security.OAuth.Miro", "src\AspNet.Security.OAuth.Miro\AspNet.Security.OAuth.Miro.csproj", "{7F22DE22-FDE8-4A14-AA65-D5B36098533E}"
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AspNet.Security.OAuth.Linear", "src\AspNet.Security.OAuth.Linear\AspNet.Security.OAuth.Linear.csproj", "{B1167108-CA36-4C6B-85B0-1C7F5A24E4A4}"
@@ -746,6 +749,10 @@ Global
 		{D2110C1B-6FE1-4D9A-81ED-93FB2AC85049}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{D2110C1B-6FE1-4D9A-81ED-93FB2AC85049}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{D2110C1B-6FE1-4D9A-81ED-93FB2AC85049}.Release|Any CPU.Build.0 = Release|Any CPU
+		{F5DA8A08-5089-4076-B0FC-3F4A5CBB9664}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{F5DA8A08-5089-4076-B0FC-3F4A5CBB9664}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{F5DA8A08-5089-4076-B0FC-3F4A5CBB9664}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{F5DA8A08-5089-4076-B0FC-3F4A5CBB9664}.Release|Any CPU.Build.0 = Release|Any CPU
 		{7F22DE22-FDE8-4A14-AA65-D5B36098533E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{7F22DE22-FDE8-4A14-AA65-D5B36098533E}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{7F22DE22-FDE8-4A14-AA65-D5B36098533E}.Release|Any CPU.ActiveCfg = Release|Any CPU
@@ -869,6 +876,7 @@ Global
 		{F3E62C24-5F82-4CF5-A994-0E10D04FB495} = {C1352FD3-AE8B-43EE-B45B-F6E0B3FBAC6D}
 		{668833D5-DB6A-475F-B0FD-A03462B037B8} = {C1352FD3-AE8B-43EE-B45B-F6E0B3FBAC6D}
 		{D2110C1B-6FE1-4D9A-81ED-93FB2AC85049} = {C1352FD3-AE8B-43EE-B45B-F6E0B3FBAC6D}
+		{F5DA8A08-5089-4076-B0FC-3F4A5CBB9664} = {C1352FD3-AE8B-43EE-B45B-F6E0B3FBAC6D}
 		{7F22DE22-FDE8-4A14-AA65-D5B36098533E} = {C1352FD3-AE8B-43EE-B45B-F6E0B3FBAC6D}
 		{B1167108-CA36-4C6B-85B0-1C7F5A24E4A4} = {C1352FD3-AE8B-43EE-B45B-F6E0B3FBAC6D}
 	EndGlobalSection

README.md

@@ -245,6 +245,7 @@ If a provider you're looking for does not exist, consider making a PR to add one
 | Visual Studio (Azure DevOps) | [![NuGet](https://img.shields.io/nuget/v/AspNet.Security.OAuth.VisualStudio?logo=nuget&label=NuGet&color=blue)](https://www.nuget.org/packages/AspNet.Security.OAuth.VisualStudio/ "Download AspNet.Security.OAuth.VisualStudio from NuGet.org") | [![MyGet](https://img.shields.io/myget/aspnet-contrib/vpre/AspNet.Security.OAuth.VisualStudio?logo=nuget&label=MyGet&color=blue)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.VisualStudio "Download AspNet.Security.OAuth.VisualStudio from MyGet.org") | [Documentation](https://docs.microsoft.com/en-us/azure/devops/integrate/get-started/authentication/oauth?view=azure-devops "Azure DevOps developer documentation") |
 | VK ID | [![NuGet](https://img.shields.io/nuget/v/AspNet.Security.OAuth.VkId?logo=nuget&label=NuGet&color=blue)](https://www.nuget.org/packages/AspNet.Security.OAuth.VkId/ "Download AspNet.Security.OAuth.VkId from NuGet.org") | [![MyGet](https://img.shields.io/myget/aspnet-contrib/vpre/AspNet.Security.OAuth.VkId?logo=nuget&label=MyGet&color=blue)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.VkId "Download AspNet.Security.OAuth.VkId from MyGet.org") | [Documentation](https://id.vk.com/about/business/go/docs/en/vkid/latest/vk-id/connection/start-integration/auth-without-sdk-web/ "VK ID developer documentation") |
 | Vkontakte | [![NuGet](https://img.shields.io/nuget/v/AspNet.Security.OAuth.Vkontakte?logo=nuget&label=NuGet&color=blue)](https://www.nuget.org/packages/AspNet.Security.OAuth.Vkontakte/ "Download AspNet.Security.OAuth.Vkontakte from NuGet.org") | [![MyGet](https://img.shields.io/myget/aspnet-contrib/vpre/AspNet.Security.OAuth.Vkontakte?logo=nuget&label=MyGet&color=blue)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.Vkontakte "Download AspNet.Security.OAuth.Vkontakte from MyGet.org") | [Documentation](https://vk.com/dev/access_token "Vkontakte developer documentation") |
+| Webflow | [![NuGet](https://img.shields.io/nuget/v/AspNet.Security.OAuth.Webflow?logo=nuget&label=NuGet&color=blue)](https://www.nuget.org/packages/AspNet.Security.OAuth.Webflow/ "Download AspNet.Security.OAuth.Webflow from NuGet.org") | [![MyGet](https://img.shields.io/myget/aspnet-contrib/vpre/AspNet.Security.OAuth.Webflow?logo=nuget&label=MyGet&color=blue)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.Webflow "Download AspNet.Security.OAuth.Webflow from MyGet.org") | [Documentation](https://developers.webflow.com/v2.0.0/data/reference/oauth-app "Webflow developer documentation") |
 | Weibo | [![NuGet](https://img.shields.io/nuget/v/AspNet.Security.OAuth.Weibo?logo=nuget&label=NuGet&color=blue)](https://www.nuget.org/packages/AspNet.Security.OAuth.Weibo/ "Download AspNet.Security.OAuth.Weibo from NuGet.org") | [![MyGet](https://img.shields.io/myget/aspnet-contrib/vpre/AspNet.Security.OAuth.Weibo?logo=nuget&label=MyGet&color=blue)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.Weibo "Download AspNet.Security.OAuth.Weibo from MyGet.org") | [Documentation](https://open.weibo.com/wiki/Oauth/en "Weibo developer documentation") |
 | Weixin (WeChat) | [![NuGet](https://img.shields.io/nuget/v/AspNet.Security.OAuth.Weixin?logo=nuget&label=NuGet&color=blue)](https://www.nuget.org/packages/AspNet.Security.OAuth.Weixin/ "Download AspNet.Security.OAuth.Weixin from NuGet.org") | [![MyGet](https://img.shields.io/myget/aspnet-contrib/vpre/AspNet.Security.OAuth.Weixin?logo=nuget&label=MyGet&color=blue)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.Weixin "Download AspNet.Security.OAuth.Weixin from MyGet.org") | [Documentation](https://open.wechat.com/cgi-bin/newreadtemplate?t=overseas_open/docs/web/login/login "WeChat developer documentation") |
 | WordPress | [![NuGet](https://img.shields.io/nuget/v/AspNet.Security.OAuth.WordPress?logo=nuget&label=NuGet&color=blue)](https://www.nuget.org/packages/AspNet.Security.OAuth.WordPress/ "Download AspNet.Security.OAuth.WordPress from NuGet.org") | [![MyGet](https://img.shields.io/myget/aspnet-contrib/vpre/AspNet.Security.OAuth.WordPress?logo=nuget&label=MyGet&color=blue)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.WordPress "Download AspNet.Security.OAuth.WordPress from MyGet.org") | [Documentation](https://developer.wordpress.com/docs/oauth2/ "WordPress developer documentation") |

docs/README.md

@@ -78,6 +78,7 @@ covered by the section above.
 | Twitch | _Optional_ | [Documentation](twitch.md "Twitch provider documentation") |
 | Twitter | _Optional_ | [Documentation](twitter.md "Twitter provider documentation") |
 | Vkontakte | _Optional_ | [Documentation](vkontakte.md "Vkontakte provider documentation") |
+| Webflow | _Optional_ | [Documentation](webflow.md "Webflow provider documentation") |
 | Weibo | _Optional_ | [Documentation](weibo.md "Weibo provider documentation") |
 | WorkWeixin (WeCom) | _Optional_ | [Documentation](workweixin.md "WorkWeixin provider documentation") |
 | Xero | _Optional_ | [Documentation](xero.md "Xero provider documentation") |

docs/webflow.md

@@ -0,0 +1,23 @@
+# Integrating the Webflow Provider
+
+> [!IMPORTANT]
+> When you create the OAuth application in Webflow, make sure to enable the Authorized user (Read-only) [scope](https://developers.webflow.com/v2.0.0/data/reference/scopes). If this scope is not enabled, retrieving the user information will fail, resulting in the entire authorization flow to fail.
+
+## Example
+
+```csharp
+services.AddAuthentication(options => /* Auth configuration */)
+        .AddWebflow(options =>
+        {
+            options.ClientId = configuration["Webflow:ClientId"] ?? string.Empty;
+            options.ClientSecret = configuration["Webflow:ClientSecret"] ?? string.Empty;
+        })
+```
+
+## Required Additional Settings
+
+_None._
+
+## Optional Settings
+
+_None._

src/AspNet.Security.OAuth.Webflow/AspNet.Security.OAuth.Webflow.csproj

@@ -0,0 +1,21 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <PackageValidationBaselineVersion>9.2.0</PackageValidationBaselineVersion>
+    <!-- TODO Remove once published to NuGet.org -->
+    <DisablePackageBaselineValidation>true</DisablePackageBaselineValidation>
+    <TargetFrameworks>$(DefaultNetCoreTargetFramework)</TargetFrameworks>
+  </PropertyGroup>
+
+  <PropertyGroup>
+    <Description>ASP.NET Core security middleware enabling Webflow authentication.</Description>
+    <Authors>Jerrie Pelser</Authors>
+    <PackageTags>aspnetcore;authentication;webflow;oauth;security</PackageTags>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <FrameworkReference Include="Microsoft.AspNetCore.App" />
+    <PackageReference Include="JetBrains.Annotations" PrivateAssets="All" />
+  </ItemGroup>
+
+</Project>

src/AspNet.Security.OAuth.Webflow/WebflowAuthenticationDefaults.cs

@@ -0,0 +1,48 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+namespace AspNet.Security.OAuth.Webflow;
+
+/// <summary>
+/// Default values used by the Webflow authentication middleware.
+/// </summary>
+public static class WebflowAuthenticationDefaults
+{
+    /// <summary>
+    /// Default value for <see cref="AuthenticationScheme.Name"/>.
+    /// </summary>
+    public const string AuthenticationScheme = "Webflow";
+
+    /// <summary>
+    /// Default value for <see cref="AuthenticationScheme.DisplayName"/>.
+    /// </summary>
+    public static readonly string DisplayName = "Webflow";
+
+    /// <summary>
+    /// Default value for <see cref="AuthenticationSchemeOptions.ClaimsIssuer"/>.
+    /// </summary>
+    public static readonly string Issuer = "Webflow";
+
+    /// <summary>
+    /// Default value for <see cref="RemoteAuthenticationOptions.CallbackPath"/>.
+    /// </summary>
+    public static readonly string CallbackPath = "/signin-webflow";
+
+    /// <summary>
+    /// Default value for <see cref="OAuthOptions.AuthorizationEndpoint"/>.
+    /// </summary>
+    public static readonly string AuthorizationEndpoint = "https://webflow.com/oauth/authorize";
+
+    /// <summary>
+    /// Default value for <see cref="OAuthOptions.TokenEndpoint"/>.
+    /// </summary>
+    public static readonly string TokenEndpoint = "https://api.webflow.com/oauth/access_token";
+
+    /// <summary>
+    /// Default value for <see cref="OAuthOptions.UserInformationEndpoint"/>.
+    /// </summary>
+    public static readonly string UserInformationEndpoint = "https://api.webflow.com/v2/token/authorized_by";
+}

src/AspNet.Security.OAuth.Webflow/WebflowAuthenticationExtensions.cs

@@ -0,0 +1,75 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+using AspNet.Security.OAuth.Webflow;
+using Microsoft.AspNetCore.Authentication;
+
+namespace Microsoft.Extensions.DependencyInjection;
+
+/// <summary>
+/// Extension methods to add Webflow authentication capabilities to an HTTP application pipeline.
+/// </summary>
+public static class WebflowAuthenticationExtensions
+{
+    /// <summary>
+    /// Adds <see cref="WebflowAuthenticationHandler"/> to the specified
+    /// <see cref="AuthenticationBuilder"/>, which enables Webflow authentication capabilities.
+    /// </summary>
+    /// <param name="builder">The authentication builder.</param>
+    /// <returns>A reference to this instance after the operation has completed.</returns>
+    public static AuthenticationBuilder AddWebflow([NotNull] this AuthenticationBuilder builder)
+    {
+        return builder.AddWebflow(WebflowAuthenticationDefaults.AuthenticationScheme, options => { });
+    }
+
+    /// <summary>
+    /// Adds <see cref="WebflowAuthenticationHandler"/> to the specified
+    /// <see cref="AuthenticationBuilder"/>, which enables Webflow authentication capabilities.
+    /// </summary>
+    /// <param name="builder">The authentication builder.</param>
+    /// <param name="configuration">The delegate used to configure the Webflow authentication options.</param>
+    /// <returns>A reference to this instance after the operation has completed.</returns>
+    public static AuthenticationBuilder AddWebflow(
+        [NotNull] this AuthenticationBuilder builder,
+        [NotNull] Action<WebflowAuthenticationOptions> configuration)
+    {
+        return builder.AddWebflow(WebflowAuthenticationDefaults.AuthenticationScheme, configuration);
+    }
+
+    /// <summary>
+    /// Adds <see cref="WebflowAuthenticationHandler"/> to the specified
+    /// <see cref="AuthenticationBuilder"/>, which enables Webflow authentication capabilities.
+    /// </summary>
+    /// <param name="builder">The authentication builder.</param>
+    /// <param name="scheme">The authentication scheme associated with this instance.</param>
+    /// <param name="configuration">The delegate used to configure the Webflow authentication options.</param>
+    /// <returns>The <see cref="AuthenticationBuilder"/>.</returns>
+    public static AuthenticationBuilder AddWebflow(
+        [NotNull] this AuthenticationBuilder builder,
+        [NotNull] string scheme,
+        [NotNull] Action<WebflowAuthenticationOptions> configuration)
+    {
+        return builder.AddWebflow(scheme, WebflowAuthenticationDefaults.DisplayName, configuration);
+    }
+
+    /// <summary>
+    /// Adds <see cref="WebflowAuthenticationHandler"/> to the specified
+    /// <see cref="AuthenticationBuilder"/>, which enables Webflow authentication capabilities.
+    /// </summary>
+    /// <param name="builder">The authentication builder.</param>
+    /// <param name="scheme">The authentication scheme associated with this instance.</param>
+    /// <param name="caption">The optional display name associated with this instance.</param>
+    /// <param name="configuration">The delegate used to configure the Webflow authentication options.</param>
+    /// <returns>The <see cref="AuthenticationBuilder"/>.</returns>
+    public static AuthenticationBuilder AddWebflow(
+        [NotNull] this AuthenticationBuilder builder,
+        [NotNull] string scheme,
+        [NotNull] string caption,
+        [NotNull] Action<WebflowAuthenticationOptions> configuration)
+    {
+        return builder.AddOAuth<WebflowAuthenticationOptions, WebflowAuthenticationHandler>(scheme, caption, configuration);
+    }
+}

src/AspNet.Security.OAuth.Webflow/WebflowAuthenticationHandler.cs

@@ -0,0 +1,75 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+using System.Net.Http.Headers;
+using System.Security.Claims;
+using System.Text.Encodings.Web;
+using System.Text.Json;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+
+namespace AspNet.Security.OAuth.Webflow;
+
+public partial class WebflowAuthenticationHandler(
+    [NotNull] IOptionsMonitor<WebflowAuthenticationOptions> options,
+    [NotNull] ILoggerFactory logger,
+    [NotNull] UrlEncoder encoder) : OAuthHandler<WebflowAuthenticationOptions>(options, logger, encoder)
+{
+    protected override async Task<AuthenticationTicket> CreateTicketAsync(
+        [NotNull] ClaimsIdentity identity,
+        [NotNull] AuthenticationProperties properties,
+        [NotNull] OAuthTokenResponse tokens)
+    {
+        using var request = new HttpRequestMessage(HttpMethod.Get, Options.UserInformationEndpoint);
+        request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
+        request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", tokens.AccessToken);
+
+        using var response = await Backchannel.SendAsync(request, HttpCompletionOption.ResponseHeadersRead, Context.RequestAborted);
+        if (!response.IsSuccessStatusCode)
+        {
+            await Log.UserProfileErrorAsync(Logger, response, Context.RequestAborted);
+            throw new HttpRequestException("An error occurred while retrieving the user profile from Webflow.");
+        }
+
+        using var payload = JsonDocument.Parse(await response.Content.ReadAsStringAsync(Context.RequestAborted));
+
+        var principal = new ClaimsPrincipal(identity);
+        var context = new OAuthCreatingTicketContext(
+            principal,
+            properties,
+            Context,
+            Scheme,
+            Options,
+            Backchannel,
+            tokens,
+            payload.RootElement);
+        context.RunClaimActions();
+
+        await Events.CreatingTicket(context);
+        return new AuthenticationTicket(context.Principal!, context.Properties, Scheme.Name);
+    }
+
+    private static partial class Log
+    {
+        internal static async Task UserProfileErrorAsync(ILogger logger, HttpResponseMessage response, CancellationToken cancellationToken)
+        {
+            UserProfileError(
+                logger,
+                response.StatusCode,
+                response.Headers.ToString(),
+                await response.Content.ReadAsStringAsync(cancellationToken));
+        }
+
+        [LoggerMessage(1,
+            LogLevel.Error,
+            "An error occurred while retrieving the user profile: the remote server returned a {Status} response with the following payload: {Headers} {Body}.")]
+        private static partial void UserProfileError(
+            ILogger logger,
+            System.Net.HttpStatusCode status,
+            string headers,
+            string body);
+    }
+}

src/AspNet.Security.OAuth.Webflow/WebflowAuthenticationOptions.cs

@@ -0,0 +1,33 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+using System.Security.Claims;
+
+namespace AspNet.Security.OAuth.Webflow;
+
+/// <summary>
+/// Defines a set of options used by <see cref="WebflowAuthenticationHandler"/>.
+/// </summary>
+public class WebflowAuthenticationOptions : OAuthOptions
+{
+    public WebflowAuthenticationOptions()
+    {
+        ClaimsIssuer = WebflowAuthenticationDefaults.Issuer;
+
+        CallbackPath = WebflowAuthenticationDefaults.CallbackPath;
+
+        AuthorizationEndpoint = WebflowAuthenticationDefaults.AuthorizationEndpoint;
+        TokenEndpoint = WebflowAuthenticationDefaults.TokenEndpoint;
+        UserInformationEndpoint = WebflowAuthenticationDefaults.UserInformationEndpoint;
+
+        Scope.Add("authorized_user:read");
+
+        ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "id");
+        ClaimActions.MapJsonKey(ClaimTypes.Email, "email");
+        ClaimActions.MapJsonKey(ClaimTypes.GivenName, "firstName");
+        ClaimActions.MapJsonKey(ClaimTypes.Surname, "lastName");
+    }
+}