Add support for Dropbox token_access_type parameter (#579)

* Add support for Dropbox response_type and token_access_type params

* Follow comment standards in src/AspNet.Security.OAuth.Dropbox/DropboxAuthenticationOptions.cs

Co-authored-by: Martin Costello <[email protected]>

* Add Dropbox readme with example and optional parameter documentation

* Fix casing on options comment

* Remove ResponseType option

* Add token_access_type tests

* Ignore case in string comparison of test

Co-authored-by: Martin Costello <[email protected]>

Co-authored-by: Martin Costello <[email protected]>

Author: kiddailey

AspNet.Security.OAuth.Providers.sln

@@ -189,6 +189,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "docs", "docs", "{C2CA4B38-A
 		docs\battlenet.md = docs\battlenet.md
 		docs\bitbucket.md = docs\bitbucket.md
 		docs\discord.md = docs\discord.md
+		docs\dropbox.md = docs\dropbox.md
 		docs\eveonline.md = docs\eveonline.md
 		docs\foursquare.md = docs\foursquare.md
 		docs\gitee.md = docs\gitee.md

docs/dropbox.md

@@ -0,0 +1,30 @@
+# Integrating the Dropbox Provider
+
+## Example
+
+```csharp
+services.AddAuthentication(options => /* Auth configuration */)
+        .AddDropbox(options =>
+        {
+            options.ClientId = "my-client-id";
+            options.ClientSecret = "my-client-secret";
+        });
+```
+
+## Required Additional Settings
+
+_None._
+
+## Optional Settings
+
+| Property Name | Property Type | Description | Default Value |
+|:--|:--|:--|:--|
+| `AccessType` | `string?` | Sets the _token_access_type_ parameter which defines the token response.  Accepted values are `online`, `offline`, `legacy` | `null` |
+
+### AccessType
+
+* `online` The response will contain only a short-lived _access_token_. 
+
+* `offline` The response will contain a short-lived _access_token_ and a long-lived _refresh_token_ that can be used to request a new short-lived access token as long as a user's approval remains valid. 
+
+* `legacy` The response will default to returning a long-lived _access_token_ if they are allowed in the app console. If long-lived access tokens are disabled in the app console, this parameter defaults to `online`.

src/AspNet.Security.OAuth.Dropbox/DropboxAuthenticationHandler.cs

@@ -1,4 +1,4 @@
-/*
+/*
  * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
  * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
  * for more information concerning the license and the contributors participating to this project.
@@ -13,6 +13,7 @@
 using JetBrains.Annotations;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.OAuth;
+using Microsoft.AspNetCore.WebUtilities;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 
@@ -29,6 +30,21 @@ public DropboxAuthenticationHandler(
         {
         }
 
+        /// <inheritdoc />
+        protected override string BuildChallengeUrl(
+            [NotNull] AuthenticationProperties properties,
+            [NotNull] string redirectUri)
+        {
+            string challengeUrl = base.BuildChallengeUrl(properties, redirectUri);
+
+            if (!string.IsNullOrEmpty(Options.AccessType))
+            {
+                challengeUrl = QueryHelpers.AddQueryString(challengeUrl, "token_access_type", Options.AccessType);
+            }
+
+            return challengeUrl;
+        }
+
         protected override async Task<AuthenticationTicket> CreateTicketAsync(
             [NotNull] ClaimsIdentity identity,
             [NotNull] AuthenticationProperties properties,

src/AspNet.Security.OAuth.Dropbox/DropboxAuthenticationOptions.cs

@@ -1,4 +1,4 @@
-/*
+/*
  * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
  * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
  * for more information concerning the license and the contributors participating to this project.
@@ -15,6 +15,11 @@ namespace AspNet.Security.OAuth.Dropbox
     /// </summary>
     public class DropboxAuthenticationOptions : OAuthOptions
     {
+        /// <summary>
+        /// Gets or sets what the response type from Dropbox should be: online, offline or legacy.
+        /// </summary>
+        public string? AccessType { get; set; }
+
         public DropboxAuthenticationOptions()
         {
             ClaimsIssuer = DropboxAuthenticationDefaults.Issuer;

test/AspNet.Security.OAuth.Providers.Tests/Dropbox/DropboxTests.cs

@@ -4,10 +4,13 @@
  * for more information concerning the license and the contributors participating to this project.
  */
 
+using System;
 using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.OAuth;
 using Microsoft.Extensions.DependencyInjection;
+using Shouldly;
 using Xunit;
 using Xunit.Abstractions;
 
@@ -42,5 +45,71 @@ public async Task Can_Sign_In_Using_Dropbox(string claimType, string claimValue)
             // Assert
             AssertClaim(claims, claimType, claimValue);
         }
+
+        [Theory]
+        [InlineData("offline")]
+        [InlineData("online")]
+        [InlineData("legacy")]
+        public async Task RedirectUri_Contains_Access_Type(string value)
+        {
+            bool accessTypeIsSet = false;
+
+            void ConfigureServices(IServiceCollection services)
+            {
+                services.PostConfigureAll<DropboxAuthenticationOptions>((options) =>
+                {
+                    options.AccessType = value;
+                    options.Events = new OAuthEvents
+                    {
+                        OnRedirectToAuthorizationEndpoint = ctx =>
+                        {
+                            accessTypeIsSet = ctx.RedirectUri.Contains($"token_access_type={value}", StringComparison.OrdinalIgnoreCase);
+                            ctx.Response.Redirect(ctx.RedirectUri);
+                            return Task.CompletedTask;
+                        }
+                    };
+                });
+            }
+
+            // Arrange
+            using var server = CreateTestServer(ConfigureServices);
+
+            // Act
+            var claims = await AuthenticateUserAsync(server);
+
+            // Assert
+            accessTypeIsSet.ShouldBeTrue();
+        }
+
+        [Fact]
+        public async Task Response_Contains_Refresh_Token()
+        {
+            bool refreshTokenIsPresent = false;
+
+            void ConfigureServices(IServiceCollection services)
+            {
+                services.PostConfigureAll<DropboxAuthenticationOptions>((options) =>
+                {
+                    options.AccessType = "offline";
+                    options.Events = new OAuthEvents
+                    {
+                        OnCreatingTicket = ctx =>
+                        {
+                            refreshTokenIsPresent = !string.IsNullOrEmpty(ctx.RefreshToken);
+                            return Task.CompletedTask;
+                        }
+                    };
+                });
+            }
+
+            // Arrange
+            using var server = CreateTestServer(ConfigureServices);
+
+            // Act
+            var claims = await AuthenticateUserAsync(server);
+
+            // Assert
+            refreshTokenIsPresent.ShouldBeTrue();
+        }
     }
 }

test/AspNet.Security.OAuth.Providers.Tests/Dropbox/bundle.json

@@ -9,6 +9,7 @@
       "contentJson": {
         "access_token": "ABCDEFG",
         "token_type": "bearer",
+        "refresh_token": "secret-refresh-token",
         "account_id": "dbid:AAH4f99T0taONIb-OurWxbNQ6ywGRopQngc",
         "uid": "12345"
       }