Merge remote-tracking branch 'origin/make-client-retrieval-more-extensible' into auth/pm-20532/tech-breakdown-poc-token-based-send-authn-and-authz

src/Identity/IdentityServer/ClientProviders/SecretsManagerApiKeyProvider.cs

@@ -9,6 +9,8 @@ namespace Bit.Identity.IdentityServer.ClientProviders;
 
 internal class SecretsManagerApiKeyProvider : IClientProvider
 {
+    public const string ApiKeyPrefix = "apikey";
+
     private readonly IApiKeyRepository _apiKeyRepository;
     private readonly IOrganizationRepository _organizationRepository;
 

src/Identity/IdentityServer/DynamicClientStore.cs

@@ -1,5 +1,6 @@
 #nullable enable
 
+using Bit.Identity.IdentityServer.ClientProviders;
 using Duende.IdentityServer.Models;
 using Duende.IdentityServer.Stores;
 
@@ -18,7 +19,7 @@ internal class DynamicClientStore : IClientStore
 
     public DynamicClientStore(
       IServiceProvider serviceProvider,
-      [FromKeyedServices("sm-apikey")] IClientProvider apiKeyClientProvider,
+      [FromKeyedServices(SecretsManagerApiKeyProvider.ApiKeyPrefix)] IClientProvider apiKeyClientProvider,
       StaticClientStore staticClientStore
     )
     {
@@ -46,8 +47,6 @@ internal class DynamicClientStore : IClientStore
             // Increment past the period
             var identifierName = clientIdSpan[..firstPeriod++];
 
-            // TODO: Validate some rules about the identifierName?
-
             var identifier = clientIdSpan[firstPeriod..];
 
             // The identifier is required to be non-empty
@@ -56,6 +55,7 @@ internal class DynamicClientStore : IClientStore
                 return Task.FromResult<Client?>(null);
             }
 
+            // Once identifierName is proven valid, materialize the string
             var clientBuilder = _serviceProvider.GetKeyedService<IClientProvider>(identifierName.ToString());
 
             if (clientBuilder == null)

src/Identity/IdentityServer/ServiceCollectionExtensions.cs

@@ -4,15 +4,23 @@ namespace Microsoft.Extensions.DependencyInjection;
 
 public static class ServiceCollectionExtensions
 {
+    /// <summary>
+    /// Registers a custom <see cref="IClientProvider"/> for the given identifier to be called when a client id with
+    /// the identifier is attempting authentication.
+    /// </summary>
+    /// <typeparam name="T">Your custom implementation of <see cref="IClientProvider"/>.</typeparam>
+    /// <param name="services">The service collection to add services to.</param>
+    /// <param name="identifier">
+    /// The identifier to be used to invoke your client provider if a <c>client_id</c> is prefixed with your identifier
+    /// then your <see cref="IClientProvider"/> implementation will be invoked with the data after the seperating <c>.</c>.
+    /// </param>
+    /// <returns>The <see cref="IServiceCollection"/> for additional chaining.</returns>
     public static IServiceCollection AddClientProvider<T>(this IServiceCollection services, string identifier)
         where T : class, IClientProvider
     {
         ArgumentNullException.ThrowIfNull(services);
         ArgumentException.ThrowIfNullOrWhiteSpace(identifier);
 
-        // TODO: Track name so that if they register the same one twice it's an error?
-
-        // TODO: We could allow customization of service lifetime
         services.AddKeyedTransient<IClientProvider, T>(identifier);
 
         return services;

src/Identity/Utilities/ServiceCollectionExtensions.cs

@@ -78,7 +78,7 @@ public static class ServiceCollectionExtensions
 
         services.AddClientProvider<UserClientProvider>("user");
         services.AddClientProvider<OrganizationClientProvider>("organization");
-        services.AddClientProvider<SecretsManagerApiKeyProvider>("sm-apikey");
+        services.AddClientProvider<SecretsManagerApiKeyProvider>(SecretsManagerApiKeyProvider.ApiKeyPrefix);
 
         if (CoreHelpers.SettingHasValue(globalSettings.IdentityServer.CosmosConnectionString))
         {