Allow clients to control the how the cache key is generated from a token. (DuendeArchive#131)

* DuendeArchive#130

Allow clients to control the how the cache key is generated from a token.
If a client can rely on IDistributedCache, a client can then have direct control over downstream caching functionality like Remove cache item.

Use Case:
The token that came in via the request has been mutated downstream, hence the claims that were generated from that token are no longer valid.  The claims in the cache vs the claims that the token is now pointing to are out of sync.

The downstream mutation flow must be able to remove the token from the cache so not to incur needless mutations for each new request for the duration of the cache.

* Fixed XML Comments.  No code change

Author: ghstahl

src/Infrastructure/CacheExtensions.cs

@@ -29,9 +29,10 @@ static CacheExtensions()
             Options.Converters.Add(new ClaimConverter());
         }
 
-        public static async Task<IEnumerable<Claim>> GetClaimsAsync(this IDistributedCache cache, string cacheKeyPrefix, string token)
+        public static async Task<IEnumerable<Claim>> GetClaimsAsync(this IDistributedCache cache, OAuth2IntrospectionOptions options, string token)
         {
-            var bytes = await cache.GetAsync($"{cacheKeyPrefix}{token.Sha256()}").ConfigureAwait(false);
+            var cacheKey = options.CacheKeyGenerator(options,token);
+            var bytes = await cache.GetAsync(cacheKey).ConfigureAwait(false);
 
             if (bytes == null)
             {
@@ -42,7 +43,7 @@ public static async Task<IEnumerable<Claim>> GetClaimsAsync(this IDistributedCac
             return JsonSerializer.Deserialize<IEnumerable<Claim>>(json, Options);
         }
 
-        public static async Task SetClaimsAsync(this IDistributedCache cache, string cacheKeyPrefix, string token, IEnumerable<Claim> claims, TimeSpan duration, ILogger logger)
+        public static async Task SetClaimsAsync(this IDistributedCache cache, OAuth2IntrospectionOptions options, string token, IEnumerable<Claim> claims, TimeSpan duration, ILogger logger)
         {
             var expClaim = claims.FirstOrDefault(c => c.Type == JwtClaimTypes.Expiration);
             if (expClaim == null)
@@ -76,7 +77,8 @@ public static async Task SetClaimsAsync(this IDistributedCache cache, string cac
             var bytes = Encoding.UTF8.GetBytes(json);
 
             logger.LogDebug("Setting cache item expiration to {expiration}", absoluteLifetime);
-            await cache.SetAsync($"{cacheKeyPrefix}{token.Sha256()}", bytes, new DistributedCacheEntryOptions { AbsoluteExpiration = absoluteLifetime }).ConfigureAwait(false);
+            var cacheKey = options.CacheKeyGenerator(options, token);
+            await cache.SetAsync(cacheKey, bytes, new DistributedCacheEntryOptions { AbsoluteExpiration = absoluteLifetime }).ConfigureAwait(false);
         }
     }
 }

src/Infrastructure/CacheUtils.cs

@@ -0,0 +1,27 @@
+// Copyright (c) Dominick Baier & Brock Allen. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Text;
+
+namespace IdentityModel.AspNetCore.OAuth2Introspection.Infrastructure
+{
+    /// <summary>
+    /// Defines some common cache utilities
+    /// </summary>
+    public static class CacheUtils
+    {
+        /// <summary>
+        /// Generates a cache key based opon input from OAuth2IntrospectionOptions and the token.
+        /// </summary>
+        /// <returns></returns>
+        public static Func<OAuth2IntrospectionOptions,string, string> CacheKeyFromToken()
+        {
+            return (options, token) =>
+            {
+                return $"{options.CacheKeyPrefix}{token.Sha256()}";
+            };
+        }
+    }
+}

src/OAuth2IntrospectionHandler.cs

@@ -87,7 +87,7 @@ protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
             // if caching is enable - let's check if we have a cached introspection
             if (Options.EnableCaching)
             {
-                var claims = await _cache.GetClaimsAsync(Options.CacheKeyPrefix, token).ConfigureAwait(false);
+                var claims = await _cache.GetClaimsAsync(Options, token).ConfigureAwait(false);
                 if (claims != null)
                 {
                     // find out if it is a cached inactive token
@@ -127,7 +127,7 @@ Lazy<Task<TokenIntrospectionResponse>> GetTokenIntrospectionResponseLazy(string
                 {
                     if (Options.EnableCaching)
                     {
-                        await _cache.SetClaimsAsync(Options.CacheKeyPrefix, token, response.Claims, Options.CacheDuration, _logger).ConfigureAwait(false);
+                        await _cache.SetClaimsAsync(Options, token, response.Claims, Options.CacheDuration, _logger).ConfigureAwait(false);
                     }
 
                     return await CreateTicket(response.Claims, token, Context, Scheme, Events, Options);
@@ -140,7 +140,7 @@ Lazy<Task<TokenIntrospectionResponse>> GetTokenIntrospectionResponseLazy(string
                         var claimsWithExp = response.Claims.ToList();
                         claimsWithExp.Add(new Claim("exp",
                             DateTimeOffset.UtcNow.Add(Options.CacheDuration).ToUnixTimeSeconds().ToString()));
-                        await _cache.SetClaimsAsync(Options.CacheKeyPrefix, token, claimsWithExp, Options.CacheDuration, _logger)
+                        await _cache.SetClaimsAsync(Options, token, claimsWithExp, Options.CacheDuration, _logger)
                             .ConfigureAwait(false);
                     }
 

src/OAuth2IntrospectionOptions.cs

@@ -113,6 +113,11 @@ public OAuth2IntrospectionOptions()
         /// </summary>
         public string CacheKeyPrefix { get; set; } = string.Empty;
 
+        /// <summary>
+        /// Specifies the method how to generate the cache key from the token
+        /// </summary>
+        public Func<OAuth2IntrospectionOptions,string, string> CacheKeyGenerator { get; set; } = CacheUtils.CacheKeyFromToken();
+
         /// <summary>
         /// Specifies the method how to retrieve the token from the HTTP request
         /// </summary>