From e775895adbfef8233ad4d956dee818bc968f24c0 Mon Sep 17 00:00:00 2001
From: Martin Costello <martin@martincostello.com>
Date: Thu, 15 Dec 2022 13:42:00 +0000
Subject: [PATCH] Revert: Added flexible subdomain support for UserInfo
 endpoint (#750)

* Revert "Update src/AspNet.Security.OAuth.SuperOffice/SuperOfficeAuthenticationHandler.cs"

This reverts commit 8388be45da32e1d8fb1820e504c40589cc525ad5.

* Revert "Decontruct result from getting tenant id and webapi url."

This reverts commit b2f852776828dfddce2a2f42a33036ce861f78ff.

* Revert "Added flexible subdomain support for UserInfo endpoint. Updated docs link."

This reverts commit 2ec4b74d0cbf543c0d05089371611b7bd21fa60d.
---
 README.md                                     |  2 +-
 .../SuperOfficeAuthenticationConstants.cs     |  2 +-
 .../SuperOfficeAuthenticationHandler.cs       | 25 +++++--------------
 .../SuperOfficeAuthenticationOptions.cs       |  3 +++
 4 files changed, 11 insertions(+), 21 deletions(-)

diff --git a/README.md b/README.md
index 303b823af..6f6f66308 100644
--- a/README.md
+++ b/README.md
@@ -194,7 +194,7 @@ If a provider you're looking for does not exist, consider making a PR to add one
 | Stack Exchange | [![NuGet](https://buildstats.info/nuget/AspNet.Security.OAuth.StackExchange?includePreReleases=false)](https://www.nuget.org/packages/AspNet.Security.OAuth.StackExchange/ "Download AspNet.Security.OAuth.StackExchange from NuGet.org") | [![MyGet](https://buildstats.info/myget/aspnet-contrib/AspNet.Security.OAuth.StackExchange?includePreReleases=true)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.StackExchange "Download AspNet.Security.OAuth.StackExchange from MyGet.org") | [Documentation](https://api.stackexchange.com/docs/authentication "Stack Exchange developer documentation") |
 | Strava | [![NuGet](https://buildstats.info/nuget/AspNet.Security.OAuth.Strava?includePreReleases=false)](https://www.nuget.org/packages/AspNet.Security.OAuth.Strava/ "Download AspNet.Security.OAuth.Strava from NuGet.org") | [![MyGet](https://buildstats.info/myget/aspnet-contrib/AspNet.Security.OAuth.Strava?includePreReleases=true)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.Strava "Download AspNet.Security.OAuth.Strava from MyGet.org") | [Documentation](https://developers.strava.com/docs/authentication/ "Strava developer documentation") |
 | Streamlabs | [![NuGet](https://buildstats.info/nuget/AspNet.Security.OAuth.Streamlabs?includePreReleases=false)](https://www.nuget.org/packages/AspNet.Security.OAuth.Streamlabs/ "Download AspNet.Security.OAuth.Streamlabs from NuGet.org") | [![MyGet](https://buildstats.info/myget/aspnet-contrib/AspNet.Security.OAuth.Streamlabs?includePreReleases=true)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.Streamlabs "Download AspNet.Security.OAuth.Streamlabs from MyGet.org") | [Documentation](https://dev.streamlabs.com/reference#authorize "Streamlabs developer documentation") |
-| SuperOffice | [![NuGet](https://buildstats.info/nuget/AspNet.Security.OAuth.SuperOffice?includePreReleases=false)](https://www.nuget.org/packages/AspNet.Security.OAuth.SuperOffice/ "Download AspNet.Security.OAuth.SuperOffice from NuGet.org") | [![MyGet](https://buildstats.info/myget/aspnet-contrib/AspNet.Security.OAuth.SuperOffice?includePreReleases=true)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.SuperOffice "Download AspNet.Security.OAuth.SuperOffice from MyGet.org") | [Documentation](https://docs.superoffice.com/authentication/online/index.html "SuperOffice developer documentation") |
+| SuperOffice | [![NuGet](https://buildstats.info/nuget/AspNet.Security.OAuth.SuperOffice?includePreReleases=false)](https://www.nuget.org/packages/AspNet.Security.OAuth.SuperOffice/ "Download AspNet.Security.OAuth.SuperOffice from NuGet.org") | [![MyGet](https://buildstats.info/myget/aspnet-contrib/AspNet.Security.OAuth.SuperOffice?includePreReleases=true)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.SuperOffice "Download AspNet.Security.OAuth.SuperOffice from MyGet.org") | [Documentation](https://community.superoffice.com/en/developer/create-apps/concepts/authentication/ "SuperOffice developer documentation") |
 | Trakt | [![NuGet](https://buildstats.info/nuget/AspNet.Security.OAuth.Trakt?includePreReleases=false)](https://www.nuget.org/packages/AspNet.Security.OAuth.Trakt/ "Download AspNet.Security.OAuth.Trakt from NuGet.org") | [![MyGet](https://buildstats.info/myget/aspnet-contrib/AspNet.Security.OAuth.Trakt?includePreReleases=true)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.Trakt "Download AspNet.Security.OAuth.Trakt from MyGet.org") | [Documentation](https://trakt.docs.apiary.io/ "Trakt developer documentation") |
 | Trovo | [![NuGet](https://buildstats.info/nuget/AspNet.Security.OAuth.Trovo?includePreReleases=false)](https://www.nuget.org/packages/AspNet.Security.OAuth.Trovo/ "Download AspNet.Security.OAuth.Trovo from NuGet.org") | [![MyGet](https://buildstats.info/myget/aspnet-contrib/AspNet.Security.OAuth.Trovo?includePreReleases=true)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.Trovo "Download AspNet.Security.OAuth.Trovo from MyGet.org") | [Documentation](https://developer.trovo.live/docs/APIs.html "Trovo developer documentation") |
 | Twitch | [![NuGet](https://buildstats.info/nuget/AspNet.Security.OAuth.Twitch?includePreReleases=false)](https://www.nuget.org/packages/AspNet.Security.OAuth.Twitch/ "Download AspNet.Security.OAuth.Twitch from NuGet.org") | [![MyGet](https://buildstats.info/myget/aspnet-contrib/AspNet.Security.OAuth.Twitch?includePreReleases=true)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.Twitch "Download AspNet.Security.OAuth.Twitch from MyGet.org") | [Documentation](https://dev.twitch.tv/docs/authentication/ "Twitch developer documentation") |
diff --git a/src/AspNet.Security.OAuth.SuperOffice/SuperOfficeAuthenticationConstants.cs b/src/AspNet.Security.OAuth.SuperOffice/SuperOfficeAuthenticationConstants.cs
index 330bd679d..0c087c764 100644
--- a/src/AspNet.Security.OAuth.SuperOffice/SuperOfficeAuthenticationConstants.cs
+++ b/src/AspNet.Security.OAuth.SuperOffice/SuperOfficeAuthenticationConstants.cs
@@ -131,7 +131,7 @@ internal static class FormatStrings
         /// </summary>
         /// <remarks>The final user information URL contains the protocol, host and tenant.</remarks>
         /// <example>https://sod.superoffice.com/Cust12345/api/v1/user/currentPrincipal</example>
-        public const string UserInfoEndpoint = "{0}v1/user/currentPrincipal";
+        public const string UserInfoEndpoint = "/{0}/api/v1/user/currentPrincipal";
     }
 
     public static class PrincipalNames
diff --git a/src/AspNet.Security.OAuth.SuperOffice/SuperOfficeAuthenticationHandler.cs b/src/AspNet.Security.OAuth.SuperOffice/SuperOfficeAuthenticationHandler.cs
index beca5364a..982bbbaaf 100644
--- a/src/AspNet.Security.OAuth.SuperOffice/SuperOfficeAuthenticationHandler.cs
+++ b/src/AspNet.Security.OAuth.SuperOffice/SuperOfficeAuthenticationHandler.cs
@@ -36,22 +36,15 @@ protected override async Task<AuthenticationTicket> CreateTicketAsync(
         [NotNull] AuthenticationProperties properties,
         [NotNull] OAuthTokenResponse tokens)
     {
-        (string tenantId, string webApiUrl) = await ProcessIdTokenAndGetContactIdentifierAsync(tokens, properties, identity);
+        var contextId = await ProcessIdTokenAndGetContactIdentifierAsync(tokens, properties, identity);
 
-        if (string.IsNullOrEmpty(tenantId))
+        if (string.IsNullOrEmpty(contextId))
         {
             throw new InvalidOperationException("An error occurred trying to obtain the context identifier from the current user's identity claims.");
         }
 
-        if (string.IsNullOrEmpty(webApiUrl))
-        {
-            throw new InvalidOperationException("An error occurred trying to obtain the WebApi from the current user's identity claims.");
-        }
-
-        // UserInfo endpoint must support multiple subdomains, i.e. sod, sod1, online, online1, online2, ...
-        // - subdomain only becomes known from id token
-        // Example WebApi Url https://sod.superoffice.com/Cust12345/api/
-        var userInfoEndpoint = string.Format(CultureInfo.InvariantCulture, SuperOfficeAuthenticationConstants.FormatStrings.UserInfoEndpoint, webApiUrl);
+        // Add contextId to the Options.UserInformationEndpoint (https://sod.superoffice.com/{0}/api/v1/user/currentPrincipal).
+        var userInfoEndpoint = string.Format(CultureInfo.InvariantCulture, Options.UserInformationEndpoint, contextId);
 
         // Get the SuperOffice user principal.
         using var request = new HttpRequestMessage(HttpMethod.Get, userInfoEndpoint);
@@ -76,7 +69,7 @@ protected override async Task<AuthenticationTicket> CreateTicketAsync(
         return new AuthenticationTicket(context.Principal!, context.Properties, Scheme.Name);
     }
 
-    private async Task<(string TenantId, string WebApiUrl)> ProcessIdTokenAndGetContactIdentifierAsync(
+    private async Task<string> ProcessIdTokenAndGetContactIdentifierAsync(
         [NotNull] OAuthTokenResponse tokens,
         [NotNull] AuthenticationProperties properties,
         [NotNull] ClaimsIdentity identity)
@@ -92,7 +85,6 @@ protected override async Task<AuthenticationTicket> CreateTicketAsync(
         var tokenValidationResult = await ValidateAsync(idToken, Options.TokenValidationParameters.Clone());
 
         var contextIdentifier = string.Empty;
-        var webApiUrl = string.Empty;
 
         foreach (var claim in tokenValidationResult.ClaimsIdentity.Claims)
         {
@@ -101,11 +93,6 @@ protected override async Task<AuthenticationTicket> CreateTicketAsync(
                 contextIdentifier = claim.Value;
             }
 
-            if (claim.Type == SuperOfficeAuthenticationConstants.ClaimNames.WebApiUrl)
-            {
-                webApiUrl = claim.Value;
-            }
-
             if (claim.Type == SuperOfficeAuthenticationConstants.ClaimNames.SubjectIdentifier)
             {
                 identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, claim.Value));
@@ -122,7 +109,7 @@ protected override async Task<AuthenticationTicket> CreateTicketAsync(
             }
         }
 
-        return (contextIdentifier, webApiUrl);
+        return contextIdentifier;
     }
 
     /// <summary>
diff --git a/src/AspNet.Security.OAuth.SuperOffice/SuperOfficeAuthenticationOptions.cs b/src/AspNet.Security.OAuth.SuperOffice/SuperOfficeAuthenticationOptions.cs
index 12ef6fa94..c0c8bd8d2 100644
--- a/src/AspNet.Security.OAuth.SuperOffice/SuperOfficeAuthenticationOptions.cs
+++ b/src/AspNet.Security.OAuth.SuperOffice/SuperOfficeAuthenticationOptions.cs
@@ -160,6 +160,9 @@ private void UpdateEndpoints()
             FormatStrings.ClaimsIssuer,
             env);
 
+        // UserInformationEndpoint will include context identifier after authentication in SuperOfficeAuthenticationHandler.CreateTicketAsync
+        UserInformationEndpoint = string.Concat(ClaimsIssuer, FormatStrings.UserInfoEndpoint);
+
         MetadataAddress = string.Format(CultureInfo.InvariantCulture,
             FormatStrings.MetadataEndpoint,
             env);