contentstack-management-dotnet/Contentstack.Management.Core/Models/OAuthOptions.cs at dfd6dbfe135c75acad636f11e32295ff5fe27ffd · contentstack/contentstack-management-dotnet · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
using System;

namespace Contentstack.Management.Core.Models
{
    /// <summary>
    /// Configuration options for OAuth authentication.
    /// </summary>
    public class OAuthOptions
    {
        /// <summary>
        /// The OAuth application ID. Defaults to the Contentstack app ID.
        /// </summary>
        public string AppId { get; set; } = "6400aa06db64de001a31c8a9";

        /// <summary>
        /// The OAuth client ID. Defaults to the Contentstack client ID.
        /// </summary>
        public string ClientId { get; set; } = "Ie0FEfTzlfAHL4xM";

        /// <summary>
        /// The redirect URI for OAuth callbacks. Defaults to localhost:8184.
        /// </summary>
        public string RedirectUri { get; set; } = "http://localhost:8184";

        /// <summary>
        /// The OAuth client secret. If provided, PKCE flow will be skipped.
        /// If null or empty, PKCE flow will be used for enhanced security.
        /// </summary>
        public string ClientSecret { get; set; }

        /// <summary>
        /// The OAuth response type. Defaults to "code" for authorization code flow.
        /// </summary>
        public string ResponseType { get; set; } = "code";

        /// <summary>
        /// The OAuth scopes to request. Optional array of permission scopes.
        /// </summary>
        public string[] Scope { get; set; }

        /// <summary>
        /// Indicates whether PKCE (Proof Key for Code Exchange) flow should be used.
        /// This is automatically determined based on whether ClientSecret is provided.
        /// </summary>
        public bool UsePkce => string.IsNullOrEmpty(ClientSecret);

        /// <summary>
        /// Validates the OAuth options configuration.
        /// </summary>
        /// <returns>True if the configuration is valid, false otherwise.</returns>
        public bool IsValid()
        {
            return IsValid(out _);
        }

        /// <summary>
        /// Validates the OAuth options configuration and provides detailed error information.
        /// </summary>
        /// <param name="errorMessage">The validation error message if validation fails.</param>
        /// <returns>True if the configuration is valid, false otherwise.</returns>
        public bool IsValid(out string errorMessage)
        {
            errorMessage = null;

            if (string.IsNullOrWhiteSpace(AppId))
            {
                errorMessage = "AppId is required for OAuth configuration.";
                return false;
            }

            if (string.IsNullOrWhiteSpace(ClientId))
            {
                errorMessage = "ClientId is required for OAuth configuration.";
                return false;
            }

            if (string.IsNullOrWhiteSpace(RedirectUri))
            {
                errorMessage = "RedirectUri is required for OAuth configuration.";
                return false;
            }

            if (!Uri.TryCreate(RedirectUri, UriKind.Absolute, out var redirectUri))
            {
                errorMessage = "RedirectUri must be a valid absolute URI.";
                return false;
            }

            if (redirectUri.Scheme != "http" && redirectUri.Scheme != "https")
            {
                errorMessage = "RedirectUri must use http or https scheme.";
                return false;
            }

            if (string.IsNullOrWhiteSpace(ResponseType))
            {
                errorMessage = "ResponseType is required for OAuth configuration.";
                return false;
            }

            if (ResponseType != "code")
            {
                errorMessage = "ResponseType must be 'code' for authorization code flow.";
                return false;
            }

            // For traditional OAuth flow (non-PKCE), client secret is required
            if (!UsePkce && string.IsNullOrWhiteSpace(ClientSecret))
            {
                errorMessage = "ClientSecret is required for traditional OAuth flow. Use PKCE flow (leave ClientSecret empty) for public clients.";
                return false;
            }

            return true;
        }

        /// <summary>
        /// Validates the OAuth options configuration and throws an exception if invalid.
        /// </summary>
        /// <exception cref="OAuthConfigurationException">Thrown when the configuration is invalid.</exception>
        public void Validate()
        {
            if (!IsValid(out var errorMessage))
            {
                throw new Exceptions.OAuthConfigurationException(errorMessage);
            }
        }

        /// <summary>
        /// Gets a string representation of the OAuth options for debugging.
        /// </summary>
        /// <returns>A string representation of the OAuth options.</returns>
        public override string ToString()
        {
            return $"OAuthOptions: AppId={AppId}, ClientId={ClientId}, RedirectUri={RedirectUri}, " +
                   $"ResponseType={ResponseType}, UsePkce={UsePkce}, HasScope={Scope?.Length > 0}";
        }
    }
}