Altinn · simen-rekkedal · Apr 24, 2024 · Apr 23, 2024 · Apr 23, 2024 · Apr 23, 2024
diff --git a/...nn.Authentication.UI/Altinn.Authentication.UI.Core/Authentication/HttpClientExtensions.cs b/...nn.Authentication.UI/Altinn.Authentication.UI.Core/Authentication/HttpClientExtensions.cs
diff --git a/...Authentication.UI/Altinn.Authentication.UI.Core/Common/Extensions/HttpClientExtensions.cs b/...Authentication.UI/Altinn.Authentication.UI.Core/Common/Extensions/HttpClientExtensions.cs
@@ -1,109 +1,91 @@
-namespace Altinn.Authentication.UI.Core.Common;
+namespace Altinn.Authentication.UI.Core.Extensions;
 
-public static class HttpClientExtensions
+/// <summary>
+/// This extension is created to make it easy to add a bearer token to a HttpRequests.
+/// </summary>
+public static class HttpClientExtension
 {
-
-    /// <summary>
-    /// Extensionmethod to add Authorization token and access token to the header
-    /// </summary>
-    /// <param name="httpClient"></param>
-    /// <param name="authorizationToken"></param>
-    /// <param name="requestURI"></param>
-    /// <param name="content"></param>
-    /// <param name="platformAccessToken"></param>
-    /// <returns></returns>
-    public static Task<HttpResponseMessage> PostAsync(  
-        this HttpClient httpClient, 
-        string authorizationToken, string requestURI, 
-        HttpContent content, string? platformAccessToken = null)
+/// <summary>
+/// Extension that add authorization header to request.
+/// </summary>
+/// <param name="httpClient">The HttpClient.</param>
+/// <param name="authorizationToken">the authorization token (jwt).</param>
+/// <param name="requestUri">The request Uri.</param>
+/// <param name="content">The http content.</param>
+/// <param name="platformAccessToken">The platformAccess tokens.</param>
+/// <returns>A HttpResponseMessage.</returns>
+public static Task<HttpResponseMessage> PostAsync(this HttpClient httpClient, string authorizationToken, string requestUri, HttpContent content, string platformAccessToken = null)
+{
+    HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, requestUri);
+    request.Headers.Add("Authorization", "Bearer " + authorizationToken);
+    request.Content = content;
+    if (!string.IsNullOrEmpty(platformAccessToken))
     {
-        HttpRequestMessage request = new(HttpMethod.Post, requestURI);
-        request.Headers.Add("Authorization", "Bearer " + authorizationToken);
-        request.Content = content;
-        if(platformAccessToken is not null && platformAccessToken.Length > 0)
-        {
-            request.Headers.Add("PlatformAccessToken", platformAccessToken);
-        }
-
-        return httpClient.SendAsync(request, CancellationToken.None);
+        request.Headers.Add("PlatformAccessToken", platformAccessToken);
     }
 
-    /// <summary>
-    /// Extensionmethod to add Authorization token and access token to the header
-    /// </summary>
-    /// <param name="httpClient"></param>
-    /// <param name="authorizationToken"></param>
-    /// <param name="requestURI"></param>
-    /// <param name="content"></param>
-    /// <param name="platformAccessToken"></param>
-    /// <returns></returns>
-    public static Task<HttpResponseMessage> PutAsync(
-        this HttpClient httpClient, 
-        string authorizationToken, string requestURI,
-        HttpContent content, string? platformAccessToken = null)        
-    {
-        HttpRequestMessage request = new(HttpMethod.Put, requestURI);
-        request.Headers.Add("Authorization", "Bearer " + authorizationToken);
-        request.Content = content;
-
-        if(platformAccessToken is not null && platformAccessToken.Length > 0)
-        {
-            request.Headers.Add("PlatformAccessToken", platformAccessToken);
-        }
+    return httpClient.SendAsync(request, CancellationToken.None);
+}
 
-        return httpClient.SendAsync(request, CancellationToken.None);
+/// <summary>
+/// Extension that add authorization header to request.
+/// </summary>
+/// <param name="httpClient">The HttpClient.</param>
+/// <param name="authorizationToken">the authorization token (jwt).</param>
+/// <param name="requestUri">The request Uri.</param>
+/// <param name="content">The http content.</param>
+/// <param name="platformAccessToken">The platformAccess tokens.</param>
+/// <returns>A HttpResponseMessage.</returns>
+public static Task<HttpResponseMessage> PutAsync(this HttpClient httpClient, string authorizationToken, string requestUri, HttpContent content, string platformAccessToken = null)
+{
+    HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Put, requestUri);
+    request.Headers.Add("Authorization", "Bearer " + authorizationToken);
+    request.Content = content;
+    if (!string.IsNullOrEmpty(platformAccessToken))
+    {
+        request.Headers.Add("PlatformAccessToken", platformAccessToken);
     }
 
+    return httpClient.SendAsync(request, CancellationToken.None);
+}
 
-    /// <summary>
-    /// Extensionmethod to add Authorization token and access token to the header
-    /// </summary>
-    /// <param name="httpClient"></param>
-    /// <param name="authorizationToken"></param>
-    /// <param name="requestURI"></param>
-    /// <param name="content"></param>
-    /// <param name="platformAccessToken"></param>
-    /// <returns></returns>
-    public static Task<HttpResponseMessage> GetAsync(
-        this HttpClient httpClient, 
-        string authorizationToken, string requestURI, 
-        HttpContent content, string? platformAccessToken = null)
+/// <summary>
+/// Extension that add authorization header to request.
+/// </summary>
+/// <param name="httpClient">The HttpClient.</param>
+/// <param name="authorizationToken">the authorization token (jwt).</param>
+/// <param name="requestUri">The request Uri.</param>
+/// <param name="platformAccessToken">The platformAccess tokens.</param>
+/// <returns>A HttpResponseMessage.</returns>
+public static Task<HttpResponseMessage> GetAsync(this HttpClient httpClient, string authorizationToken, string requestUri, string platformAccessToken = null)
+{
+    HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, requestUri);
+    request.Headers.Add("Authorization", "Bearer " + authorizationToken);
+    if (!string.IsNullOrEmpty(platformAccessToken))
     {
-        HttpRequestMessage request = new(HttpMethod.Get, requestURI);
-        request.Headers.Add("Authorization", "Bearer " + authorizationToken);
-        request.Content = content;
-
-        if(platformAccessToken is not null && platformAccessToken.Length > 0)
-        {
-            request.Headers.Add("PlatformAccessToken", platformAccessToken);
-        }
-
-        return httpClient.SendAsync(request, CancellationToken.None);
+        request.Headers.Add("PlatformAccessToken", platformAccessToken);
     }
 
-    /// <summary>
-    /// Extensionmethod to add Authorization token and access token to the header
-    /// </summary>
-    /// <param name="httpClient"></param>
-    /// <param name="authorizationToken"></param>
-    /// <param name="requestURI"></param>
-    /// <param name="content"></param>
-    /// <param name="platformAccessToken"></param>
-    /// <returns></returns>
-    public static Task<HttpResponseMessage> DeleteAsync(
-        this HttpClient httpClient,
-        string authorizationToken, string requestURI,
-        HttpContent content, string? platformAccessToken = null)
-    {
-        HttpRequestMessage request = new(HttpMethod.Delete, requestURI);
-        request.Headers.Add("Authorization", "Bearer " + authorizationToken);
-        request.Content = content;
-
-        if(platformAccessToken is not null && platformAccessToken.Length > 0)
-        {
-            request.Headers.Add("PlatformAccessToken", platformAccessToken);
-        }
+    return httpClient.SendAsync(request, HttpCompletionOption.ResponseContentRead, CancellationToken.None);
+}
 
-        return httpClient.SendAsync(request, CancellationToken.None);
+/// <summary>
+/// Extension that add authorization header to request.
+/// </summary>
+/// <param name="httpClient">The HttpClient.</param>
+/// <param name="authorizationToken">the authorization token (jwt).</param>
+/// <param name="requestUri">The request Uri.</param>
+/// <param name="platformAccessToken">The platformAccess tokens.</param>
+/// <returns>A HttpResponseMessage.</returns>
+public static Task<HttpResponseMessage> DeleteAsync(this HttpClient httpClient, string authorizationToken, string requestUri, string platformAccessToken = null)
+{
+    HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Delete, requestUri);
+    request.Headers.Add("Authorization", "Bearer " + authorizationToken);
+    if (!string.IsNullOrEmpty(platformAccessToken))
+    {
+        request.Headers.Add("PlatformAccessToken", platformAccessToken);
     }
+
+    return httpClient.SendAsync(request, CancellationToken.None);
+}
 }
diff --git a/...tinn.Authentication.UI/Altinn.Authentication.UI.Core/UserProfiles/IAccessTokenProvider.cs b/...tinn.Authentication.UI/Altinn.Authentication.UI.Core/UserProfiles/IAccessTokenProvider.cs
diff --git a/...Altinn.Authentication.UI/Altinn.Authentication.UI.Core/UserProfiles/IUserProfileClient.cs b/...Altinn.Authentication.UI/Altinn.Authentication.UI.Core/UserProfiles/IUserProfileClient.cs
@@ -3,8 +3,16 @@
 
 namespace Altinn.Authentication.UI.Core.UserProfiles;
 
+/// <summary>
+/// 
+/// </summary>
 public interface IUserProfileClient
 {
+    /// <summary>
+    /// Retrieves the userprofile by id from the Platforms Profile API
+    /// </summary>
+    /// <param name="userid"></param>
+    /// <returns></returns>
     public Task<UserProfile> GetUserProfile(int userid);
 
 }
diff --git a/...Authentication.UI/Altinn.Authentication.UI.Integration/AccessToken/AccessTokenProvider.cs b/...Authentication.UI/Altinn.Authentication.UI.Integration/AccessToken/AccessTokenProvider.cs
@@ -0,0 +1,80 @@
+using Altinn.Authentication.UI.Core.AppConfiguration;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using System.Security.Cryptography.X509Certificates;
+using Altinn.Authentication.UI.Integration.KeyVault;
+using Altinn.Common.AccessTokenClient.Services;
+using Altinn.Common.AccessTokenClient.Configuration;
+
+namespace Altinn.Authentication.UI.Integration.AccessToken
+{
+    /// <inheritdoc />
+    public class AccessTokenProvider : IAccessTokenProvider
+    {
+        private readonly IKeyVaultService _keyVaultService;
+        private readonly IAccessTokenGenerator _accessTokenGenerator;
+        private readonly AccessTokenSettings _accessTokenSettings;
+        private readonly ClientSettings _clientSettings;
+        private readonly KeyVaultSettings _keyVaultSettings;
+        private static readonly SemaphoreSlim Semaphore = new SemaphoreSlim(1, 1);
+        private static DateTime _cacheTokenUntil = DateTime.MinValue;
+        private string _accessToken;
+        private readonly ILogger<IAccessTokenProvider> _logger;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="AccessTokenProvider"/> class.
+        /// </summary>
+        /// <param name="keyVaultService">The key vault service.</param>
+        /// <param name="accessTokenGenerator">The access token generator.</param>
+        /// <param name="accessTokenSettings">Then access token settings</param>
+        /// <param name="keyVaultSettings">The key vault settings.</param>
+        /// <param name="clientSettings">The client settings for access token generation</param>
+        /// <param name="logger">the logger handler</param>
+        public AccessTokenProvider(
+            IKeyVaultService keyVaultService,
+            IAccessTokenGenerator accessTokenGenerator,
+            IOptions<AccessTokenSettings> accessTokenSettings,
+            IOptions<KeyVaultSettings> keyVaultSettings,
+            IOptions<ClientSettings> clientSettings,
+            ILogger<IAccessTokenProvider> logger)
+        {
+            _keyVaultService = keyVaultService;
+            _accessTokenGenerator = accessTokenGenerator;
+            _accessTokenSettings = accessTokenSettings.Value;
+            _keyVaultSettings = keyVaultSettings.Value;
+            _clientSettings = clientSettings.Value;
+            _logger = logger;
+        }
+
+        /// <inheritdoc />
+        public async Task<string> GetAccessToken()
+        {
+            await Semaphore.WaitAsync();
+
+            try
+            {
+                if (_accessToken == null || _cacheTokenUntil < DateTime.UtcNow)
+                {
+                    string certBase64 = await _keyVaultService.GetCertificateAsync(_keyVaultSettings.SecretUri, _clientSettings.CertificateName);
+                    _accessToken = _accessTokenGenerator.GenerateAccessToken(
+                        _clientSettings.Issuer,
+                        _clientSettings.App,
+                        new X509Certificate2(Convert.FromBase64String(certBase64), (string)null, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable));
+
+                    _cacheTokenUntil = DateTime.UtcNow.AddSeconds(_accessTokenSettings.TokenLifetimeInSeconds - 2); // Add some slack to avoid tokens expiring in transit
+                }
+
+                return _accessToken;
+            }
+            catch (Exception ex)
+            {
+                _logger.LogError(ex, "Failed to generate access token.");
+                return null;
+            }
+            finally
+            {
+                Semaphore.Release();
+            }
+        }
+    }
+}