Oauth Support in Dotnet Management SDK

Author: cs-raj

Contentstack.Management.Core/ContentstackClient.cs

@@ -40,6 +40,8 @@ public class ContentstackClient : IContentstackClient
 
         // OAuth token storage
         private readonly Dictionary<string, OAuthTokens> _oauthTokens = new Dictionary<string, OAuthTokens>();
+        
+        private bool _isRefreshingToken = false;
         #endregion
 
 
@@ -228,20 +230,26 @@ internal ContentstackResponse InvokeSync<TRequest>(TRequest request, bool addAcc
             return (ContentstackResponse)ContentstackPipeline.InvokeSync(context, addAcceptMediaHeader, apiVersion).httpResponse;
         }
 
-        internal Task<TResponse> InvokeAsync<TRequest, TResponse>(TRequest request, bool addAcceptMediaHeader = false, string apiVersion = null)
+        internal async Task<TResponse> InvokeAsync<TRequest, TResponse>(TRequest request, bool addAcceptMediaHeader = false, string apiVersion = null)
             where TRequest : IContentstackService
             where TResponse : ContentstackResponse
         {
             ThrowIfDisposed();
 
+            // Check and refresh OAuth tokens if needed before making API calls
+            if (contentstackOptions.IsOAuthToken && !string.IsNullOrEmpty(contentstackOptions.Authtoken))
+            {
+                await EnsureOAuthTokenIsValidAsync();
+            }
+
             ExecutionContext context = new ExecutionContext(
               new RequestContext()
               {
                   config = contentstackOptions,
                   service = request
               },
               new ResponseContext());
-            return ContentstackPipeline.InvokeAsync<TResponse>(context, addAcceptMediaHeader, apiVersion);
+            return await ContentstackPipeline.InvokeAsync<TResponse>(context, addAcceptMediaHeader, apiVersion);
         }
 
         #region Dispose methods
@@ -502,6 +510,8 @@ internal void SetOAuthTokens(OAuthTokens tokens)
 
             // Store the access token in the client options for use in HTTP requests
             // This will be used by the HTTP pipeline to inject the Bearer token
+            // Note: We need both IsOAuthToken=true AND Authtoken=AccessToken because
+            // the HTTP pipeline only has access to ContentstackClientOptions, not the full client
             contentstackOptions.Authtoken = tokens.AccessToken;
             contentstackOptions.IsOAuthToken = true;
         }
@@ -665,5 +675,74 @@ public Task<ContentstackResponse> GetUserAsync(ParameterCollection collection =
 
             return InvokeAsync<GetLoggedInUserService, ContentstackResponse>(getUser);
         }
+
+        /// <summary>
+        /// Ensures that the current OAuth token is valid and refreshes it if needed.
+        /// This method is called before each API request to automatically handle token refresh.
+        /// </summary>
+        private async Task EnsureOAuthTokenIsValidAsync()
+        {
+            // Prevent recursive calls
+            if (_isRefreshingToken)
+            {
+                return;
+            }
+
+            try
+            {
+                // Find the OAuth tokens that match the current access token
+                foreach (var kvp in _oauthTokens)
+                {
+                    var clientId = kvp.Key;
+                    var tokens = kvp.Value;
+
+                    if (tokens?.AccessToken == contentstackOptions.Authtoken && tokens.NeedsRefresh)
+                    {
+                        // Set flag to prevent recursive calls
+                        _isRefreshingToken = true;
+
+                        try
+                        {
+                            // Get the OAuth handler for this client
+                            var oauthHandler = OAuth(new Models.OAuthOptions
+                            {
+                                ClientId = clientId,
+                                AppId = tokens.AppId
+                            });
+
+                            // Refresh the tokens
+                            var refreshedTokens = await oauthHandler.RefreshTokenAsync(tokens.RefreshToken);
+                            
+                            if (refreshedTokens != null)
+                            {
+                                // Update the stored tokens
+                                StoreOAuthTokens(clientId, refreshedTokens);
+                                
+                                // Update the client's current authentication
+                                contentstackOptions.Authtoken = refreshedTokens.AccessToken;
+                                contentstackOptions.IsOAuthToken = true; // Ensure OAuth flag is maintained
+                            }
+                        }
+                        catch (Exception ex)
+                        {
+                            // Wrap any exception in OAuth exception with context
+                            throw new Exceptions.OAuthException(
+                                $"OAuth token refresh failed for client '{clientId}': {ex.Message}", ex);
+                        }
+                        finally
+                        {
+                            _isRefreshingToken = false;
+                        }
+                    }
+                }
+            }
+            catch (Exception ex)
+            {
+                // Wrap any exception in OAuth exception with context
+                throw new Exceptions.OAuthException(
+                    $"OAuth token validation failed: {ex.Message}", ex);
+            }
+        }
     }
 }
+

Contentstack.Management.Core/Exceptions/OAuthException.cs

@@ -10,7 +10,7 @@ public class OAuthException : ContentstackException
         /// <summary>
         /// Initializes a new instance of the OAuthException class.
         /// </summary>
-        public OAuthException() : base("An OAuth error occurred.")
+        public OAuthException() : base("OAuth operation failed.")
         {
         }
 
@@ -40,7 +40,7 @@ public class OAuthConfigurationException : OAuthException
         /// <summary>
         /// Initializes a new instance of the OAuthConfigurationException class.
         /// </summary>
-        public OAuthConfigurationException() : base("OAuth configuration error occurred.")
+        public OAuthConfigurationException() : base("OAuth configuration is invalid.")
         {
         }
 
@@ -70,7 +70,7 @@ public class OAuthTokenException : OAuthException
         /// <summary>
         /// Initializes a new instance of the OAuthTokenException class.
         /// </summary>
-        public OAuthTokenException() : base("OAuth token error occurred.")
+        public OAuthTokenException() : base("OAuth token operation failed.")
         {
         }
 
@@ -100,7 +100,7 @@ public class OAuthAuthorizationException : OAuthException
         /// <summary>
         /// Initializes a new instance of the OAuthAuthorizationException class.
         /// </summary>
-        public OAuthAuthorizationException() : base("OAuth authorization error occurred.")
+        public OAuthAuthorizationException() : base("OAuth authorization failed.")
         {
         }
 
@@ -130,7 +130,7 @@ public class OAuthTokenRefreshException : OAuthTokenException
         /// <summary>
         /// Initializes a new instance of the OAuthTokenRefreshException class.
         /// </summary>
-        public OAuthTokenRefreshException() : base("OAuth token refresh error occurred.")
+        public OAuthTokenRefreshException() : base("OAuth token refresh failed.")
         {
         }
 

Contentstack.Management.Core/Models/OAuthAppAuthorizationResponse.cs

@@ -8,9 +8,7 @@ namespace Contentstack.Management.Core.Models
     /// </summary>
     public class OAuthAppAuthorizationResponse
     {
-        /// <summary>
-        /// Array of OAuth app authorization data.
-        /// </summary>
+        
         [JsonProperty("data")]
         public OAuthAppAuthorizationData[] Data { get; set; }
     }
@@ -20,27 +18,19 @@ public class OAuthAppAuthorizationResponse
     /// </summary>
     public class OAuthAppAuthorizationData
     {
-        /// <summary>
-        /// The authorization UID.
-        /// </summary>
+        
         [JsonProperty("authorization_uid")]
         public string AuthorizationUid { get; set; }
 
-        /// <summary>
-        /// The user information.
-        /// </summary>
+        
         [JsonProperty("user")]
         public OAuthUser User { get; set; }
     }
 
-    /// <summary>
-    /// Represents OAuth user information.
-    /// </summary>
+    
     public class OAuthUser
     {
-        /// <summary>
-        /// The user UID.
-        /// </summary>
+        
         [JsonProperty("uid")]
         public string Uid { get; set; }
     }

Contentstack.Management.Core/Models/OAuthOptions.cs

@@ -8,12 +8,12 @@ namespace Contentstack.Management.Core.Models
     public class OAuthOptions
     {
         /// <summary>
-        /// The OAuth application ID. Defaults to the Contentstack demo app ID.
+        /// The OAuth application ID. Defaults to the Contentstack app ID.
         /// </summary>
         public string AppId { get; set; } = "6400aa06db64de001a31c8a9";
 
         /// <summary>
-        /// The OAuth client ID. Defaults to the Contentstack demo client ID.
+        /// The OAuth client ID. Defaults to the Contentstack client ID.
         /// </summary>
         public string ClientId { get; set; } = "Ie0FEfTzlfAHL4xM";
 

Contentstack.Management.Core/Models/OAuthResponse.cs

@@ -8,47 +8,25 @@ namespace Contentstack.Management.Core.Models
     /// </summary>
     public class OAuthResponse
     {
-        /// <summary>
-        /// The access token used for API authentication.
-        /// </summary>
+       
         [JsonProperty("access_token")]
         public string AccessToken { get; set; }
 
-        /// <summary>
-        /// The refresh token used to obtain new access tokens.
-        /// </summary>
+       
         [JsonProperty("refresh_token")]
         public string RefreshToken { get; set; }
 
-        /// <summary>
-        /// The number of seconds until the access token expires.
-        /// </summary>
+        
         [JsonProperty("expires_in")]
         public int ExpiresIn { get; set; }
 
-        /// <summary>
-        /// The organization UID associated with the OAuth tokens.
-        /// </summary>
+       
         [JsonProperty("organization_uid")]
         public string OrganizationUid { get; set; }
 
-        /// <summary>
-        /// The user UID associated with the OAuth tokens.
-        /// </summary>
+        
         [JsonProperty("user_uid")]
         public string UserUid { get; set; }
-
-        /// <summary>
-        /// The type of authorization (e.g., "oauth").
-        /// </summary>
-        [JsonProperty("authorization_type")]
-        public string AuthorizationType { get; set; }
-
-        /// <summary>
-        /// The stack API key associated with the OAuth tokens.
-        /// </summary>
-        [JsonProperty("stack_api_key")]
-        public string StackApiKey { get; set; }
     }
 }
 

Contentstack.Management.Core/Models/OAuthTokens.cs

@@ -4,55 +4,29 @@ namespace Contentstack.Management.Core.Models
 {
     /// <summary>
     /// Represents OAuth tokens stored in memory for cross-SDK access.
-    /// This class enables sharing OAuth tokens between the Management SDK and other SDKs like Model Generator.
+    /// This class enables sharing OAuth tokens between the Management SDK and other SDKs
     /// </summary>
     public class OAuthTokens
     {
-        /// <summary>
-        /// Gets or sets the access token used for API authentication.
-        /// </summary>
+ 
         public string AccessToken { get; set; }
 
-        /// <summary>
-        /// Gets or sets the refresh token used to obtain new access tokens.
-        /// </summary>
         public string RefreshToken { get; set; }
 
-        /// <summary>
-        /// Gets or sets the date and time when the access token expires.
-        /// </summary>
         public DateTime ExpiresAt { get; set; }
 
-        /// <summary>
-        /// Gets or sets the organization UID associated with the OAuth tokens.
-        /// </summary>
         public string OrganizationUid { get; set; }
 
-        /// <summary>
-        /// Gets or sets the user UID associated with the OAuth tokens.
-        /// </summary>
         public string UserUid { get; set; }
 
-        /// <summary>
-        /// Gets or sets the OAuth client ID associated with these tokens.
-        /// </summary>
         public string ClientId { get; set; }
 
-        /// <summary>
-        /// Gets a value indicating whether the access token has expired.
-        /// </summary>
+        public string AppId { get; set; }
+
         public bool IsExpired => DateTime.UtcNow >= ExpiresAt;
 
-        /// <summary>
-        /// Gets a value indicating whether the access token needs to be refreshed.
-        /// Tokens are considered to need refresh if they expire within 5 minutes or are already expired.
-        /// </summary>
         public bool NeedsRefresh => DateTime.UtcNow >= ExpiresAt.AddMinutes(-5) || IsExpired;
 
-        /// <summary>
-        /// Gets a value indicating whether the OAuth tokens are valid for use.
-        /// Tokens are valid if they have an access token and are not expired.
-        /// </summary>
         public bool IsValid => !string.IsNullOrEmpty(AccessToken) && !IsExpired;
     }
 }