Re-align the events model of the ASP.NET Core and OWIN/Katana versions

build/common.props

@@ -4,6 +4,7 @@
   <Import Project="version.props" />
 
   <PropertyGroup>
+    <LangVersion>latest</LangVersion>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
     <DebugSymbols>true</DebugSymbols>

src/AspNet.Security.OAuth.Introspection/OAuthIntrospectionHandler.cs

@@ -371,7 +371,7 @@ protected override async Task HandleChallengeAsync(AuthenticationProperties prop
 
         private async Task<JObject> GetIntrospectionPayloadAsync(string token)
         {
-            var configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted);
+            var configuration = await Options.ConfigurationManager.GetConfigurationAsync(default);
             if (configuration == null)
             {
                 throw new InvalidOperationException("The OAuth2 introspection middleware was unable to retrieve " +
@@ -431,7 +431,7 @@ private async Task<JObject> GetIntrospectionPayloadAsync(string token)
             var response = notification.Response;
             if (response == null)
             {
-                response = await Options.HttpClient.SendAsync(request, HttpCompletionOption.ResponseHeadersRead, Context.RequestAborted);
+                response = await Options.HttpClient.SendAsync(request);
             }
 
             if (!response.IsSuccessStatusCode)
@@ -468,7 +468,7 @@ exception is InvalidCastException ||
                                                   exception is JsonReaderException ||
                                                   exception is JsonSerializationException)
                 {
-                    Logger.LogError("An error occurred while deserializing the introspection response: {Exception}.", exception);
+                    Logger.LogError(exception, "An error occurred while deserializing the introspection response.");
 
                     return null;
                 }

src/Owin.Security.OAuth.Introspection/Events/ApplyChallengeContext.cs

@@ -7,14 +7,14 @@
 using JetBrains.Annotations;
 using Microsoft.Owin;
 using Microsoft.Owin.Security;
-using Microsoft.Owin.Security.Notifications;
+using Microsoft.Owin.Security.Provider;
 
 namespace Owin.Security.OAuth.Introspection
 {
     /// <summary>
     /// Allows customization of the challenge process.
     /// </summary>
-    public class ApplyChallengeContext : BaseNotification<OAuthIntrospectionOptions>
+    public class ApplyChallengeContext : BaseContext<OAuthIntrospectionOptions>
     {
         public ApplyChallengeContext(
             [NotNull] IOwinContext context,
@@ -61,5 +61,15 @@ public ApplyChallengeContext(
         /// the caller as part of the WWW-Authenticate header.
         /// </summary>
         public string Scope { get; set; }
+
+        /// <summary>
+        /// Gets a boolean indicating if the operation was handled from user code.
+        /// </summary>
+        public bool Handled { get; private set; }
+
+        /// <summary>
+        /// Marks the operation as handled to prevent the default logic from being applied.
+        /// </summary>
+        public void HandleResponse() => Handled = true;
     }
 }

src/Owin.Security.OAuth.Introspection/Events/CreateTicketContext.cs

@@ -7,15 +7,15 @@
 using JetBrains.Annotations;
 using Microsoft.Owin;
 using Microsoft.Owin.Security;
-using Microsoft.Owin.Security.Notifications;
+using Microsoft.Owin.Security.Provider;
 using Newtonsoft.Json.Linq;
 
 namespace Owin.Security.OAuth.Introspection
 {
     /// <summary>
     /// Allows interception of the AuthenticationTicket creation process.
     /// </summary>
-    public class CreateTicketContext : BaseNotification<OAuthIntrospectionOptions>
+    public class CreateTicketContext : BaseContext<OAuthIntrospectionOptions>
     {
         public CreateTicketContext(
             [NotNull] IOwinContext context,

src/Owin.Security.OAuth.Introspection/Events/RetrieveTokenContext.cs

@@ -7,14 +7,14 @@
 using JetBrains.Annotations;
 using Microsoft.Owin;
 using Microsoft.Owin.Security;
-using Microsoft.Owin.Security.Notifications;
+using Microsoft.Owin.Security.Provider;
 
 namespace Owin.Security.OAuth.Introspection
 {
     /// <summary>
     /// Allows custom parsing of access tokens from requests.
     /// </summary>
-    public class RetrieveTokenContext : BaseNotification<OAuthIntrospectionOptions>
+    public class RetrieveTokenContext : BaseContext<OAuthIntrospectionOptions>
     {
         public RetrieveTokenContext(
             [NotNull] IOwinContext context,
@@ -32,5 +32,25 @@ public RetrieveTokenContext(
         /// Gets or sets the <see cref="AuthenticationTicket"/> created by the application.
         /// </summary>
         public AuthenticationTicket Ticket { get; set; }
+
+        /// <summary>
+        /// Gets a boolean indicating if the operation was handled from user code.
+        /// </summary>
+        public bool Handled { get; private set; }
+
+        /// <summary>
+        /// Marks the operation as handled to prevent the default logic from being applied.
+        /// </summary>
+        public void HandleValidation() => Handled = true;
+
+        /// <summary>
+        /// Marks the operation as handled to prevent the default logic from being applied.
+        /// </summary>
+        /// <param name="ticket">The authentication ticket to use.</param>
+        public void HandleValidation(AuthenticationTicket ticket)
+        {
+            Ticket = ticket;
+            Handled = true;
+        }
     }
 }

src/Owin.Security.OAuth.Introspection/Events/SendIntrospectionRequestContext.cs

@@ -7,14 +7,14 @@
 using System.Net.Http;
 using JetBrains.Annotations;
 using Microsoft.Owin;
-using Microsoft.Owin.Security.Notifications;
+using Microsoft.Owin.Security.Provider;
 
 namespace Owin.Security.OAuth.Introspection
 {
     /// <summary>
     /// Allows for custom handling of the call to the Authorization Server's Introspection endpoint.
     /// </summary>
-    public class SendIntrospectionRequestContext : BaseNotification<OAuthIntrospectionOptions>
+    public class SendIntrospectionRequestContext : BaseContext<OAuthIntrospectionOptions>
     {
         public SendIntrospectionRequestContext(
             [NotNull] IOwinContext context,
@@ -46,5 +46,15 @@ public SendIntrospectionRequestContext(
         /// The access token parsed from the client request.
         /// </summary>
         public string Token { get; }
+
+        /// <summary>
+        /// Gets a boolean indicating if the operation was handled from user code.
+        /// </summary>
+        public bool Handled { get; private set; }
+
+        /// <summary>
+        /// Marks the operation as handled to prevent the default logic from being applied.
+        /// </summary>
+        public void HandleResponse() => Handled = true;
     }
 }

src/Owin.Security.OAuth.Introspection/Events/ValidateTokenContext.cs

@@ -7,14 +7,14 @@
 using JetBrains.Annotations;
 using Microsoft.Owin;
 using Microsoft.Owin.Security;
-using Microsoft.Owin.Security.Notifications;
+using Microsoft.Owin.Security.Provider;
 
 namespace Owin.Security.OAuth.Introspection
 {
     /// <summary>
     /// Allows customization of the token validation logic.
     /// </summary>
-    public class ValidateTokenContext : BaseNotification<OAuthIntrospectionOptions>
+    public class ValidateTokenContext : BaseContext<OAuthIntrospectionOptions>
     {
         public ValidateTokenContext(
             [NotNull] IOwinContext context,

src/Owin.Security.OAuth.Introspection/OAuthIntrospectionHandler.cs

@@ -32,27 +32,13 @@ protected override async Task<AuthenticationTicket> AuthenticateCoreAsync()
             var context = new RetrieveTokenContext(Context, Options);
             await Options.Events.RetrieveToken(context);
 
-            if (context.HandledResponse)
+            if (context.Handled)
             {
-                // If no ticket has been provided, return a failed result to
-                // indicate that authentication was rejected by application code.
-                if (context.Ticket == null)
-                {
-                    Logger.LogInformation("Authentication was stopped by application code.");
-
-                    return null;
-                }
+                Logger.LogInformation("The default authentication handling was skipped from user code.");
 
                 return context.Ticket;
             }
 
-            else if (context.Skipped)
-            {
-                Logger.LogInformation("Authentication was skipped by application code.");
-
-                return null;
-            }
-
             var token = context.Token;
 
             if (string.IsNullOrEmpty(token))
@@ -166,27 +152,6 @@ protected override async Task<AuthenticationTicket> AuthenticateCoreAsync()
             var notification = new ValidateTokenContext(Context, Options, ticket);
             await Options.Events.ValidateToken(notification);
 
-            if (notification.HandledResponse)
-            {
-                // If no ticket has been provided, return a failed result to
-                // indicate that authentication was rejected by application code.
-                if (notification.Ticket == null)
-                {
-                    Logger.LogInformation("Authentication was stopped by application code.");
-
-                    return null;
-                }
-
-                return notification.Ticket;
-            }
-
-            else if (notification.Skipped)
-            {
-                Logger.LogInformation("Authentication was skipped by application code.");
-
-                return null;
-            }
-
             // Allow the application code to replace the ticket
             // reference from the ValidateToken event.
             return notification.Ticket;
@@ -263,7 +228,7 @@ protected override async Task ApplyResponseChallengeAsync()
 
             await Options.Events.ApplyChallenge(notification);
 
-            if (notification.HandledResponse || notification.Skipped)
+            if (notification.Handled)
             {
                 return;
             }
@@ -368,7 +333,7 @@ protected override async Task ApplyResponseChallengeAsync()
 
         private async Task<JObject> GetIntrospectionPayloadAsync(string token)
         {
-            var configuration = await Options.ConfigurationManager.GetConfigurationAsync(Request.CallCancelled);
+            var configuration = await Options.ConfigurationManager.GetConfigurationAsync(default);
             if (configuration == null)
             {
                 throw new InvalidOperationException("The OAuth2 introspection middleware was unable to retrieve " +
@@ -418,32 +383,17 @@ private async Task<JObject> GetIntrospectionPayloadAsync(string token)
             var notification = new SendIntrospectionRequestContext(Context, Options, request, token);
             await Options.Events.SendIntrospectionRequest(notification);
 
-            HttpResponseMessage response = null;
-
-            if (notification.HandledResponse)
+            if (notification.Handled)
             {
-                // If no response has been provided, return a failed result to
-                // indicate that authentication was rejected by application code.
-                if (notification.Response == null)
-                {
-                    Logger.LogInformation("Authentication was stopped by application code.");
-
-                    return null;
-                }
-
-                response = notification.Response;
-            }
-
-            else if (notification.Skipped)
-            {
-                Logger.LogInformation("Authentication was skipped by application code.");
+                Logger.LogInformation("The default challenge handling was skipped from user code.");
 
                 return null;
             }
 
+            var response = notification.Response;
             if (response == null)
             {
-                response = await Options.HttpClient.SendAsync(request, HttpCompletionOption.ResponseHeadersRead, Request.CallCancelled);
+                response = await Options.HttpClient.SendAsync(request);
             }
 
             if (!response.IsSuccessStatusCode)
@@ -480,8 +430,7 @@ exception is InvalidCastException ||
                                                   exception is JsonReaderException ||
                                                   exception is JsonSerializationException)
                 {
-                    Logger.LogError("An error occurred while deserializing the " +
-                                    "introspection response: {Exception}.", exception);
+                    Logger.LogError(exception, "An error occurred while deserializing the introspection response.");
 
                     return null;
                 }
@@ -780,23 +729,6 @@ private async Task<AuthenticationTicket> CreateTicketAsync(string token, JObject
             var notification = new CreateTicketContext(Context, Options, ticket, payload);
             await Options.Events.CreateTicket(notification);
 
-            if (notification.HandledResponse)
-            {
-                // If no ticket has been provided, return a failed result to
-                // indicate that authentication was rejected by application code.
-                if (notification.Ticket == null)
-                {
-                    return null;
-                }
-
-                return notification.Ticket;
-            }
-
-            else if (notification.Skipped)
-            {
-                return null;
-            }
-
             return notification.Ticket;
         }
 

src/Owin.Security.OAuth.Validation/Events/ApplyChallengeContext.cs

@@ -7,14 +7,14 @@
 using JetBrains.Annotations;
 using Microsoft.Owin;
 using Microsoft.Owin.Security;
-using Microsoft.Owin.Security.Notifications;
+using Microsoft.Owin.Security.Provider;
 
 namespace Owin.Security.OAuth.Validation
 {
     /// <summary>
     /// Allows customization of the challenge process.
     /// </summary>
-    public class ApplyChallengeContext : BaseNotification<OAuthValidationOptions>
+    public class ApplyChallengeContext : BaseContext<OAuthValidationOptions>
     {
         public ApplyChallengeContext(
             [NotNull] IOwinContext context,
@@ -61,5 +61,15 @@ public ApplyChallengeContext(
         /// the caller as part of the WWW-Authenticate header.
         /// </summary>
         public string Scope { get; set; }
+
+        /// <summary>
+        /// Gets a boolean indicating if the operation was handled from user code.
+        /// </summary>
+        public bool Handled { get; private set; }
+
+        /// <summary>
+        /// Marks the operation as handled to prevent the default logic from being applied.
+        /// </summary>
+        public void HandleResponse() => Handled = true;
     }
 }

src/Owin.Security.OAuth.Validation/Events/CreateTicketContext.cs

@@ -7,14 +7,14 @@
 using JetBrains.Annotations;
 using Microsoft.Owin;
 using Microsoft.Owin.Security;
-using Microsoft.Owin.Security.Notifications;
+using Microsoft.Owin.Security.Provider;
 
 namespace Owin.Security.OAuth.Validation
 {
     /// <summary>
     /// Allows interception of the AuthenticationTicket creation process.
     /// </summary>
-    public class CreateTicketContext : BaseNotification<OAuthValidationOptions>
+    public class CreateTicketContext : BaseContext<OAuthValidationOptions>
     {
         public CreateTicketContext(
             [NotNull] IOwinContext context,