Description
Is there an existing issue for this?
- I have searched the existing issues
Is your feature request related to a problem? Please describe the problem.
Currently the OpenIdConnectHandler class uses Options.StateDataFormat to protect/unprotect OAuth state, and the interface ISecureDataFormat<TData> does not define any async methods, so the data protection operation here is always synchronous.
This creates a problem for the following use case:
Putting the entire state in state query param could make the URL too large, a common solution to this is putting the actual state in storage and only set an encrypted key in state param which can be used later to retrieve the state.
Obviously the storage operations will need to be async, but the way that OpenIdConnectHandler handles this today, like I mentioned earlier, makes it impossible to do state data protection synchronously. The only option we have is to implement ISecureDataFormat<TData>, call async storage methods and wait for Task results synchronously. But this sort of "sync over async" behavior should best be avoided if possible.
Describe the solution you'd like
One possible solution:
- define a new interface
IAsyncSecureDataFormat<TData>, similar toISecureDataFormat<TData>except the methods are all async - add a new property in
OpenIdConnectOptions:IAsyncSecureDataFormat<AuthenticationProperties> AsyncStateDataFormat { get; set; } - in
OpenIdConnectHandler, use theOptions.AsyncStateDataFormatif defined, otherwise fallback toOptions.StateDataFormat
Additional context
No response