Remove support for setting default scheme from user-jwts (#42578)

* Revert "Fix up reading auth schemes and setting default scheme (#42452)"

This reverts commit f0e1d1e.

* Bring back non-default scheme related changes

* Remove AuthenticationConfigureOptions

* Update src/Tools/dotnet-user-jwts/src/Helpers/JwtAuthenticationSchemeSettings.cs

Co-authored-by: Chris Ross <Tratcher@Outlook.com>

Co-authored-by: Chris Ross <Tratcher@Outlook.com>

Author: captainsafia

src/Http/Authentication.Core/src/AuthenticationService.cs

@@ -14,7 +14,6 @@ namespace Microsoft.AspNetCore.Authentication;
 public class AuthenticationService : IAuthenticationService
 {
     private HashSet<ClaimsPrincipal>? _transformCache;
-    private const string defaultSchemesOptionsMsg = "The default schemes can be set using either AddAuthentication(string defaultScheme) or AddAuthentication(Action<AuthenticationOptions> configureOptions) or by setting the Authentication:DefaultScheme property in configuration.";
 
     /// <summary>
     /// Constructor.
@@ -65,7 +64,7 @@ public virtual async Task<AuthenticateResult> AuthenticateAsync(HttpContext cont
             scheme = defaultScheme?.Name;
             if (scheme == null)
             {
-                throw new InvalidOperationException($"No authenticationScheme was specified, and there was no DefaultAuthenticateScheme found. {defaultSchemesOptionsMsg}");
+                throw new InvalidOperationException($"No authenticationScheme was specified, and there was no DefaultAuthenticateScheme found. The default schemes can be set using either AddAuthentication(string defaultScheme) or AddAuthentication(Action<AuthenticationOptions> configureOptions).");
             }
         }
 
@@ -113,7 +112,7 @@ public virtual async Task ChallengeAsync(HttpContext context, string? scheme, Au
             scheme = defaultChallengeScheme?.Name;
             if (scheme == null)
             {
-                throw new InvalidOperationException($"No authenticationScheme was specified, and there was no DefaultChallengeScheme found. {defaultSchemesOptionsMsg}");
+                throw new InvalidOperationException($"No authenticationScheme was specified, and there was no DefaultChallengeScheme found. The default schemes can be set using either AddAuthentication(string defaultScheme) or AddAuthentication(Action<AuthenticationOptions> configureOptions).");
             }
         }
 
@@ -141,7 +140,7 @@ public virtual async Task ForbidAsync(HttpContext context, string? scheme, Authe
             scheme = defaultForbidScheme?.Name;
             if (scheme == null)
             {
-                throw new InvalidOperationException($"No authenticationScheme was specified, and there was no DefaultForbidScheme found. {defaultSchemesOptionsMsg}");
+                throw new InvalidOperationException($"No authenticationScheme was specified, and there was no DefaultForbidScheme found. The default schemes can be set using either AddAuthentication(string defaultScheme) or AddAuthentication(Action<AuthenticationOptions> configureOptions).");
             }
         }
 
@@ -187,7 +186,7 @@ public virtual async Task SignInAsync(HttpContext context, string? scheme, Claim
             scheme = defaultScheme?.Name;
             if (scheme == null)
             {
-                throw new InvalidOperationException($"No authenticationScheme was specified, and there was no DefaultSignInScheme found. {defaultSchemesOptionsMsg}");
+                throw new InvalidOperationException($"No authenticationScheme was specified, and there was no DefaultSignInScheme found. The default schemes can be set using either AddAuthentication(string defaultScheme) or AddAuthentication(Action<AuthenticationOptions> configureOptions).");
             }
         }
 
@@ -221,7 +220,7 @@ public virtual async Task SignOutAsync(HttpContext context, string? scheme, Auth
             scheme = defaultScheme?.Name;
             if (scheme == null)
             {
-                throw new InvalidOperationException($"No authenticationScheme was specified, and there was no DefaultSignOutScheme found. {defaultSchemesOptionsMsg}");
+                throw new InvalidOperationException($"No authenticationScheme was specified, and there was no DefaultSignOutScheme found. The default schemes can be set using either AddAuthentication(string defaultScheme) or AddAuthentication(Action<AuthenticationOptions> configureOptions).");
             }
         }
 

src/Security/Authentication/Core/src/AuthenticationConfigureOptions.cs

@@ -3,7 +3,6 @@
 
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.Extensions.DependencyInjection.Extensions;
-using Microsoft.Extensions.Options;
 
 namespace Microsoft.Extensions.DependencyInjection;
 
@@ -29,7 +28,6 @@ public static AuthenticationBuilder AddAuthentication(this IServiceCollection se
         services.AddWebEncoders();
         services.TryAddSingleton<ISystemClock, SystemClock>();
         services.TryAddSingleton<IAuthenticationConfigurationProvider, DefaultAuthenticationConfigurationProvider>();
-        services.TryAddEnumerable(ServiceDescriptor.Singleton<IConfigureOptions<AuthenticationOptions>, AuthenticationConfigureOptions>());
 
         return new AuthenticationBuilder(services);
     }

src/Security/Authentication/Core/src/AuthenticationServiceCollectionExtensions.cs

@@ -885,41 +885,6 @@ public async Task ExpirationAndIssuedNullWhenMinOrMaxValue()
         Assert.Equal(JsonValueKind.Null, dom.RootElement.GetProperty("issued").ValueKind);
     }
 
-    [Fact]
-    public async Task ForwardSchemeOverridesSchemeFromConfig()
-    {
-        // Arrange
-        var defaultSchemeFromConfig = "DefaultSchemeFromConfig";
-        var defaultSchemeFromForward = "DefaultSchemeFromForward";
-        var services = new ServiceCollection().AddLogging();
-        var config = new ConfigurationBuilder().AddInMemoryCollection(new[]
-        {
-            new KeyValuePair<string, string>("Authentication:DefaultScheme", defaultSchemeFromConfig)
-        }).Build();
-        services.AddSingleton<IConfiguration>(config);
-
-        // Act
-        var builder = services.AddAuthentication(o =>
-        {
-            o.AddScheme<TestHandler>(defaultSchemeFromForward, defaultSchemeFromForward);
-        });
-        builder.AddJwtBearer(defaultSchemeFromConfig, o => o.ForwardAuthenticate = defaultSchemeFromForward);
-        var forwardAuthentication = new TestHandler();
-        services.AddSingleton(forwardAuthentication);
-
-        var sp = services.BuildServiceProvider();
-        var context = new DefaultHttpContext();
-        context.RequestServices = sp;
-
-        // Assert
-        Assert.Equal(0, forwardAuthentication.AuthenticateCount);
-        await context.AuthenticateAsync();
-        Assert.Equal(1, forwardAuthentication.AuthenticateCount);
-        var schemeProvider = sp.GetRequiredService<IAuthenticationSchemeProvider>();
-        var defaultSchemeFromServices = await schemeProvider.GetDefaultAuthenticateSchemeAsync();
-        Assert.Equal(defaultSchemeFromConfig, defaultSchemeFromServices.Name);
-    }
-
     class InvalidTokenValidator : ISecurityTokenValidator
     {
         public InvalidTokenValidator()

src/Security/Authentication/test/JwtBearerTests.cs

@@ -545,92 +545,4 @@ public async Task VerifySchemeDefaults()
         Assert.Equal(HandlerType, scheme.HandlerType);
         Assert.Equal(DisplayName, scheme.DisplayName);
     }
-
-    [Fact]
-    public async Task RespectsDefaultSchemeInConfig()
-    {
-        // Arrange
-        var defaultSchemeFromConfig = "DefaultSchemeFromConfig";
-        var services = new ServiceCollection();
-        var config = new ConfigurationBuilder().AddInMemoryCollection(new[]
-        {
-            new KeyValuePair<string, string>("Authentication:DefaultScheme", defaultSchemeFromConfig)
-        }).Build();
-        services.AddSingleton<IConfiguration>(config);
-
-        // Act
-        var builder = services.AddAuthentication(o =>
-        {
-            o.AddScheme<TestHandler>(defaultSchemeFromConfig, defaultSchemeFromConfig);
-        });
-        RegisterAuth(builder, _ => { });
-        var sp = services.BuildServiceProvider();
-
-        // Assert
-        var schemeProvider = sp.GetRequiredService<IAuthenticationSchemeProvider>();
-        var defaultSchemeFromServices = await schemeProvider.GetDefaultAuthenticateSchemeAsync();
-        Assert.Equal(defaultSchemeFromConfig, defaultSchemeFromServices.Name);
-    }
-
-    [Fact]
-    public async Task CanOverrideDefaultInConfigViaAddAuthentication()
-    {
-        // Arrange
-        var defaultSchemeFromConfig = "DefaultSchemeFromConfig";
-        var defaultSchemeFromAddAuth = "DefaultSchemeFromAddAuth";
-        var services = new ServiceCollection();
-        var config = new ConfigurationBuilder().AddInMemoryCollection(new[]
-        {
-            new KeyValuePair<string, string>("Authentication:DefaultScheme", defaultSchemeFromConfig)
-        }).Build();
-        services.AddSingleton<IConfiguration>(config);
-
-        // Act
-        var builder = services.AddAuthentication(o =>
-        {
-            o.DefaultScheme = defaultSchemeFromAddAuth;
-            o.AddScheme<TestHandler>(defaultSchemeFromConfig, defaultSchemeFromConfig);
-            o.AddScheme<TestHandler>(defaultSchemeFromAddAuth, defaultSchemeFromAddAuth);
-        });
-        RegisterAuth(builder, _ => { });
-        var sp = services.BuildServiceProvider();
-
-        // Assert
-        var schemeProvider = sp.GetRequiredService<IAuthenticationSchemeProvider>();
-        var defaultSchemeFromServices = await schemeProvider.GetDefaultAuthenticateSchemeAsync();
-        Assert.Equal(defaultSchemeFromAddAuth, defaultSchemeFromServices.Name);
-    }
-
-    [Fact]
-    public async Task DoesNotOverrideDefaultSchemeSetViaOptions()
-    {
-        // Arrange
-        var defaultSchemeFromConfig = "DefaultSchemeFromConfig";
-        var defaultSchemeFromOptions = "DefaultSchemeFromOptions";
-        var services = new ServiceCollection();
-        var config = new ConfigurationBuilder().AddInMemoryCollection(new[]
-        {
-            new KeyValuePair<string, string>("Authentication:DefaultScheme", defaultSchemeFromConfig)
-        }).Build();
-        services.AddSingleton<IConfiguration>(config);
-
-        // Act
-        services.Configure<AuthenticationOptions>(options =>
-        {
-            options.DefaultScheme = defaultSchemeFromOptions;
-        });
-        var builder = services.AddAuthentication(o =>
-        {
-            o.AddScheme<TestHandler>(defaultSchemeFromConfig, defaultSchemeFromConfig);
-            o.AddScheme<TestHandler>(defaultSchemeFromOptions, defaultSchemeFromOptions);
-        });
-        RegisterAuth(builder, _ => { });
-        var sp = services.BuildServiceProvider();
-
-        // Assert
-        var schemeProvider = sp.GetRequiredService<IAuthenticationSchemeProvider>();
-        var defaultSchemeFromServices = await schemeProvider.GetDefaultAuthenticateSchemeAsync();
-        Assert.Equal(defaultSchemeFromOptions, defaultSchemeFromServices.Name);
-
-    }
 }

src/Security/Authentication/test/SharedAuthenticationTests.cs

@@ -10,7 +10,6 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer.Tools;
 internal sealed record JwtAuthenticationSchemeSettings(string SchemeName, List<string> Audiences, string ClaimsIssuer)
 {
     private const string AuthenticationKey = "Authentication";
-    private const string DefaultSchemeKey = "DefaultScheme";
     private const string SchemesKey = "Schemes";
 
     private static readonly JsonSerializerOptions _jsonSerializerOptions = new JsonSerializerOptions
@@ -57,15 +56,6 @@ public void Save(string filePath)
             };
         }
 
-        // Set the DefaultScheme if it has not already been set
-        // and only a single scheme has been configured thus far
-        if (config[AuthenticationKey][DefaultSchemeKey] is null
-            && config[AuthenticationKey][SchemesKey] is JsonObject setSchemes
-            && setSchemes.Count == 1)
-        {
-            config[AuthenticationKey][DefaultSchemeKey] = SchemeName;
-        }
-
         using var writer = new FileStream(filePath, FileMode.Open, FileAccess.Write);
         JsonSerializer.Serialize(writer, config, _jsonSerializerOptions);
     }
@@ -80,11 +70,6 @@ public static void RemoveScheme(string filePath, string name)
             authentication[SchemesKey] is JsonObject schemes)
         {
             schemes.Remove(name);
-            if (authentication[DefaultSchemeKey] is JsonValue defaultScheme
-                && defaultScheme.GetValue<string>() == name)
-            {
-                authentication.Remove(DefaultSchemeKey);
-            }
         }
 
         using var writer = new FileStream(filePath, FileMode.Create, FileAccess.Write);

src/Tools/dotnet-user-jwts/src/Helpers/JwtAuthenticationSchemeSettings.cs

@@ -62,7 +62,7 @@ public class UserJwtsTestFixture : IDisposable
   }
 }";
 
-    public string CreateProject(bool hasSecret = true, string appSettingsContent = "{}")
+    public string CreateProject(bool hasSecret = true)
     {
         var projectPath = Directory.CreateDirectory(Path.Combine(Path.GetTempPath(), "userjwtstest", Guid.NewGuid().ToString()));
         Directory.CreateDirectory(Path.Combine(projectPath.FullName, "Properties"));
@@ -81,7 +81,7 @@ public string CreateProject(bool hasSecret = true, string appSettingsContent = "
 
         File.WriteAllText(
             Path.Combine(projectPath.FullName, "appsettings.Development.json"),
-            appSettingsContent);
+            "{}");
 
         if (hasSecret)
         {