Make the sidecar trim friendlier (#3518)

Co-authored-by: Keegan Caruso <[email protected]>

Author: keegan-caruso

src/Microsoft.Identity.Web.Sidecar/AppJsonSerializerContext.cs

@@ -0,0 +1,15 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+using System.Text.Json.Serialization;
+using Microsoft.Identity.Web.Sidecar.Models;
+
+namespace Microsoft.Identity.Web.Sidecar;
+
+[JsonSerializable(typeof(AuthorizationHeaderResult))]
+[JsonSerializable(typeof(DownstreamApiResult))]
+[JsonSerializable(typeof(ValidateAuthorizationHeaderResult))]
+internal partial class AppJsonSerializerContext : JsonSerializerContext
+{
+
+}

src/Microsoft.Identity.Web.Sidecar/CacheControl.cs

@@ -1,7 +1,6 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT License.
 
-using Azure;
 using Microsoft.Net.Http.Headers;
 
 namespace Microsoft.Identity.Web.Sidecar;

src/Microsoft.Identity.Web.Sidecar/Directory.Build.props

@@ -0,0 +1,14 @@
+<Project>
+  <Import Project="$([MSBuild]::GetPathOfFileAbove('Directory.Build.props', '$(MSBuildThisFileDirectory)../'))" />
+  <PropertyGroup>
+    <TargetFrameworks>net9.0</TargetFrameworks>
+  </PropertyGroup>
+  <PropertyGroup>
+    <AspDependencyVersion>9.0.9</AspDependencyVersion>
+    <MicrosoftAspNetCoreAuthenticationJwtBearerVersion>$(AspDependencyVersion)</MicrosoftAspNetCoreAuthenticationJwtBearerVersion>
+    <MicrosoftAspNetCoreAuthenticationOpenIdConnectVersion>$(AspDependencyVersion)</MicrosoftAspNetCoreAuthenticationOpenIdConnectVersion>
+    <MicrosoftAspNetCoreOpenApiVersion>$(AspDependencyVersion)</MicrosoftAspNetCoreOpenApiVersion>
+    <MicrosoftExtensionsApiDescriptionServerVersion>$(AspDependencyVersion)</MicrosoftExtensionsApiDescriptionServerVersion>
+    <MicrosoftVisualStudioAzureContainersToolsTargetsVersion>1.22.1</MicrosoftVisualStudioAzureContainersToolsTargetsVersion>
+  </PropertyGroup>
+</Project>

src/Microsoft.Identity.Web.Sidecar/Endpoints/AuthorizationHeaderEndpoint.cs

@@ -2,15 +2,13 @@
 // Licensed under the MIT License.
 
 using System.ComponentModel;
-using System.Net.Mime;
 using Microsoft.AspNetCore.Http.HttpResults;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Options;
 using Microsoft.Identity.Abstractions;
 using Microsoft.Identity.Client;
 using Microsoft.Identity.Web.Sidecar.Logging;
 using Microsoft.Identity.Web.Sidecar.Models;
-using Microsoft.OpenApi.Models;
 
 namespace Microsoft.Identity.Web.Sidecar.Endpoints;
 
@@ -31,8 +29,7 @@ public static void AddAuthorizationHeaderRequestEndpoints(this WebApplication ap
                 "  ?optionsOverride.Scopes=User.Read&optionsOverride.Scopes=Mail.Read\n" +
                 "  ?optionsOverride.RequestAppToken=true&optionsOverride.Scopes=https://graph.microsoft.com/.default\n" +
                 "  ?optionsOverride.AcquireTokenOptions.Tenant=GUID\n" +
-                "Repeat parameters like 'optionsOverride.Scopes' to add multiple scopes.").
-            WithOpenApi(ConfigureOpenAPI);
+                "Repeat parameters like 'optionsOverride.Scopes' to add multiple scopes.");
 
         app.MapGet("/AuthorizationHeaderUnauthenticated/{apiName}", AuthorizationHeaderAsync).
             WithName("AuthorizationHeaderUnauthenticated").
@@ -47,20 +44,7 @@ public static void AddAuthorizationHeaderRequestEndpoints(this WebApplication ap
                 "  ?optionsOverride.Scopes=User.Read&optionsOverride.Scopes=Mail.Read\n" +
                 "  ?optionsOverride.RequestAppToken=true&optionsOverride.Scopes=https://graph.microsoft.com/.default\n" +
                 "  ?optionsOverride.AcquireTokenOptions.Tenant=GUID\n" +
-                "Repeat parameters like 'optionsOverride.Scopes' to add multiple scopes.").
-            WithOpenApi(ConfigureOpenAPI);
-    }
-
-    private static OpenApiOperation ConfigureOpenAPI(OpenApiOperation operation)
-    {
-        // Only add once.
-        var documented = operation.Extensions.ContainsKey("x-optionsOverride-documented");
-        if (!documented)
-        {
-            OpenApiDescriptions.AddOptionsOverrideParameters(operation);
-            operation.Extensions.Add("x-optionsOverride-documented", new OpenApi.Any.OpenApiBoolean(true));
-        }
-        return operation;
+                "Repeat parameters like 'optionsOverride.Scopes' to add multiple scopes.");
     }
 
     private static async Task<Results<Ok<AuthorizationHeaderResult>, ProblemHttpResult>> AuthorizationHeaderAsync(

src/Microsoft.Identity.Web.Sidecar/Endpoints/DownstreamApiEndpoint.cs

@@ -3,15 +3,14 @@
 
 using System.ComponentModel;
 using System.Net.Http.Headers;
-using System.Net.Mime;
 using System.Text;
 using Microsoft.AspNetCore.Http.HttpResults;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Options;
 using Microsoft.Identity.Abstractions;
+using Microsoft.Identity.Client;
 using Microsoft.Identity.Web.Sidecar.Logging;
 using Microsoft.Identity.Web.Sidecar.Models;
-using Microsoft.OpenApi.Models;
 
 namespace Microsoft.Identity.Web.Sidecar.Endpoints;
 
@@ -31,8 +30,7 @@ public static void AddDownstreamApiRequestEndpoints(this WebApplication app)
                 "  ?optionsOverride.Scopes=User.Read\n" +
                 "  ?optionsOverride.Scopes=User.Read&optionsOverride.Scopes=Mail.Read\n" +
                 "  ?optionsOverride.AcquireTokenOptions.Tenant=GUID\n" +
-                "  ?optionsOverride.RequestAppToken=true&optionsOverride.Scopes=https://graph.microsoft.com/.default").
-            WithOpenApi(ConfigureOpenAPI);
+                "  ?optionsOverride.RequestAppToken=true&optionsOverride.Scopes=https://graph.microsoft.com/.default");
 
         app.MapPost("/DownstreamApiUnauthenticated/{apiName}", DownstreamApiAsync).
             WithName("DownstreamApiUnauthenticated").
@@ -46,20 +44,7 @@ public static void AddDownstreamApiRequestEndpoints(this WebApplication app)
                 "  ?optionsOverride.Scopes=User.Read\n" +
                 "  ?optionsOverride.Scopes=User.Read&optionsOverride.Scopes=Mail.Read\n" +
                 "  ?optionsOverride.AcquireTokenOptions.Tenant=GUID\n" +
-                "  ?optionsOverride.RequestAppToken=true&optionsOverride.Scopes=https://graph.microsoft.com/.default").
-            WithOpenApi(ConfigureOpenAPI);
-    }
-
-    private static OpenApiOperation ConfigureOpenAPI(OpenApiOperation operation)
-    {
-        // Only add once.
-        var documented = operation.Extensions.ContainsKey("x-optionsOverride-documented");
-        if (!documented)
-        {
-            OpenApiDescriptions.AddOptionsOverrideParameters(operation);
-            operation.Extensions.Add("x-optionsOverride-documented", new OpenApi.Any.OpenApiBoolean(true));
-        }
-        return operation;
+                "  ?optionsOverride.RequestAppToken=true&optionsOverride.Scopes=https://graph.microsoft.com/.default");
     }
 
     private static async Task<Results<Ok<DownstreamApiResult>, ProblemHttpResult>> DownstreamApiAsync(
@@ -124,6 +109,13 @@ private static async Task<Results<Ok<DownstreamApiResult>, ProblemHttpResult>> D
                 detail: ex.InnerException?.Message ?? ex.Message,
                 statusCode: StatusCodes.Status401Unauthorized);
         }
+        catch (MsalServiceException ex)
+        {
+            logger.AuthorizationHeaderAsyncError(ex);
+            return TypedResults.Problem(
+                detail: ex.Message,
+                statusCode: StatusCodes.Status401Unauthorized);
+        }
         catch (Exception ex)
         {
             logger.AuthorizationHeaderAsyncError(ex);

src/Microsoft.Identity.Web.Sidecar/Endpoints/ValidateRequestEndpoints.cs

@@ -5,6 +5,7 @@
 using System.Text.Json;
 using System.Text.Json.Nodes;
 using Microsoft.AspNetCore.Http.HttpResults;
+using Microsoft.AspNetCore.Mvc;
 using Microsoft.Identity.Web.Resource;
 using Microsoft.Identity.Web.Sidecar.Logging;
 using Microsoft.Identity.Web.Sidecar.Models;
@@ -24,9 +25,9 @@ public static void AddValidateRequestEndpoints(this WebApplication app)
     }
 
     private static Results<Ok<ValidateAuthorizationHeaderResult>, ProblemHttpResult> ValidateEndpoint(
-        ILogger<Program> logger,
+        [FromServices] ILogger<Program> logger,
         HttpContext httpContext,
-        IConfiguration configuration)
+        [FromServices] IConfiguration configuration)
     {
         string scopeRequiredByApi = configuration["AzureAd:Scopes"] ?? string.Empty;
         if (!string.IsNullOrWhiteSpace(scopeRequiredByApi))

src/Microsoft.Identity.Web.Sidecar/Microsoft.Identity.Web.Sidecar.csproj

@@ -1,14 +1,15 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
-    <TargetFrameworks>net9.0</TargetFrameworks>
     <Nullable>enable</Nullable>
     <ImplicitUsings>enable</ImplicitUsings>
     <UserSecretsId>aspnet-Microsoft.Identity.Web.Sidecar-79d2a631-277f-4ef1-9253-4477001378e8</UserSecretsId>
     <OpenApiDocumentsDirectory>OpenAPI</OpenApiDocumentsDirectory>
     <GenerateDocumentationFile>False</GenerateDocumentationFile>
     <IsPackable>false</IsPackable>
     <EnablePackageValidation>false</EnablePackageValidation>
+    <IsAotCompatible>true</IsAotCompatible>
+    <EnableRequestDelegateGenerator>true</EnableRequestDelegateGenerator>
     <NoWarn>
       $(NoWarn);
       <!--RS0016: Add public types and members to the declared API-->
@@ -22,36 +23,33 @@
     </NoWarn>
   </PropertyGroup>
 
-  <!-- Trimming + perf (Release only) -->
   <PropertyGroup Condition="'$(Configuration)'=='Release'">
-    <PublishTrimmed>false</PublishTrimmed>
-    <TrimMode>partial</TrimMode>
-    <EnableTrimAnalyzer>false</EnableTrimAnalyzer>
-    <SuppressTrimAnalysisWarnings>false</SuppressTrimAnalysisWarnings>
     <PublishReadyToRun>true</PublishReadyToRun>
-    <!-- Optional; enable only if you do not rely on culture-specific globalization -->
-    <!-- <InvariantGlobalization>true</InvariantGlobalization> -->
+    <!-- Removes globalization-specific code and data -->
+    <InvariantGlobalization>true</InvariantGlobalization>
+    <!-- See: https://learn.microsoft.com/en-us/dotnet/core/deploying/trimming/trimming-options#trim-framework-library-features -->
+    <!-- Removes code that enables better debugging experiences. This setting also removes symbols. -->
     <DebuggerSupport>false</DebuggerSupport>
+    <!--Removes BinaryFormatter serialization support -->
     <EnableUnsafeBinaryFormatterSerialization>false</EnableUnsafeBinaryFormatterSerialization>
-    <IlcGenerateStackTraceData>false</IlcGenerateStackTraceData>
+    <!-- Removes support for generating stack traces (for example, Environment.StackTrace or Exception.ToString) by the runtime -->
+    <StackTraceSupport>false</StackTraceSupport>
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="9.0.9" NoWarn="NU1605" />
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="9.0.9" NoWarn="NU1605" />
-    <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="9.0.9" />
-    <PackageReference Include="Microsoft.Extensions.ApiDescription.Server" Version="9.0.9">
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="$(MicrosoftAspNetCoreAuthenticationJwtBearerVersion)" NoWarn="NU1605" />
+    <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="$(MicrosoftAspNetCoreOpenApiVersion)" />
+    <PackageReference Include="Microsoft.Extensions.ApiDescription.Server" Version="$(MicrosoftExtensionsApiDescriptionServerVersion)">
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>
-    <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.22.1" />
+    <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="$(MicrosoftVisualStudioAzureContainersToolsTargetsVersion)" />
   </ItemGroup>
 
-
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.Identity.Web.AgentIdentities\Microsoft.Identity.Web.AgentIdentities.csproj" />
     <ProjectReference Include="..\Microsoft.Identity.Web.DownstreamApi\Microsoft.Identity.Web.DownstreamApi.csproj" />
     <ProjectReference Include="..\Microsoft.Identity.Web\Microsoft.Identity.Web.csproj" />
   </ItemGroup>
 
-</Project>
+</Project>

src/Microsoft.Identity.Web.Sidecar/Models/AuthorizationHeaderRequest.cs

@@ -3,8 +3,6 @@
 
 using System.ComponentModel;
 using System.Diagnostics.CodeAnalysis;
-using System.Text.Json;
-using System.Text.Json.Serialization;
 using Microsoft.AspNetCore.Mvc;
 
 namespace Microsoft.Identity.Web.Sidecar.Models;

src/Microsoft.Identity.Web.Sidecar/Models/DownstreamApiRequest.cs

@@ -4,7 +4,6 @@
 using System.ComponentModel;
 using System.Diagnostics.CodeAnalysis;
 using Microsoft.AspNetCore.Mvc;
-using Microsoft.Identity.Abstractions;
 
 namespace Microsoft.Identity.Web.Sidecar.Models;
 

src/Microsoft.Identity.Web.Sidecar/OptionsOverrideSchemaTransformer.cs

@@ -1,7 +1,6 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT License.
 
-using System.Diagnostics;
 using Microsoft.AspNetCore.OpenApi;
 using Microsoft.OpenApi.Models;