Implement IDownstreamApi overloads that take JsonTypeInfo<T> as a parameter to enable source generated Json deserialization for NativeAOT (#2959)

Addresses #2930

Update Microsoft.Identity.Abstractions to 7.0.0
Implementation for new DownstreamApi interfaces in Microsoft.Identity.Abstractions for source gen Json serialization. Implementaitons are generated or copied as the existing with just the addition of jsonTypeInfo params

Author: dualtagh

Directory.Build.props

@@ -87,8 +87,7 @@
     <MicrosoftGraphVersion>4.36.0</MicrosoftGraphVersion>
     <MicrosoftGraphBetaVersion>4.57.0-preview</MicrosoftGraphBetaVersion>
     <MicrosoftExtensionsHttpVersion>3.1.3</MicrosoftExtensionsHttpVersion>
-    <!-- IdentityWeb v3.0.1 is not compatible with Abstractions v7; 6.0.0 ≤ version < 7.0.0 -->
-    <MicrosoftIdentityAbstractionsVersion Condition="'$(MicrosoftIdentityAbstractionsVersion)' == ''">[6.0.0, 7.0.0)</MicrosoftIdentityAbstractionsVersion>
+    <MicrosoftIdentityAbstractionsVersion>7.0.0</MicrosoftIdentityAbstractionsVersion>
     <NetNineRuntimeVersion>9.0.0-preview.7.24405.7</NetNineRuntimeVersion>
     <AspNetCoreNineRuntimeVersion>9.0.0-preview.7.24406.2</AspNetCoreNineRuntimeVersion>
     <!--CVE-2024-30105-->

src/Microsoft.Identity.Web.DownstreamApi/DownstreamApi.HttpMethods.cs

@@ -15,16 +15,30 @@ using System.Threading;
 using System.Threading.Tasks;
 using Microsoft.Identity.Abstractions;
 
+#if NET8_0_OR_GREATER
+using System.Text.Json.Serialization.Metadata;
+#endif
+
 namespace Microsoft.Identity.Web
 {
     /// <inheritdoc/>
     internal partial class DownstreamApi : IDownstreamApi
     {
 <#
   bool firstMethod = true;
+
+  foreach(string framework in new string[]{  "all", "net8" } )
+  {
+    if (framework == "net8")
+    {
+#>
+
+#if NET8_0_OR_GREATER
+<#
+    }
   foreach(string httpMethod in new string[]{  "Get", "Post", "Put", "Patch", "Delete"} )
   {
-   if (httpMethod == "Patch")
+   if (httpMethod == "Patch" && framework != "net8")
    {
 #>
 
@@ -60,6 +74,12 @@ namespace Microsoft.Identity.Web
             string? serviceName,
 <# if (hasInput){ #>
             TInput input,
+<# } #>
+<# if (hasInput && framework == "net8"){ #>
+            JsonTypeInfo<TInput> inputJsonTypeInfo,
+<# } #>
+<# if (hasOutput && framework == "net8"){ #>
+            JsonTypeInfo<TOutput> outputJsonTypeInfo,
 <# } #>
             Action<DownstreamApiOptionsReadOnlyHttpMethod>? downstreamApiOptionsOverride = null,
 <# if (!hasApp){ #>
@@ -71,9 +91,13 @@ namespace Microsoft.Identity.Web
 <# } #>
         {
             DownstreamApiOptions effectiveOptions = MergeOptions(serviceName, downstreamApiOptionsOverride, HttpMethod.<#=httpMethod#>);
-<# if (hasInput){ #>
+<# if (hasInput) {
+   if (framework == "net8"){
+#>
+            HttpContent? effectiveInput = SerializeInput(input, effectiveOptions, inputJsonTypeInfo);
+<# } else { #>
             HttpContent? effectiveInput = SerializeInput(input, effectiveOptions);
-<# } #>
+<# } } #>
             try
             {
                 HttpResponseMessage response = await CallApiInternalAsync(serviceName, effectiveOptions, <#= hasApp ? "true" : "false" #>, <#= content #>, <#= user #>, cancellationToken).ConfigureAwait(false);
@@ -86,8 +110,12 @@ namespace Microsoft.Identity.Web
                 }
                 response.EnsureSuccessStatusCode();
 <# }
-   if (hasOutput)
+   if (hasOutput && framework == "net8")
    { #>
+                return await DeserializeOutput<TOutput>(response, effectiveOptions, outputJsonTypeInfo).ConfigureAwait(false);
+<# } 
+   else if (hasOutput)
+   {#>
                 return await DeserializeOutput<TOutput>(response, effectiveOptions).ConfigureAwait(false);
 <# } #>
             }
@@ -108,13 +136,17 @@ namespace Microsoft.Identity.Web
    }
 #>
 <#
-     if (httpMethod == "Patch")
+     if (httpMethod == "Patch" && framework != "net8")
      {
 #>
 
 #endif // !NETFRAMEWORK && !NETSTANDARD2_0
 <#
     }
   }
-#>    }
+if (framework == "net8") {#>
+#endif // NET8_0_OR_GREATER
+<#}
+}
+#>   }
 }

src/Microsoft.Identity.Web.DownstreamApi/DownstreamApi.HttpMethods.tt

@@ -9,6 +9,7 @@
 using System.Security.Claims;
 using System.Text;
 using System.Text.Json;
+using System.Text.Json.Serialization.Metadata;
 using System.Threading;
 using System.Threading.Tasks;
 using Microsoft.Extensions.Logging;
@@ -166,8 +167,101 @@ public Task<HttpResponseMessage> CallApiForAppAsync(
             HttpResponseMessage response = await CallApiInternalAsync(serviceName, effectiveOptions, false,
                                                                           null, user, cancellationToken).ConfigureAwait(false);
             return await DeserializeOutput<TOutput>(response, effectiveOptions).ConfigureAwait(false);
-        }
+        }
+
+#if NET8_0_OR_GREATER
+        /// <inheritdoc/>
+        public async Task<TOutput?> CallApiForUserAsync<TInput, TOutput>(
+            string? serviceName,
+            TInput input,
+            JsonTypeInfo<TInput> inputJsonTypeInfo,
+            JsonTypeInfo<TOutput> outputJsonTypeInfo,
+            Action<DownstreamApiOptions>? downstreamApiOptionsOverride = null,
+            ClaimsPrincipal? user = default,
+            CancellationToken cancellationToken = default)
+            where TOutput : class
+        {
+            DownstreamApiOptions effectiveOptions = MergeOptions(serviceName, downstreamApiOptionsOverride);
+            HttpContent? effectiveInput = SerializeInput(input, effectiveOptions, inputJsonTypeInfo);
+
+            HttpResponseMessage response = await CallApiInternalAsync(serviceName, effectiveOptions, false,
+                                                                          effectiveInput, user, cancellationToken).ConfigureAwait(false);
+
+            // Only dispose the HttpContent if was created here, not provided by the caller.
+            if (input is not HttpContent)
+            {
+                effectiveInput?.Dispose();
+            }
+
+            return await DeserializeOutput<TOutput>(response, effectiveOptions, outputJsonTypeInfo).ConfigureAwait(false);
+        }
+
+        /// <inheritdoc/>
+        public async Task<TOutput?> CallApiForUserAsync<TOutput>(
+            string serviceName,
+            JsonTypeInfo<TOutput> outputJsonTypeInfo,
+            Action<DownstreamApiOptions>? downstreamApiOptionsOverride = null,
+            ClaimsPrincipal? user = default,
+            CancellationToken cancellationToken = default)
+            where TOutput : class
+        {
+            DownstreamApiOptions effectiveOptions = MergeOptions(serviceName, downstreamApiOptionsOverride);
+            HttpResponseMessage response = await CallApiInternalAsync(serviceName, effectiveOptions, false,
+                                                                          null, user, cancellationToken).ConfigureAwait(false);
+            return await DeserializeOutput<TOutput>(response, effectiveOptions, outputJsonTypeInfo).ConfigureAwait(false);
+        }
+
+        /// <inheritdoc/>
+        public async Task<TOutput?> CallApiForAppAsync<TInput, TOutput>(
+            string? serviceName,
+            TInput input,
+            JsonTypeInfo<TInput> inputJsonTypeInfo,
+            JsonTypeInfo<TOutput> outputJsonTypeInfo,
+            Action<DownstreamApiOptions>? downstreamApiOptionsOverride = null,
+            CancellationToken cancellationToken = default)
+            where TOutput : class
+        {
+            DownstreamApiOptions effectiveOptions = MergeOptions(serviceName, downstreamApiOptionsOverride);
+            HttpContent? effectiveInput = SerializeInput(input, effectiveOptions, inputJsonTypeInfo);
+            HttpResponseMessage response = await CallApiInternalAsync(serviceName, effectiveOptions, true,
+                                                                          effectiveInput, null, cancellationToken).ConfigureAwait(false);
 
+            // Only dispose the HttpContent if was created here, not provided by the caller.
+            if (input is not HttpContent)
+            {
+                effectiveInput?.Dispose();
+            }
+
+            return await DeserializeOutput<TOutput>(response, effectiveOptions, outputJsonTypeInfo).ConfigureAwait(false);
+        }
+
+        /// <inheritdoc/>
+        public async Task<TOutput?> CallApiForAppAsync<TOutput>(
+            string serviceName,
+            JsonTypeInfo<TOutput> outputJsonTypeInfo,
+            Action<DownstreamApiOptions>? downstreamApiOptionsOverride = null,
+            CancellationToken cancellationToken = default)
+            where TOutput : class
+        {
+            DownstreamApiOptions effectiveOptions = MergeOptions(serviceName, downstreamApiOptionsOverride);
+            HttpResponseMessage response = await CallApiInternalAsync(serviceName, effectiveOptions, true,
+                                                                          null, null, cancellationToken).ConfigureAwait(false);
+
+            return await DeserializeOutput<TOutput>(response, effectiveOptions, outputJsonTypeInfo).ConfigureAwait(false);
+        }
+
+        internal static HttpContent? SerializeInput<TInput>(TInput input, DownstreamApiOptions effectiveOptions, JsonTypeInfo<TInput> inputJsonTypeInfo)
+        {
+            return SerializeInputImpl(input, effectiveOptions, inputJsonTypeInfo);
+        }
+
+        internal static async Task<TOutput?> DeserializeOutput<TOutput>(HttpResponseMessage response, DownstreamApiOptions effectiveOptions, JsonTypeInfo<TOutput> outputJsonTypeInfo)
+             where TOutput : class
+        {
+            return await DeserializeOutputImpl<TOutput>(response, effectiveOptions, outputJsonTypeInfo);
+        }
+#endif
+
         /// <summary>
         /// Merge the options from configuration and override from caller.
         /// </summary>
@@ -217,9 +311,14 @@ public Task<HttpResponseMessage> CallApiForAppAsync(
             DownstreamApiOptionsReadOnlyHttpMethod clonedOptions = new DownstreamApiOptionsReadOnlyHttpMethod(options, httpMethod.ToString());
             calledApiOptionsOverride?.Invoke(clonedOptions);
             return clonedOptions;
+        }
+
+        internal static HttpContent? SerializeInput<TInput>(TInput input, DownstreamApiOptions effectiveOptions)
+        {
+            return SerializeInputImpl(input, effectiveOptions, null);
         }
 
-        internal static HttpContent? SerializeInput<TInput>(TInput input, DownstreamApiOptions effectiveOptions)
+        private static HttpContent? SerializeInputImpl<TInput>(TInput input, DownstreamApiOptions effectiveOptions, JsonTypeInfo<TInput>? inputJsonTypeInfo = null)
         {
             HttpContent? httpContent;
 
@@ -234,17 +333,29 @@ public Task<HttpResponseMessage> CallApiForAppAsync(
                 {
                     HttpContent content => content,
                     string str when !string.IsNullOrEmpty(effectiveOptions.ContentType) && effectiveOptions.ContentType.StartsWith("text", StringComparison.OrdinalIgnoreCase) => new StringContent(str),
-                    string str => new StringContent(JsonSerializer.Serialize(str), Encoding.UTF8, "application/json"),
+                    string str => new StringContent(
+                        inputJsonTypeInfo == null ? JsonSerializer.Serialize(str) : JsonSerializer.Serialize(str, inputJsonTypeInfo),
+                        Encoding.UTF8,
+                        "application/json"),
                     byte[] bytes => new ByteArrayContent(bytes),
                     Stream stream => new StreamContent(stream),
                     null => null,
-                    _ => new StringContent(JsonSerializer.Serialize(input), Encoding.UTF8, "application/json"),
+                    _ => new StringContent(
+                        inputJsonTypeInfo == null ? JsonSerializer.Serialize(input) : JsonSerializer.Serialize(input, inputJsonTypeInfo),
+                        Encoding.UTF8,
+                        "application/json"),
                 };
             }
             return httpContent;
         }
 
         internal static async Task<TOutput?> DeserializeOutput<TOutput>(HttpResponseMessage response, DownstreamApiOptions effectiveOptions)
+             where TOutput : class
+        {
+            return await DeserializeOutputImpl<TOutput>(response, effectiveOptions, null);
+        }
+
+        private static async Task<TOutput?> DeserializeOutputImpl<TOutput>(HttpResponseMessage response, DownstreamApiOptions effectiveOptions, JsonTypeInfo<TOutput>? outputJsonTypeInfo = null)
              where TOutput : class
         {
             try
@@ -284,7 +395,14 @@ public Task<HttpResponseMessage> CallApiForAppAsync(
                 string stringContent = await content.ReadAsStringAsync();
                 if (mediaType == "application/json")
                 {
-                    return JsonSerializer.Deserialize<TOutput>(stringContent, new JsonSerializerOptions { PropertyNameCaseInsensitive = true });
+                    if (outputJsonTypeInfo != null)
+                    {
+                        return JsonSerializer.Deserialize<TOutput>(stringContent, outputJsonTypeInfo);
+                    }
+                    else
+                    {
+                        return JsonSerializer.Deserialize<TOutput>(stringContent, new JsonSerializerOptions { PropertyNameCaseInsensitive = true });
+                    }
                 }
                 if (mediaType != null && !mediaType.StartsWith("text/", StringComparison.OrdinalIgnoreCase))
                 {
@@ -361,8 +479,8 @@ internal async Task UpdateRequestAsync(
                        effectiveOptions.Scopes,
                        effectiveOptions,
                        user,
-                       cancellationToken).ConfigureAwait(false);
-                
+                       cancellationToken).ConfigureAwait(false);
+
                 httpRequestMessage.Headers.Add(Authorization, authorizationHeader);
             }
             else

src/Microsoft.Identity.Web.DownstreamApi/DownstreamApi.cs

@@ -2,6 +2,7 @@
 // Licensed under the MIT License.
 
 using System.Net.Http;
+using System.Text.Json.Serialization;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
@@ -17,7 +18,7 @@ namespace IntegrationTestService.Controllers
     [Authorize(AuthenticationSchemes = TestConstants.CustomJwtScheme2)]
     [Route("SecurePage2")]
     [RequiredScope("user_impersonation")]
-    public class WeatherForecast2Controller : ControllerBase
+    public partial class WeatherForecast2Controller : ControllerBase
     {
         private readonly IDownstreamApi _downstreamApi;
         private readonly ITokenAcquisition _tokenAcquisition;
@@ -62,6 +63,27 @@ public async Task<HttpResponseMessage> CallDownstreamWebApiAsync()
             return user?.DisplayName;
         }
 
+        [JsonSerializable(typeof(UserInfo))]
+        internal partial class UserInfoJsonContext : JsonSerializerContext
+        {
+        }
+
+#if NET8_0_OR_GREATER
+        [HttpGet(TestConstants.SecurePage2CallDownstreamWebApiGenericAotInternal)]
+        public async Task<string?> CallDownstreamWebApiGenericAsyncAotInternal()
+        {
+            var user = await _downstreamApi.GetForUserAsync<UserInfo>(
+                TestConstants.SectionNameCalledApi,
+                UserInfoJsonContext.Default.UserInfo,
+                options =>
+                {
+                    options.RelativePath = "me";
+                    options.AcquireTokenOptions.AuthenticationOptionsName = TestConstants.CustomJwtScheme2;
+                });
+            return user?.DisplayName;
+        }
+#endif
+
         [HttpGet(TestConstants.SecurePage2CallMicrosoftGraph)]
         public async Task<string> CallMicrosoftGraphAsync()
         {

tests/E2E Tests/IntegrationTestService/Controllers/WeatherForecast2Controller.cs

@@ -155,6 +155,7 @@ public static class TestConstants
         public const string SecurePage2GetTokenForAppAsync = "/SecurePage2/GetTokenForAppAsync";
         public const string SecurePage2CallDownstreamWebApi = "/SecurePage2/CallDownstreamWebApiAsync";
         public const string SecurePage2CallDownstreamWebApiGeneric = "/SecurePage2/CallDownstreamWebApiGenericAsync";
+        public const string SecurePage2CallDownstreamWebApiGenericAotInternal = "/SecurePage2/CallDownstreamWebApiGenericAsyncAotInternal";
         public const string SecurePage2CallDownstreamWebApiGenericWithTokenAcquisitionOptions = "/SecurePage2/CallDownstreamWebApiGenericWithTokenAcquisitionOptionsAsync";
         public const string SecurePage2CallMicrosoftGraph = "/SecurePage2/CallMicrosoftGraph";
         public const string SectionNameCalledApi = "CalledApi";

tests/Microsoft.Identity.Web.Test.Common/TestConstants.cs

@@ -14,8 +14,8 @@
 using Microsoft.AspNetCore.Mvc.Testing;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Identity.Client;
-using Microsoft.Identity.Web.Test.Common;
 using Microsoft.Identity.Lab.Api;
+using Microsoft.Identity.Web.Test.Common;
 using Microsoft.Identity.Web.Test.Common.TestHelpers;
 using Microsoft.Identity.Web.TokenCacheProviders.Distributed;
 using Microsoft.Identity.Web.TokenCacheProviders.InMemory;
@@ -67,6 +67,10 @@ public async Task GetTokenForUserAsync(
         [InlineData(TestConstants.SecurePage2CallMicrosoftGraph, false)]
         [InlineData(TestConstants.SecurePage2CallDownstreamWebApi, false)]
         [InlineData(TestConstants.SecurePage2CallDownstreamWebApiGeneric, false)]
+#if NET8_0_OR_GREATER
+        [InlineData(TestConstants.SecurePage2CallDownstreamWebApiGenericAotInternal)]
+        [InlineData(TestConstants.SecurePage2CallDownstreamWebApiGenericAotInternal, false)]
+#endif
         public async Task GetTokenForUserWithDifferentAuthSchemeAsync(
                string webApiUrl,
                bool addInMemoryTokenCache = true)
@@ -132,7 +136,7 @@ public async Task TestSigningKeyIssuer()
             }
         }
 #endif
-      
+
 
         private static async Task<HttpResponseMessage> CreateHttpResponseMessage(string webApiUrl, HttpClient client, AuthenticationResult result)
         {
@@ -208,4 +212,4 @@ private static async Task<AuthenticationResult> AcquireTokenForLabUserAsync()
         }
     }
 #endif //FROM_GITHUB_ACTION
-    }
+}