Simplified how we disable the TransportSecurityRequirement in OpenIddict (#16629)

src/Umbraco.Cms.Api.Common/Configuration/ConfigureOpenIddict.cs

@@ -0,0 +1,15 @@
+using Microsoft.Extensions.Options;
+using OpenIddict.Server.AspNetCore;
+using Umbraco.Cms.Core.Configuration.Models;
+
+namespace Umbraco.Cms.Api.Common.Configuration;
+
+internal class ConfigureOpenIddict : IConfigureOptions<OpenIddictServerAspNetCoreOptions>
+{
+    private readonly IOptions<GlobalSettings> _globalSettings;
+
+    public ConfigureOpenIddict(IOptions<GlobalSettings> globalSettings) => _globalSettings = globalSettings;
+
+    public void Configure(OpenIddictServerAspNetCoreOptions options)
+        => options.DisableTransportSecurityRequirement = _globalSettings.Value.UseHttps is false;
+}

src/Umbraco.Cms.Api.Common/Configuration/PostConfigureOpenIddict.cs

@@ -1,44 +0,0 @@
-using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Extensions.Options;
-using OpenIddict.Server;
-using OpenIddict.Server.AspNetCore;
-using Umbraco.Cms.Core.Configuration.Models;
-
-namespace Umbraco.Cms.Api.Common.Configuration;
-
-internal class PostConfigureOpenIddict : IPostConfigureOptions<OpenIddictServerOptions>
-{
-    private readonly IOptions<GlobalSettings> _globalSettings;
-
-    public PostConfigureOpenIddict(IOptions<GlobalSettings> globalSettings)
-    {
-        _globalSettings = globalSettings;
-    }
-
-    public void PostConfigure(string? name, OpenIddictServerOptions options)
-    {
-        EnsureHttpsIsNotRequiredWhenConfigAllowHttp(options);
-    }
-
-    /// <summary>
-    /// Ensures OpenIddict is configured to allow Http requrest, if and only if, the global settings are configured to allow Http.
-    /// </summary>
-    /// <remarks>
-    /// The logic actually allowing http by removing the ValidateTransportSecurityRequirement Descriptor is borrowed from <see cref="OpenIddictServerBuilder.RemoveEventHandler"/>
-    /// </remarks>
-    private void EnsureHttpsIsNotRequiredWhenConfigAllowHttp(OpenIddictServerOptions options)
-    {
-        if (_globalSettings.Value.UseHttps is false)
-        {
-            OpenIddictServerHandlerDescriptor descriptor = OpenIddictServerAspNetCoreHandlers.ValidateTransportSecurityRequirement.Descriptor;
-
-            for (var index = options.Handlers.Count - 1; index >= 0; index--)
-            {
-                if (options.Handlers[index].ServiceDescriptor.ServiceType == descriptor.ServiceDescriptor.ServiceType)
-                {
-                    options.Handlers.RemoveAt(index);
-                }
-            }
-        }
-    }
-}

src/Umbraco.Cms.Api.Common/DependencyInjection/UmbracoBuilderAuthExtensions.cs

@@ -133,6 +133,6 @@ public static class UmbracoBuilderAuthExtensions
             });
 
         builder.Services.AddRecurringBackgroundJob<OpenIddictCleanupJob>();
-        builder.Services.ConfigureOptions<PostConfigureOpenIddict>();
+        builder.Services.ConfigureOptions<ConfigureOpenIddict>();
     }
 }