Fixed the OAuth Flow

Author: cs-raj

Contentstack.Management.Core/ContentstackClient.cs

@@ -219,6 +219,11 @@ internal ContentstackResponse InvokeSync<TRequest>(TRequest request, bool addAcc
         {
             ThrowIfDisposed();
 
+            if (contentstackOptions.IsOAuthToken && !string.IsNullOrEmpty(contentstackOptions.Authtoken))
+            {
+                EnsureOAuthTokenIsValid();
+            }
+
             ExecutionContext context = new ExecutionContext(
                 new RequestContext()
                 {
@@ -636,6 +641,14 @@ internal void ClearStoredOAuthTokens(string clientId)
 
             _oauthTokens.Remove(clientId);
         }
+
+        /// <summary>
+        /// Clears all OAuth tokens (useful for cleanup).
+        /// </summary>
+        internal void ClearAllOAuthTokens()
+        {
+            _oauthTokens.Clear();
+        }
         #endregion
 
         /// <summary>

Contentstack.Management.Core/Models/OAuthTokens.cs

@@ -23,9 +23,29 @@ public class OAuthTokens
 
         public string AppId { get; set; }
 
-        public bool IsExpired => DateTime.UtcNow >= ExpiresAt;
-
-        public bool NeedsRefresh => DateTime.UtcNow >= ExpiresAt.AddMinutes(-5) || IsExpired;
+        public bool IsExpired => ExpiresAt == DateTime.MinValue || DateTime.UtcNow >= ExpiresAt;
+
+        public bool NeedsRefresh 
+        {
+            get
+            {
+                // If ExpiresAt is not set or is MinValue, consider it expired
+                if (ExpiresAt == DateTime.MinValue)
+                    return true;
+                
+                try
+                {
+                    // Check if we need to refresh (5 minutes before expiration)
+                    var refreshTime = ExpiresAt.AddMinutes(-5);
+                    return DateTime.UtcNow >= refreshTime || IsExpired;
+                }
+                catch (ArgumentOutOfRangeException)
+                {
+                    // If the calculation results in an unrepresentable DateTime, consider it expired
+                    return true;
+                }
+            }
+        }
 
         public bool IsValid => !string.IsNullOrEmpty(AccessToken) && !IsExpired;
     }

Contentstack.Management.Core/OAuthHandler.cs

@@ -254,10 +254,13 @@ public async Task<string> AuthorizeAsync()
 
             try
             {
+                
                 // Build the base authorization URL using the correct OAuth hostname
                 // Transform api.contentstack.io -> app.contentstack.com for OAuth authorization
                 var oauthHost = GetOAuthHost(GetClient().contentstackOptions.Host);
+                
                 var baseUrl = $"https://{oauthHost}/#!/apps/{_options.AppId}/authorize";
+                
                 var authUrl = new UriBuilder(baseUrl);
 
                 // Add required OAuth parameters
@@ -310,10 +313,21 @@ public async Task<OAuthTokens> ExchangeCodeForTokenAsync(string authorizationCod
 
             try
             {
+                
                 // Create the OAuth token service for authorization code exchange
                 OAuthTokenService tokenService;
 
-                if (_options.UsePkce && !string.IsNullOrEmpty(this.codeVerifier) )
+                if (_options.UsePkce)
+                {
+                    // PKCE code verifier should be available from the instance
+                    if (string.IsNullOrEmpty(this.codeVerifier))
+                    {
+                        throw new Exceptions.OAuthConfigurationException(
+                            "PKCE code verifier not found. Make sure to call AuthorizeAsync() before ExchangeCodeForTokenAsync().");
+                    }
+                }
+                
+                if (_options.UsePkce && !string.IsNullOrEmpty(this.codeVerifier))
                 {
                     tokenService = OAuthTokenService.CreateForAuthorizationCode(
                         serializer: GetClient().serializer,
@@ -557,9 +571,18 @@ private static string GetOAuthHost(string baseHost)
             if (string.IsNullOrEmpty(baseHost))
                 return baseHost;
 
-            // Transform api.contentstack.io -> app.contentstack.com
+            // Extract hostname from URL if it contains protocol
             var oauthHost = baseHost;
-            
+            if (oauthHost.StartsWith("https://"))
+            {
+                oauthHost = oauthHost.Substring(8); // Remove "https://"
+            }
+            else if (oauthHost.StartsWith("http://"))
+            {
+                oauthHost = oauthHost.Substring(7); // Remove "http://"
+            }
+
+            // Transform api.contentstack.io -> app.contentstack.com
             // Replace .io with .com
             if (oauthHost.EndsWith(".io"))
             {
@@ -653,9 +676,9 @@ private async Task RevokeOauthAppAuthorizationAsync(string authorizationId)
                     // Make the API call to revoke authorization
                     var response = await GetClient().InvokeAsync<OAuthAppRevocationService, ContentstackResponse>(service);
                 }
-                catch
+                catch (Exception ex)
                 {
-                    throw;
+                    throw ex;
                 }
                 finally
                 {

Contentstack.Management.Core/Services/ContentstackService.cs

@@ -168,18 +168,17 @@ public virtual IHttpRequest CreateHttpRequest(HttpClient httpClient, Contentstac
             {
                 Headers["authorization"] = this.ManagementToken;
             }
-            else if (!string.IsNullOrEmpty(config.Authtoken))
+            else if (config.IsOAuthToken)
             {
-                if (config.IsOAuthToken)
+                if (!string.IsNullOrEmpty(config.Authtoken))
                 {
-                    // OAuth Bearer token format
+
                     Headers["authorization"] = $"Bearer {config.Authtoken}";
                 }
-                else
-                {
-                    // Traditional authtoken format
-                    Headers["authtoken"] = config.Authtoken;
-                }
+            }
+            else if (!string.IsNullOrEmpty(config.Authtoken))
+            {
+                Headers["authtoken"] = config.Authtoken;
             }
 
             if (!string.IsNullOrEmpty(apiVersion))

Contentstack.Management.Core/Services/OAuth/OAuthTokenService.cs

@@ -78,8 +78,6 @@ public override IHttpRequest CreateHttpRequest(System.Net.Http.HttpClient httpCl
                 Host = GetDeveloperHubHostname(config.Host),
                 Port = config.Port,
                 Version = "", // OAuth endpoints don't use versioning
-                Authtoken = config.Authtoken,
-                IsOAuthToken = config.IsOAuthToken
             };
 
             var request = base.CreateHttpRequest(httpClient, devHubConfig, addAcceptMediaHeader, apiVersion);