Update the OWIN client host to resolve the default cookie manager from the application builder when available

Author: kevinchalet

src/OpenIddict.Client.Owin/OpenIddictClientOwinBuilder.cs

@@ -130,6 +130,12 @@ public OpenIddictClientOwinBuilder EnableErrorPassthrough()
     /// <summary>
     /// Sets the cookie manager used to read and write the cookies produced by the OWIN host.
     /// </summary>
+    /// <remarks>
+    /// If the manager isn't explicitly set, OpenIddict will try to resolve the default instance
+    /// provided by the OWIN host (only if <see cref="IAppBuilder"/> was registered as a service
+    /// in the dependency injection container). If no instance can be resolved, the generic
+    /// <see cref="CookieManager"/> implementation will be used.
+    /// </remarks>
     /// <param name="manager">The cookie manager to use.</param>
     /// <returns>The <see cref="OpenIddictClientOwinBuilder"/> instance.</returns>
     public OpenIddictClientOwinBuilder SetCookieManager(ICookieManager manager)

src/OpenIddict.Client.Owin/OpenIddictClientOwinConfiguration.cs

@@ -7,6 +7,7 @@
 using System.ComponentModel;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Options;
+using Owin;
 
 namespace OpenIddict.Client.Owin;
 
@@ -46,6 +47,19 @@ public void PostConfigure(string? name, OpenIddictClientOwinOptions options)
             throw new ArgumentNullException(nameof(options));
         }
 
+        // If no cookie manager was explicitly configured but the OWIN application builder was registered as a service
+        // (which is required when using Autofac with the built-in Katana authentication middleware, as they require
+        // injecting IAppBuilder in their constructor), try to resolve the default cookie manager provided by the
+        // host. If it can't be resolved, use the generic implementation that directly operates on OWIN responses.
+        options.CookieManager ??= _provider.GetService<IAppBuilder>() switch
+        {
+            // Note: see https://github.com/aspnet/AspNetKatana/pull/486 for more information.
+            IAppBuilder builder when builder.Properties.TryGetValue("infrastructure.CookieManager",
+                out object? property) && property is ICookieManager manager => manager,
+
+            _ => new CookieManager()
+        };
+
         if (options.AuthenticationMode is AuthenticationMode.Active)
         {
             throw new InvalidOperationException(SR.GetResourceString(SR.ID0314));

src/OpenIddict.Client.Owin/OpenIddictClientOwinOptions.cs

@@ -72,7 +72,13 @@ public OpenIddictClientOwinOptions()
     /// <summary>
     /// Gets or sets the cookie manager used to read and write the cookies produced by the OWIN host.
     /// </summary>
-    public ICookieManager CookieManager { get; set; } = new CookieManager();
+    /// <remarks>
+    /// If the manager isn't explicitly set, OpenIddict will try to resolve the default instance
+    /// provided by the OWIN host (only if <see cref="IAppBuilder"/> was registered as a service
+    /// in the dependency injection container). If no instance can be resolved, the generic
+    /// <see cref="Microsoft.Owin.Infrastructure.CookieManager"/> implementation will be used.
+    /// </remarks>
+    public ICookieManager CookieManager { get; set; } = default!;
 
     /// <summary>
     /// Gets or sets the name of the correlation cookie used to bind authorization