Address API review feedback for what was IApiEndpointMetadata (#63283)

Author: halter73

src/Http/Http.Abstractions/src/Metadata/ApiEndpointMetadata.cs

@@ -0,0 +1,20 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+namespace Microsoft.AspNetCore.Http.Metadata;
+
+/// <summary>
+/// Metadata that indicates the endpoint should disable cookie-based authentication redirects.
+/// When present, authentication handlers should prefer returning status codes over browser redirects.
+/// </summary>
+internal sealed class DisableCookieRedirectMetadata : IDisableCookieRedirectMetadata
+{
+    /// <summary>
+    /// Singleton instance of <see cref="DisableCookieRedirectMetadata"/>.
+    /// </summary>
+    public static readonly DisableCookieRedirectMetadata Instance = new();
+
+    private DisableCookieRedirectMetadata()
+    {
+    }
+}

src/Http/Http.Abstractions/src/Metadata/DisableCookieRedirectMetadata.cs

@@ -0,0 +1,13 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+namespace Microsoft.AspNetCore.Http.Metadata;
+
+/// <summary>
+/// Metadata that indicates the endpoint should allow cookie-based authentication redirects.
+/// This is normally the default behavior, but it exists to override <see cref="IDisableCookieRedirectMetadata"/> no matter the order.
+/// When present, the cookie authentication handler will prefer browser login or access denied redirects over 401 and 403 status codes.
+/// </summary>
+public interface IAllowCookieRedirectMetadata
+{
+}

src/Http/Http.Abstractions/src/Metadata/IAllowCookieRedirectMetadata.cs

@@ -0,0 +1,17 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+namespace Microsoft.AspNetCore.Http.Metadata;
+
+/// <summary>
+/// Metadata that indicates the endpoint should disable cookie-based authentication redirects
+/// typically because it is intended for API clients rather than direct browser navigation.
+///
+/// <see cref="IAllowCookieRedirectMetadata"/> overrides this no matter the order.
+///
+/// When present and not overridden, the cookie authentication handler will prefer using
+/// 401 and 403 status codes over redirecting to the login or access denied paths.
+/// </summary>
+public interface IDisableCookieRedirectMetadata
+{
+}

src/Http/Http.Abstractions/src/Metadata/IApiEndpointMetadata.cs

@@ -1,5 +1,6 @@
 #nullable enable
-Microsoft.AspNetCore.Http.Metadata.IApiEndpointMetadata
+Microsoft.AspNetCore.Http.Metadata.IAllowCookieRedirectMetadata
+Microsoft.AspNetCore.Http.Metadata.IDisableCookieRedirectMetadata
 Microsoft.AspNetCore.Http.Metadata.IDisableValidationMetadata
 Microsoft.AspNetCore.Http.ProducesResponseTypeMetadata.Description.get -> string?
 Microsoft.AspNetCore.Http.ProducesResponseTypeMetadata.Description.set -> void

src/Http/Http.Abstractions/src/Metadata/IDisableCookieRedirectMetadata.cs

@@ -253,7 +253,7 @@ public void Initialize(IncrementalGeneratorInitializationContext context)
 
                 if (hasJsonBody || hasResponseMetadata)
                 {
-                    codeWriter.WriteLine(RequestDelegateGeneratorSources.ApiEndpointMetadataClass);
+                    codeWriter.WriteLine(RequestDelegateGeneratorSources.DisableCookieRedirectMetadataClass);
                 }
 
                 if (hasFormBody || hasJsonBody || hasResponseMetadata)

src/Http/Http.Abstractions/src/PublicAPI.Unshipped.txt

@@ -493,18 +493,18 @@ public AntiforgeryMetadata(bool requiresValidation)
     }
 """;
 
-    public static string ApiEndpointMetadataClass = """
-    file sealed class ApiEndpointMetadata : IApiEndpointMetadata
+    public static string DisableCookieRedirectMetadataClass = """
+    file sealed class DisableCookieRedirectMetadata : IDisableCookieRedirectMetadata
     {
-        public static readonly ApiEndpointMetadata Instance = new();
+        public static readonly DisableCookieRedirectMetadata Instance = new();
 
-        private ApiEndpointMetadata()
+        private DisableCookieRedirectMetadata()
         {
         }
 
-        public static void AddApiEndpointMetadataIfMissing(EndpointBuilder builder)
+        public static void AddMetadataIfMissing(EndpointBuilder builder)
         {
-            if (!builder.Metadata.Any(m => m is IApiEndpointMetadata))
+            if (!builder.Metadata.Any(m => m is IDisableCookieRedirectMetadata))
             {
                 builder.Metadata.Add(Instance);
             }

src/Http/Http.Extensions/gen/Microsoft.AspNetCore.Http.RequestDelegateGenerator/RequestDelegateGenerator.cs

@@ -218,7 +218,7 @@ private static void EmitBuiltinResponseTypeMetadata(this Endpoint endpoint, Code
         else if (response.ResponseType is { } responseType)
         {
             codeWriter.WriteLine($$"""options.EndpointBuilder.Metadata.Add(new ProducesResponseTypeMetadata(statusCode: StatusCodes.Status200OK, type: typeof({{responseType.ToDisplayString(EmitterConstants.DisplayFormatWithoutNullability)}}), contentTypes: GeneratedMetadataConstants.JsonContentType));""");
-            codeWriter.WriteLine("ApiEndpointMetadata.AddApiEndpointMetadataIfMissing(options.EndpointBuilder);");
+            codeWriter.WriteLine("DisableCookieRedirectMetadata.AddMetadataIfMissing(options.EndpointBuilder);");
         }
     }
 
@@ -336,15 +336,15 @@ public static void EmitJsonAcceptsMetadata(this Endpoint endpoint, CodeWriter co
             codeWriter.WriteLine("if (!serviceProviderIsService.IsService(type))");
             codeWriter.StartBlock();
             codeWriter.WriteLine("options.EndpointBuilder.Metadata.Add(new AcceptsMetadata(type: type, isOptional: isOptional, contentTypes: GeneratedMetadataConstants.JsonContentType));");
-            codeWriter.WriteLine("options.EndpointBuilder.Metadata.Add(ApiEndpointMetadata.Instance);");
+            codeWriter.WriteLine("options.EndpointBuilder.Metadata.Add(DisableCookieRedirectMetadata.Instance);");
             codeWriter.WriteLine("break;");
             codeWriter.EndBlock();
             codeWriter.EndBlock();
         }
         else
         {
             codeWriter.WriteLine("options.EndpointBuilder.Metadata.Add(new AcceptsMetadata(contentTypes: GeneratedMetadataConstants.JsonContentType));");
-            codeWriter.WriteLine("options.EndpointBuilder.Metadata.Add(ApiEndpointMetadata.Instance);");
+            codeWriter.WriteLine("options.EndpointBuilder.Metadata.Add(DisableCookieRedirectMetadata.Instance);");
         }
     }
 

src/Http/Http.Extensions/gen/Microsoft.AspNetCore.Http.RequestDelegateGenerator/RequestDelegateGeneratorSources.cs

@@ -0,0 +1,16 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using Microsoft.AspNetCore.Http.Metadata;
+
+namespace Microsoft.AspNetCore.Http;
+
+/// <summary>
+/// Specifies that cookie-based authentication redirects are allowed for an endpoint.
+/// This is normally the default behavior, but it exists to override <see cref="IDisableCookieRedirectMetadata"/> no matter the order.
+/// When present, the cookie authentication handler will prefer browser login or access denied redirects over 401 and 403 status codes.
+/// </summary>
+[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class)]
+public sealed class AllowCookieRedirectAttribute : Attribute, IAllowCookieRedirectMetadata
+{
+}