AddIdentityBearerToken should not be generic

[davidfowl]

After playing with the APIs introduced in #47228, I realized that making the API generic is pretty pointless. The TUser isn't used to discriminate any options so it seems superfluous.

[halter73]

We can remove the generic parameter. The original version used the TUser to register an OnSigningIn callback with the auth handler for the security stamp validation. See bd5ffbe (#48595)

After @Tratcher's PR feedback, we wound up moving the refresh token validation logic into the API endpoint directly. The auth handler now issues the refresh token but never validates it. If the API endpoint determines the refresh token is valid, it just does a normal "SignIn" again like it would after a normal username/password login.

I considered removing the generic parameter, but I figured we might need it in the future. Note that this only affects the Identity APIs which are often generic. AddBearerToken itself is not generic. But you're right that it's not necessary right now.

[davidfowl]

I think we should remove it.

[halter73]

Background and Motivation

Remove unnecessary code.

Proposed API

// Microsoft.AspNetCore.Identity.dll

namespace Microsoft.AspNetCore.Identity;

- public static class IdentityAuthenticationBuilderExtensions
- {
-     public static AuthenticationBuilder AddIdentityBearerToken<TUser>(this AuthenticationBuilder builder)
-         where TUser : class, new()
-    public static AuthenticationBuilder AddIdentityBearerToken<TUser>(this AuthenticationBuilder builder, Action<BearerTokenOptions> configure)
-        where TUser : class, new()
- }

Usage Examples

No instead of calling AddIdentityBearerToken to add bearer token auth for use with AddIdentityCore:

// ...
builder.Services.AddAuthentication()
    .AddIdentityBearerToken<ApplicationUser>();
// ... 

You'd call the normal AddBearerToken method with the correct Identity Constant.

builder.Services.AddAuthentication()
    .AddBearerToken(IdentityConstants.BearerScheme)

Alternative Designs

Just remove the generic parameter, but keep AddIdentityBearerToken.

Risks

It's a breaking change, but the workaround is easy and it's in a preview.