[csharp][generichost] Added xml comments and restrict some access

[devhl-labs]

@EraYaN please let me know if this causes an issue. Your pr created some warnings, and some of the public things I think can be protected internal.

C# GenericHost: Add XML documentation and refine access levels for token infrastructure

This PR adds comprehensive XML documentation to the token provider classes and refines access levels to properly restrict internal implementation details while supporting extensibility.

Changes

Added XML Documentation:

• TokenBecameAvailableEventHandler delegate - documents the event handler signature for token availability notifications
• TokenBecameAvailable event - documents when and why the event is raised
• TokenProvider<T>.GetAsync() - documents the token retrieval contract with parameter and return value descriptions
• RateLimitProvider<T>.AvailableTokens - documents the internal token buffering dictionary and its purpose

Access Level Changes:

• TokenProvider<T>.GetAsync(): Changed from public abstract to protected internal abstract - restricts direct external calls while allowing internal library infrastructure and derived implementations
• RateLimitProvider<T>.AvailableTokens: Changed from public to protected internal - hides implementation detail from external consumers while allowing derived classes to access it
• RateLimitProvider<T>.GetAsync(): Changed from public override to protected internal override - matches the base class access level and restricts visibility

PR checklist

• Read the contribution guidelines.
• Pull Request title clearly describes the work in the pull request and Pull Request description provides details about how to validate the work. Missing information here may result in delayed response from the community.
• Run the following to build the project and update samples:

  ./mvnw clean package || exit
  ./bin/generate-samples.sh ./bin/configs/*.yaml || exit
  ./bin/utils/export_docs_generators.sh || exit
  

  (For Windows users, please run the script in WSL)
  Commit all changed files.
  This is important, as CI jobs will verify all generator outputs of your HEAD commit as it would merge with master.
  These must match the expectations made by your contribution.
  You may regenerate an individual generator by passing the relevant config(s) as an argument to the script, for example ./bin/generate-samples.sh bin/configs/java*.
  IMPORTANT: Do NOT purge/delete any folders/files (e.g. tests) when regenerating the samples as manually written tests may be removed.
• File the PR against the correct branch: master (upcoming 7.x.0 minor release - breaking changes with fallbacks), 8.0.x (breaking changes without fallbacks)
• If your PR solves a reported issue, reference it using GitHub's linking syntax (e.g., having "fixes #123" present in the PR description)
• If your PR is targeting a particular programming language, @mention the technical committee members, so they are more likely to review the pull request.

---

Summary by cubic

Added XML documentation to the C# GenericHost templates and tightened access on internal token APIs to improve IntelliSense and reduce accidental misuse.

• Refactors

  • Added XML docs for TokenBase events/delegates, TokenProvider.GetAsync, and RateLimitProvider.AvailableTokens.
  • Changed TokenProvider.GetAsync from public abstract to protected internal abstract.
  • Changed RateLimitProvider.AvailableTokens from public to protected internal.
  • Updated generated samples to reflect these changes.

• Migration

  • If you were calling GetAsync directly or accessing AvailableTokens, move to the public authentication APIs or subclass the provider as needed.

^{Written for commit bf90de6. Summary will update on new commits.}

[cubic-dev-ai]

No issues found across 144 files

Note: This PR contains a large number of files. cubic only reviews up to 75 files per PR, so some files may not have been reviewed.

[EraYaN]

Not entirely sure why I marked those public in the first place, did some testing and making it protected internal seems to work just fine. Just can't reuse those implementations if you need a token for say a websocket connection or something outside of the API assembly. You'd need to add a method like GetPublicAsync on a deriving type.

We can now implement OAuth client_credential flow in another assembly like this:

Code example

using System;
using System.Collections.Concurrent;
using System.Collections.Generic;
using System.Net.Http;
using System.Threading;
using System.Threading.Tasks;
using Calcasa.Api;
using Calcasa.Api.Client;
using Duende.IdentityModel.Client;
using Microsoft.Extensions.Options;

namespace ApiTest.New;

public class ServiceOAuthTokenProvider : TokenProvider<OAuthToken>
{
    private readonly string ClientId;
    private readonly string ClientSecret;
    private readonly string TokenUrl;
    private readonly HttpClient AuthClient;
    private ConcurrentDictionary<string, (TokenResponse Token, DateTime ExpiresOn)> Tokens;

    public ServiceOAuthTokenProvider(IOptions<ApiOptions> options)
    {
        Tokens = [];
        ClientId = options.Value.ClientId;
        ClientSecret = options.Value.ClientSecret;
        TokenUrl = options.Value.TokenUrl;
        AuthClient = new HttpClient();
    }

    protected override ValueTask<OAuthToken> GetAsync(string header = "", CancellationToken cancellation = default)
    {
        var data = Tokens.GetValueOrDefault(header);

        if (data.Token != null)
        {
            if (!data.Token.IsError || data.ExpiresOn > DateTime.UtcNow)
            {
                return ValueTask.FromResult(new OAuthToken(data.Token.AccessToken));
            }
        }

        var request = new ClientCredentialsTokenRequest
        {
            Address = TokenUrl,
            ClientId = ClientId,
            ClientSecret = ClientSecret,
            ClientCredentialStyle = ClientCredentialStyle.AuthorizationHeader, // Recommended as opposed to secrets in body.
        };

        data.Token = AuthClient.RequestClientCredentialsTokenAsync(request).Result;

        if (data.Token.IsError)
        {
            throw new Exception("Could not refresh token: [" + data.Token.ErrorType + "] " + data.Token.Error + "; " + data.Token.ErrorDescription);
        }
        else
        {
            data.ExpiresOn = DateTime.UtcNow.AddSeconds(data.Token.ExpiresIn);
            Tokens.AddOrUpdate(header, (h) => data, (h, oldData) => data);

            return ValueTask.FromResult(new OAuthToken(data.Token.AccessToken));
        }
    }
}

[devhl-labs]

Glad its working now. You may want to change the || to && and maybe add an await on the call to RequestClientCredentialsTokenAsync.