From 7aa465d56878b43409a603cf5384e7614cc35e19 Mon Sep 17 00:00:00 2001 From: Chris Ross Date: Tue, 8 Sep 2020 09:28:06 -0700 Subject: [PATCH] Update OAuth endpoints #327 (#380) --- src/Microsoft.Owin.Security.Facebook/Constants.cs | 7 ++++--- src/Microsoft.Owin.Security.Google/Constants.cs | 3 ++- .../Constants.cs | 1 + .../TwitterAuthenticationHandler.cs | 3 +++ src/Microsoft.Owin/Infrastructure/OwinHelpers.cs | 2 +- tests/Katana.Sandbox.WebServer/Startup.cs | 4 ++-- tests/Microsoft.Owin.Tests/FormsTests.cs | 14 +++++++++----- 7 files changed, 22 insertions(+), 12 deletions(-) diff --git a/src/Microsoft.Owin.Security.Facebook/Constants.cs b/src/Microsoft.Owin.Security.Facebook/Constants.cs index 9d80f70e..4ef9e04a 100644 --- a/src/Microsoft.Owin.Security.Facebook/Constants.cs +++ b/src/Microsoft.Owin.Security.Facebook/Constants.cs @@ -7,8 +7,9 @@ internal static class Constants { public const string DefaultAuthenticationType = "Facebook"; - internal const string AuthorizationEndpoint = "https://www.facebook.com/v2.8/dialog/oauth"; - internal const string TokenEndpoint = "https://graph.facebook.com/v2.8/oauth/access_token"; - internal const string UserInformationEndpoint = "https://graph.facebook.com/v2.8/me"; + // https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow#login + internal const string AuthorizationEndpoint = "https://www.facebook.com/v8.0/dialog/oauth"; + internal const string TokenEndpoint = "https://graph.facebook.com/v8.0/oauth/access_token"; + internal const string UserInformationEndpoint = "https://graph.facebook.com/v8.0/me"; } } diff --git a/src/Microsoft.Owin.Security.Google/Constants.cs b/src/Microsoft.Owin.Security.Google/Constants.cs index c153fd3a..24f34a72 100644 --- a/src/Microsoft.Owin.Security.Google/Constants.cs +++ b/src/Microsoft.Owin.Security.Google/Constants.cs @@ -7,8 +7,9 @@ internal static class Constants { internal const string DefaultAuthenticationType = "Google"; + // https://developers.google.com/identity/protocols/oauth2/web-server#httprest internal const string AuthorizationEndpoint = "https://accounts.google.com/o/oauth2/v2/auth"; - internal const string TokenEndpoint = "https://www.googleapis.com/oauth2/v4/token"; + internal const string TokenEndpoint = "https://oauth2.googleapis.com/token"; internal const string UserInformationEndpoint = "https://www.googleapis.com/oauth2/v2/userinfo"; } } diff --git a/src/Microsoft.Owin.Security.MicrosoftAccount/Constants.cs b/src/Microsoft.Owin.Security.MicrosoftAccount/Constants.cs index e80df415..e5b242ef 100644 --- a/src/Microsoft.Owin.Security.MicrosoftAccount/Constants.cs +++ b/src/Microsoft.Owin.Security.MicrosoftAccount/Constants.cs @@ -7,6 +7,7 @@ internal static class Constants { internal const string DefaultAuthenticationType = "Microsoft"; + // https://developer.microsoft.com/en-us/graph/docs/concepts/auth_v2_user internal const string AuthorizationEndpoint = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"; internal const string TokenEndpoint = "https://login.microsoftonline.com/common/oauth2/v2.0/token"; internal const string UserInformationEndpoint = "https://graph.microsoft.com/v1.0/me"; diff --git a/src/Microsoft.Owin.Security.Twitter/TwitterAuthenticationHandler.cs b/src/Microsoft.Owin.Security.Twitter/TwitterAuthenticationHandler.cs index 1935a7af..3198d964 100644 --- a/src/Microsoft.Owin.Security.Twitter/TwitterAuthenticationHandler.cs +++ b/src/Microsoft.Owin.Security.Twitter/TwitterAuthenticationHandler.cs @@ -21,8 +21,11 @@ internal class TwitterAuthenticationHandler : AuthenticationHandler form = new Dictionary(StringComparer.OrdinalIgnoreCase); var accumulator = new Dictionary>(StringComparer.OrdinalIgnoreCase); - ParseDelimited(text, new[] { '&' }, AppendItemCallback, decodePlus: false, decodeKey: true, state: accumulator); + ParseDelimited(text, new[] { '&' }, AppendItemCallback, decodePlus: true, decodeKey: true, state: accumulator); foreach (var kv in accumulator) { form.Add(kv.Key, kv.Value.ToArray()); diff --git a/tests/Katana.Sandbox.WebServer/Startup.cs b/tests/Katana.Sandbox.WebServer/Startup.cs index 235ea7ee..34389d87 100644 --- a/tests/Katana.Sandbox.WebServer/Startup.cs +++ b/tests/Katana.Sandbox.WebServer/Startup.cs @@ -136,13 +136,13 @@ public void Configuration(IAppBuilder app) app.UseOpenIdConnectAuthentication(new Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectAuthenticationOptions() { // https://github.com/IdentityServer/IdentityServer4.Demo/blob/master/src/IdentityServer4Demo/Config.cs - ClientId = "server.hybrid", + ClientId = "hybrid", ClientSecret = "secret", // for code flow Authority = "https://demo.identityserver.io/", + RedirectUri = "https://localhost:44318/signin-oidc", /* Authority = Environment.GetEnvironmentVariable("oidc:authority"), ClientId = Environment.GetEnvironmentVariable("oidc:clientid"), - RedirectUri = "https://localhost:44318/", ClientSecret = Environment.GetEnvironmentVariable("oidc:clientsecret"),*/ // CookieManager = new SystemWebCookieManager(), CookieManager = new SameSiteCookieManager(), diff --git a/tests/Microsoft.Owin.Tests/FormsTests.cs b/tests/Microsoft.Owin.Tests/FormsTests.cs index 873becee..ba442ac2 100644 --- a/tests/Microsoft.Owin.Tests/FormsTests.cs +++ b/tests/Microsoft.Owin.Tests/FormsTests.cs @@ -14,7 +14,7 @@ public class FormsTests private static readonly string[] RawValues = new[] { "v1", "v2, v3", "\"v4, b\"", "v5, v6", "v7", }; private const string JoinedValues = "v1,v2, v3,\"v4, b\",v5, v6,v7"; - private const string OriginalFormsString = "q1=v1&q2=v2,b&q3=v3&q3=v4&q4&q5=v5&q5=v+5"; + private const string OriginalFormsString = "q1=v1&q2=v2,b&q3=v3&q3=v4&q4&q5=v5&q5=v5&q+6=v+6"; [Fact] public void ParseForm() @@ -30,7 +30,8 @@ public void ParseForm() Assert.Equal("v2,b", form.Get("Q2")); Assert.Equal("v3,v4", form.Get("q3")); Assert.Null(form.Get("q4")); - Assert.Equal("v5,v+5", form.Get("Q5")); + Assert.Equal("v5,v5", form.Get("Q5")); + Assert.Equal("v 6", form.Get("Q 6")); Assert.True(stream.CanRead); } @@ -89,7 +90,8 @@ public void ReadFromStream() Assert.Equal("v2,b", form.Get("Q2")); Assert.Equal("v3,v4", form.Get("q3")); Assert.Null(form.Get("q4")); - Assert.Equal("v5,v+5", form.Get("Q5")); + Assert.Equal("v5,v5", form.Get("Q5")); + Assert.Equal("v 6", form.Get("Q 6")); } [Fact] @@ -107,14 +109,16 @@ public void ReadFromStreamTwice() Assert.Equal("v2,b", form.Get("Q2")); Assert.Equal("v3,v4", form.Get("q3")); Assert.Null(form.Get("q4")); - Assert.Equal("v5,v+5", form.Get("Q5")); + Assert.Equal("v5,v5", form.Get("Q5")); + Assert.Equal("v 6", form.Get("Q 6")); form = request.ReadFormAsync().Result; Assert.Equal("v1", form.Get("q1")); Assert.Equal("v2,b", form.Get("Q2")); Assert.Equal("v3,v4", form.Get("q3")); Assert.Null(form.Get("q4")); - Assert.Equal("v5,v+5", form.Get("Q5")); + Assert.Equal("v5,v5", form.Get("Q5")); + Assert.Equal("v 6", form.Get("Q 6")); } } }