Allow null Scopes in ExchangeCodeForTokenAsync() (#1488)

* Allow null Scopes Previously, using an initializer with Scopes set to null would crash when CreateAuthorizationCodeRequest() was called. Now, the null Scopes propogates safely through as a null Scope for AuthorizationCodeRequestUrl. This is necessary because some OAuth sites do not recognize the "scope" parameter and will return an error instead of the authorization token if the URL contains it. I have updated the tests and added one for the default authorization code request. * Allow null Scopes in ExchangeCodeForTokenAsync() Added missing code and test for the ExchangeCodeForTokenAsync() method as well.
googleapis · Dec 23, 2019 · c08e1a6 · c08e1a6
1 parent 9483151
commit c08e1a6
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 1 deletion.
diff --git a/Src/Support/Google.Apis.Auth.Tests/OAuth2/Flows/AuthorizationCodeFlowTests.cs b/Src/Support/Google.Apis.Auth.Tests/OAuth2/Flows/AuthorizationCodeFlowTests.cs
@@ -181,6 +181,30 @@ public void TestExchangeCodeForTokenAsync()
             mock.Verify(ds => ds.StoreAsync("uSer", It.IsAny<TokenResponse>()));
         }
 
+        [Fact]
+        public void TestExchangeCodeForTokenAsync_NullScopes()
+        {
+            var mock = new Mock<IDataStore>();
+            var handler = new FetchTokenMessageHandler();
+            handler.AuthorizationCodeTokenRequest = new AuthorizationCodeTokenRequest()
+            {
+                Code = "c0de",
+                RedirectUri = "redIrect",
+                Scope = null
+            };
+            MockHttpClientFactory mockFactory = new MockHttpClientFactory(handler);
+
+            TaskCompletionSource<object> tcs = new TaskCompletionSource<object>();
+            tcs.SetResult(null);
+            mock.Setup(ds => ds.StoreAsync("uSer", It.IsAny<TokenResponse>())).Returns(tcs.Task);
+
+            var flow = CreateFlow(httpClientFactory: mockFactory, scopes: null, dataStore: mock.Object);
+            var response = flow.ExchangeCodeForTokenAsync("uSer", "c0de", "redIrect", CancellationToken.None).Result;
+            SubtestTokenResponse(response);
+
+            mock.Verify(ds => ds.StoreAsync("uSer", It.IsAny<TokenResponse>()));
+        }
+
         [Fact]
         public void TestRefreshTokenAsync()
         {

diff --git a/Src/Support/Google.Apis.Auth/OAuth2/Flows/AuthorizationCodeFlow.cs b/Src/Support/Google.Apis.Auth/OAuth2/Flows/AuthorizationCodeFlow.cs
@@ -242,7 +242,7 @@ public async Task<TokenResponse> ExchangeCodeForTokenAsync(string userId, string
         {
             var authorizationCodeTokenReq = new AuthorizationCodeTokenRequest
             {
-                Scope = string.Join(" ", Scopes),
+                Scope = Scopes == null ? null : string.Join(" ", Scopes),
                 RedirectUri = redirectUri,
                 Code = code,
             };