Skip to content
This repository was archived by the owner on Dec 13, 2018. It is now read-only.
This repository was archived by the owner on Dec 13, 2018. It is now read-only.

Facebook.UserInformationEndpoint + access_token make Invalid Backchannel URL #365

Closed
Closed
Facebook.UserInformationEndpoint + access_token make Invalid Backchannel URL#365
Labels
3 - Donebug
Milestone
 
1.0.0-beta7
@bchavez

Description

@bchavez
bchavez
opened on Jul 20, 2015

When the back-channel URL graph call is constructed here it is possible for Options.UserInformationEndpoint to already contain ?. However, as-is currently ?access_token is appended to the endpoint without checking if ? already exists.

This can lead to an malformed URL API call to Facebook.

For example,

var fops = new FacebookAuthenticationOptions()
    {
        AppId = "appID",
        AppSecret = "Secret",
        Scope = {"public_profile", "email"},
        Provider = new FacebookAuthenticationProvider
            {
                OnAuthenticated = async (ctx) =>
                    {
                        ctx.Identity.AddClaim(new Claim("timezone", ctx.User['timezone'].ToString()));
                    }
            },
        UserInformationEndpoint = "https://graph.facebook.com/me?fields=email,verified,currency,timezone,picture"
    };

Would result in a malformed URL when making a request to Facebook because the URL would contain two ?.

Metadata

Metadata

Assignees

No one assigned

    Labels

    3 - Donebug

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions