Introduce a force_verify option in the Twitch provider

zAfLu · kevinchalet · commit 4b822c190e1e · 2019-01-20T15:00:39.000+01:00
diff --git a/src/AspNet.Security.OAuth.Twitch/TwitchAuthenticationHandler.cs b/src/AspNet.Security.OAuth.Twitch/TwitchAuthenticationHandler.cs
@@ -4,6 +4,7 @@
  * for more information concerning the license and the contributors participating to this project.
  */
 
+using System.Collections.Generic;
 using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Security.Claims;
@@ -13,6 +14,7 @@
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.OAuth;
 using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.AspNetCore.WebUtilities;
 using Microsoft.Extensions.Logging;
 using Newtonsoft.Json.Linq;
 using static AspNet.Security.OAuth.Twitch.TwitchAuthenticationConstants;
@@ -26,6 +28,17 @@ public TwitchAuthenticationHandler([NotNull] HttpClient client)
         {
         }
 
+        protected override string BuildChallengeUrl(AuthenticationProperties properties, string redirectUri)
+            => QueryHelpers.AddQueryString(Options.AuthorizationEndpoint, new Dictionary<string, string>
+            {
+                ["client_id"] = Options.ClientId,
+                ["scope"] = FormatScope(),
+                ["response_type"] = "code",
+                ["redirect_uri"] = redirectUri,
+                ["state"] = Options.StateDataFormat.Protect(properties),
+                ["force_verify"] = Options.ForceVerify ? "true" : "false"
+            });
+
         protected override async Task<AuthenticationTicket> CreateTicketAsync([NotNull] ClaimsIdentity identity,
             [NotNull] AuthenticationProperties properties, [NotNull] OAuthTokenResponse tokens)
         {
diff --git a/src/AspNet.Security.OAuth.Twitch/TwitchAuthenticationOptions.cs b/src/AspNet.Security.OAuth.Twitch/TwitchAuthenticationOptions.cs
@@ -28,5 +28,12 @@ public TwitchAuthenticationOptions()
 
             Scope.Add("user:read:email");
         }
+
+        /// <summary>
+        /// Gets or sets a boolean indicating whether the "force_verify=true" flag should be sent to Twitch.
+        /// When set to <c>true</c>, Twitch displays the consent screen for every authorization request.
+        /// When left to <c>false</c>, the consent screen is skipped if the user is already logged in.
+        /// </summary>
+        public bool ForceVerify { get; set; }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -28,5 +28,12 @@ public TwitchAuthenticationOptions()`
`28`	`28`
`29`	`29`	`Scope.Add("user:read:email");`
`30`	`30`	`}`
	`31`	`+`
	`32`	`+ /// <summary>`
	`33`	`+ /// Gets or sets a boolean indicating whether the "force_verify=true" flag should be sent to Twitch.`
	`34`	`+ /// When set to <c>true</c>, Twitch displays the consent screen for every authorization request.`
	`35`	`+ /// When left to <c>false</c>, the consent screen is skipped if the user is already logged in.`
	`36`	`+ /// </summary>`
	`37`	`+ public bool ForceVerify { get; set; }`
`31`	`38`	`}`
`32`	`39`	`}`