Update the Weibo provider to get email address from the emails endpoint

Author: kinosang

src/AspNet.Security.OAuth.Patreon/PatreonAuthenticationHandler.cs

@@ -54,7 +54,7 @@ protected override async Task<AuthenticationTicket> CreateTicketAsync([NotNull]
             var principal = new ClaimsPrincipal(identity);
             var ticket = new AuthenticationTicket(principal, properties, Options.AuthenticationScheme);
 
-            var context = new OAuthCreatingTicketContext(ticket, Context, Options, Backchannel, tokens);
+            var context = new OAuthCreatingTicketContext(ticket, Context, Options, Backchannel, tokens, payload);
             await Options.Events.CreatingTicket(context);
 
             return context.Ticket;

src/AspNet.Security.OAuth.Vkontakte/VkontakteAuthenticationHandler.cs

@@ -49,16 +49,17 @@ protected override async Task<AuthenticationTicket> CreateTicketAsync([NotNull]
             var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
             var user = (JObject) payload["response"][0];
 
-            var ticket = new AuthenticationTicket(new ClaimsPrincipal(identity), properties, Options.AuthenticationScheme);
-            var context = new OAuthCreatingTicketContext(ticket, Context, Options, Backchannel, tokens, user);
-
             identity.AddOptionalClaim(ClaimTypes.NameIdentifier, VkontakteAuthenticationHelper.GetId(user), Options.ClaimsIssuer)
                     .AddOptionalClaim(ClaimTypes.GivenName, VkontakteAuthenticationHelper.GetFirstName(user), Options.ClaimsIssuer)
                     .AddOptionalClaim(ClaimTypes.Surname, VkontakteAuthenticationHelper.GetLastName(user), Options.ClaimsIssuer)
                     .AddOptionalClaim(ClaimTypes.Hash, VkontakteAuthenticationHelper.GetHash(user), Options.ClaimsIssuer)
                     .AddOptionalClaim("urn:vkontakte:photo:link", VkontakteAuthenticationHelper.GetPhoto(user), Options.ClaimsIssuer)
                     .AddOptionalClaim("urn:vkontakte:photo_thumb:link", VkontakteAuthenticationHelper.GetPhotoThumbnail(user), Options.ClaimsIssuer);
 
+            var principal = new ClaimsPrincipal(identity);
+            var ticket = new AuthenticationTicket(principal, properties, Options.AuthenticationScheme);
+
+            var context = new OAuthCreatingTicketContext(ticket, Context, Options, Backchannel, tokens, user);
             await Options.Events.CreatingTicket(context);
 
             return context.Ticket;

src/AspNet.Security.OAuth.Weibo/WeiboAuthenticationDefaults.cs

@@ -47,5 +47,10 @@ public static class WeiboAuthenticationDefaults
         /// Default value for <see cref="OAuthOptions.UserInformationEndpoint"/>.
         /// </summary>
         public const string UserInformationEndpoint = "https://api.weibo.com/2/users/show.json";
+
+        /// <summary>
+        /// Default value for <see cref="WeiboAuthenticationOptions.UserEmailsEndpoint"/>.
+        /// </summary>
+        public const string UserEmailsEndpoint = "https://api.weibo.com/2/account/profile/email.json";
     }
 }

src/AspNet.Security.OAuth.Weibo/WeiboAuthenticationHandler.cs

@@ -5,6 +5,7 @@
  */
 
 using System.Collections.Generic;
+using System.Linq;
 using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Security.Claims;
@@ -61,17 +62,55 @@ protected override async Task<AuthenticationTicket> CreateTicketAsync([NotNull]
                     .AddOptionalClaim("urn:weibo:avatar_large", WeiboAuthenticationHelper.GetAvatarLarge(payload), Options.ClaimsIssuer)
                     .AddOptionalClaim("urn:weibo:avatar_hd", WeiboAuthenticationHelper.GetAvatarHD(payload), Options.ClaimsIssuer)
                     .AddOptionalClaim("urn:weibo:cover_image_phone", WeiboAuthenticationHelper.GetCoverImagePhone(payload), Options.ClaimsIssuer)
-                    .AddOptionalClaim("urn:weibo:location", WeiboAuthenticationHelper.GetLocation(payload), Options.ClaimsIssuer);            
+                    .AddOptionalClaim("urn:weibo:location", WeiboAuthenticationHelper.GetLocation(payload), Options.ClaimsIssuer);
+
+            // When the email address is not public, retrieve it from
+            // the emails endpoint if the user:email scope is specified.
+            if (!string.IsNullOrEmpty(Options.UserEmailsEndpoint) &&
+                !identity.HasClaim(claim => claim.Type == ClaimTypes.Email) && Options.Scope.Contains("user:email"))
+            {
+                identity.AddOptionalClaim(ClaimTypes.Email, await GetEmailAsync(tokens), Options.ClaimsIssuer);
+            }
 
             var principal = new ClaimsPrincipal(identity);
             var ticket = new AuthenticationTicket(principal, properties, Options.AuthenticationScheme);
 
-            var context = new OAuthCreatingTicketContext(ticket, Context, Options, Backchannel, tokens);
+            var context = new OAuthCreatingTicketContext(ticket, Context, Options, Backchannel, tokens, payload);
             await Options.Events.CreatingTicket(context);
 
             return context.Ticket;
         }
 
         protected override string FormatScope() => string.Join(",", Options.Scope);
+
+        protected virtual async Task<string> GetEmailAsync([NotNull] OAuthTokenResponse tokens)
+        {
+            // See http://open.weibo.com/wiki/2/account/profile/email for more information about the /account/profile/email.json endpoint.
+            var address = QueryHelpers.AddQueryString(Options.UserEmailsEndpoint, new Dictionary<string, string>
+            {
+                ["access_token"] = tokens.AccessToken
+            });
+
+            var request = new HttpRequestMessage(HttpMethod.Get, address);
+            request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
+
+            // Failed requests shouldn't cause an error: in this case, return null to indicate that the email address cannot be retrieved.
+            var response = await Backchannel.SendAsync(request, HttpCompletionOption.ResponseHeadersRead, Context.RequestAborted);
+            if (!response.IsSuccessStatusCode)
+            {
+                Logger.LogWarning("An error occurred while retrieving the email address associated with the logged in user: " +
+                                  "the remote server returned a {Status} response with the following payload: {Headers} {Body}.",
+                                  /* Status: */ response.StatusCode,
+                                  /* Headers: */ response.Headers.ToString(),
+                                  /* Body: */ await response.Content.ReadAsStringAsync());
+
+                return null;
+            }
+
+            var payload = JArray.Parse(await response.Content.ReadAsStringAsync());
+
+            return (from email in payload.AsJEnumerable()
+                    select email.Value<string>("email")).FirstOrDefault();
+        }
     }
 }

src/AspNet.Security.OAuth.Weibo/WeiboAuthenticationOptions.cs

@@ -26,6 +26,12 @@ public WeiboAuthenticationOptions()
             UserInformationEndpoint = WeiboAuthenticationDefaults.UserInformationEndpoint;
 
             Scope.Add("email");
-        }       
+        }
+
+        /// <summary>
+        /// Gets or sets the address of the endpoint exposing
+        /// the email addresses associated with the logged in user.
+        /// </summary>
+        public string UserEmailsEndpoint { get; set; } = WeiboAuthenticationDefaults.UserEmailsEndpoint;
     }
 }

src/AspNet.Security.OAuth.Weixin/WeixinAuthenticationHandler.cs

@@ -69,9 +69,9 @@ protected override async Task<AuthenticationTicket> CreateTicketAsync([NotNull]
             var principal = new ClaimsPrincipal(identity);
             var ticket = new AuthenticationTicket(principal, properties, Options.AuthenticationScheme);
 
-            var context = new OAuthCreatingTicketContext(ticket, Context, Options, Backchannel, tokens);
-
+            var context = new OAuthCreatingTicketContext(ticket, Context, Options, Backchannel, tokens, payload);
             await Options.Events.CreatingTicket(context);
+
             return context.Ticket;
         }