Update the Steam provider to support the new HTTPS user identifier namespace

kevinchalet · kevinchalet · commit a0badc8c30f6 · 2018-04-11T12:54:54.000+02:00
diff --git a/src/AspNet.Security.OpenId.Steam/SteamAuthenticationConstants.cs b/src/AspNet.Security.OpenId.Steam/SteamAuthenticationConstants.cs
@@ -10,7 +10,8 @@ public static class SteamAuthenticationConstants
     {
         public static class Namespaces
         {
-            public const string Identifier = "http://steamcommunity.com/openid/id/";
+            public const string Identifier = "https://steamcommunity.com/openid/id/";
+            public const string LegacyIdentifier = "http://steamcommunity.com/openid/id/";
         }
 
         public static class Parameters
diff --git a/src/AspNet.Security.OpenId.Steam/SteamAuthenticationHandler.cs b/src/AspNet.Security.OpenId.Steam/SteamAuthenticationHandler.cs
@@ -56,8 +56,20 @@ protected override async Task<AuthenticationTicket> CreateTicketAsync(
                 return ticket;
             }
 
+            // Note: prior to April 2018, the Steam identifier was prefixed with an HTTP base address.
+            // Since then, the prefix is now an HTTPS address. The following logic supports both prefixes.
+            if (identifier.StartsWith(SteamAuthenticationConstants.Namespaces.Identifier, StringComparison.Ordinal))
+            {
+                identifier = identifier.Substring(SteamAuthenticationConstants.Namespaces.Identifier.Length);
+            }
+
+            else if (identifier.StartsWith(SteamAuthenticationConstants.Namespaces.LegacyIdentifier, StringComparison.Ordinal))
+            {
+                identifier = identifier.Substring(SteamAuthenticationConstants.Namespaces.LegacyIdentifier.Length);
+            }
+
             // Return the authentication ticket as-is if the claimed identifier is malformed.
-            if (!identifier.StartsWith(SteamAuthenticationConstants.Namespaces.Identifier, StringComparison.Ordinal))
+            else
             {
                 Logger.LogWarning("The userinfo request was skipped because an invalid identifier was received: {Identifier}.", identifier);
 
@@ -67,7 +79,7 @@ protected override async Task<AuthenticationTicket> CreateTicketAsync(
             var address = QueryHelpers.AddQueryString(Options.UserInformationEndpoint, new Dictionary<string, string>
             {
                 [SteamAuthenticationConstants.Parameters.Key] = Options.ApplicationKey,
-                [SteamAuthenticationConstants.Parameters.SteamId] = identifier.Substring(SteamAuthenticationConstants.Namespaces.Identifier.Length)
+                [SteamAuthenticationConstants.Parameters.SteamId] = identifier
             });
 
             var request = new HttpRequestMessage(HttpMethod.Get, address);

Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,8 @@ public static class SteamAuthenticationConstants`
`10`	`10`	`{`
`11`	`11`	`public static class Namespaces`
`12`	`12`	`{`
`13`		`- public const string Identifier = "http://steamcommunity.com/openid/id/";`
	`13`	`+ public const string Identifier = "https://steamcommunity.com/openid/id/";`
	`14`	`+ public const string LegacyIdentifier = "http://steamcommunity.com/openid/id/";`
`14`	`15`	`}`
`15`	`16`
`16`	`17`	`public static class Parameters`