Skip to content

Add Yandex and VK ID web providers #2244

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
kevinchalet merged 24 commits into from
Feb 10, 2025
+180 −26
Merged

Add Yandex and VK ID web providers #2244

Show file tree
Hide file tree
Changes from 9 commits
Commits
Show all changes
24 commits
Select commit Hold shift + click to select a range
fef62b1
1. Add Yandex and VkId driver to WebProviders list
Jan 16, 2025
3bd47c8
1. Attach device_id for VkId web provider throw authorization proccess
Jan 16, 2025
4295844
1. Add comments for added code
Jan 20, 2025
5717822
1. Change documentation language path to english
Jan 20, 2025
01d8295
Update src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegr…
t1moH1ch Jan 21, 2025
5de9da4
Update src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegr…
t1moH1ch Jan 21, 2025
cdd3b49
Update src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegr…
t1moH1ch Jan 21, 2025
17e8ac9
Update src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegr…
t1moH1ch Jan 21, 2025
924a61b
Update src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegr…
t1moH1ch Jan 21, 2025
9ccc2f1
Add VkId web provider to non-standard unwrap userinfo method
Feb 4, 2025
e34fb14
1. Add test data for Yandex and VK ID web providers to the sanbox con…
Feb 5, 2025
d37dc0a
Merge branch 'dev' into dev
t1moH1ch Feb 5, 2025
0dd3c37
add context request null check
Feb 10, 2025
bb0b75c
changed grant types location for yandex web provider
Feb 10, 2025
f937100
Update the VK ID provider to support attaching the device identifier …
kevinchalet Feb 10, 2025
da82d11
Tweak the device identifier attachment logic
kevinchalet Feb 10, 2025
04e66fe
Add an event handler responsible for mapping non-standard revocation …
kevinchalet Feb 10, 2025
dee55da
Fix the invalid provider identifier
kevinchalet Feb 10, 2025
ac02954
Flow the device identifier to Yandex's revocation endpoint
kevinchalet Feb 10, 2025
d9732c8
Update the Yandex provider to allow specifying a device_id/device_name
kevinchalet Feb 10, 2025
78925d4
add device id and device name to yandex registration
Feb 10, 2025
beb9538
add revocation support for VK ID web provider
Feb 10, 2025
f407ff1
Revert "add device id and device name to yandex registration"
Feb 10, 2025
b246954
Remove the VK ID/Yandex credentials
kevinchalet Feb 10, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.Userinfo.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -236,6 +236,12 @@ public ValueTask HandleAsync(PrepareUserInfoRequestContext context)
context.Request["f"] = "json";
}

// VK ID requires attaching the "client_id" parameter to userinfo requests.
else if (context.Registration.ProviderType is ProviderTypes.VkId)
{
context.Request.ClientId = context.Registration.ClientId;
}

return default;
}
}
Expand Down
7 changes: 7 additions & 0 deletions src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -640,6 +640,13 @@ public ValueTask HandleAsync(ProcessAuthenticationContext context)
context.TokenRequest.UserCode = code;
}

// VK ID requires flowing the non-standard "device_id" parameter
// from authorization responses to token requests.
else if (context.Registration.ProviderType is ProviderTypes.VkId)
{
context.TokenRequest["device_id"] = context.Request["device_id"];
}

return default;
}
}
Expand Down
37 changes: 37 additions & 0 deletions src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationProviders.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2045,6 +2045,25 @@
</Environment>
</Provider>

<!--
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
██ ███ █ █▀▄████▄ ▄██ ▄▄▀██
███ █ ██ ▄▀██████ ███ ██ ██
███▄▀▄██ ██ ████▀ ▀██ ▀▀ ██
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
-->

<Provider Name="VkId" Id="9bf89c19-401b-4076-893e-a4136e719432"
Documentation="https://id.vk.com/about/business/go/docs/en/vkid/latest/oauth-vk">
<Environment Issuer="https://id.vk.com/">
<Configuration AuthorizationEndpoint="https://id.vk.com/authorize"
TokenEndpoint="https://id.vk.com/oauth2/auth"
UserInfoEndpoint="https://id.vk.com/oauth2/user_info">
<CodeChallengeMethod Value="S256" />
</Configuration>
</Environment>
</Provider>

<!--
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
██ ███ ██ ▄▄▄██ ▄▄▀██ ▄▄▄█▄▀█▀▄██
Expand Down Expand Up @@ -2173,6 +2192,24 @@
<Provider Name="Yahoo" Id="874d78ec-3d79-4492-ab79-76a7dd7fa0b5"
Documentation="https://developer.yahoo.com/oauth2/guide/openid_connect/">
<Environment Issuer="https://api.login.yahoo.com/" />
</Provider>

<!--
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
██ ███ █ ▄▄▀██ ▀██ ██ ▄▄▀██ ▄▄▄██▄▀█▀▄██
██▄▀▀▀▄█ ▀▀ ██ █ █ ██ ██ ██ ▄▄▄████ ████
████ ███ ██ ██ ██▄ ██ ▀▀ ██ ▀▀▀██▀▄█▄▀██
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
-->

<Provider Name="Yandex" Id="313298d4-d210-4541-a348-96ced013dab1"
Documentation="https://yandex.ru/dev/id/doc/en/">
<Environment Issuer="https://oauth.yandex.ru/">
<Configuration AuthorizationEndpoint="https://oauth.yandex.ru/authorize"
RevokationEndpoint="https://oauth.yandex.ru/revoke_token"
Copy link
Member

@kevinchalet kevinchalet Feb 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Assuming Yandex's documentation is correct, their endpoint is not a standard OAuth 2.0 revocation endpoint: it uses an access_token parameter instead of the standard token (see https://yandex.ru/dev/id/doc/en/tokens/token-invalidate).

Can you please try with the sandbox console app to see if it works or not? If it doesn't, I'll add an event handler to take care of the standard -> non-standard parameter mapping.

Copy link
Member

@kevinchalet kevinchalet Feb 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did you give it a try? 😃

Copy link
Contributor Author

@t1moH1ch t1moH1ch Feb 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mmm, the token update method returned an error
yandex

VK ID doesn`t allow any ports except 443.

Copy link
Member

@kevinchalet kevinchalet Feb 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mmm, the token update method returned an error

Ah yeah, sorry: that's because the two <GrantType> nodes are not under <Configuration> (they are currently under <Environment>, which is not valid). Fix that and the error should go away.

Copy link
Member

@kevinchalet kevinchalet Feb 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

VK ID doesn`t allow any ports except 443.

According to their documentation, it seems they also allow HTTP port 80 during development:

image

You can force the OpenIddict.Sandbox.Console.Client sample to listen on specific ports by using options.UseSystemIntegration().SetAllowedEmbeddedWebServerPorts(80). If you get an error, make sure the port is not busy/taken by a different app when starting the demo app.

Copy link
Member

@kevinchalet kevinchalet Feb 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adding the authentication property as mentioned in the message doesn't work? See #2244 (comment)

Copy link
Contributor Author

@t1moH1ch t1moH1ch Feb 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, my mistake. All works fine👍

Copy link
Contributor Author

@t1moH1ch t1moH1ch Feb 10, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

else if (context.Registration.ProviderType is ProviderTypes.VkId)
{
    context.TokenRequest["device_id"] = context.GrantType switch
    {
        GrantTypes.AuthorizationCode or GrantTypes.Implicit => context.Request["device_id"],

        _ when context.Properties.TryGetValue(VkId.Properties.DeviceId, out string? identifier) &&
            !string.IsNullOrEmpty(identifier) => identifier,

        _ => throw new InvalidOperationException(SR.GetResourceString(SR.ID0467))
    };
}

Hmmm, for now this code make an exception. For refresh method only in VK ID

Copy link
Member

@kevinchalet kevinchalet Feb 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmmm, for now this code make an exception. For refresh method only

You added #2244 (comment) so the device identifier is attached as an authentication property, right?

Copy link
Contributor Author

@t1moH1ch t1moH1ch Feb 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, it's all ok. Sorry please, i use previous version - this missed. I checked everything again, all works fine 👍

TokenEndpoint="https://oauth.yandex.ru/token"
UserInfoEndpoint="https://login.yandex.ru/info" />
</Environment>
</Provider>

<!--
Expand Down