Fix the device authorization endpoint to only accept POST requests and support client_secret_basic

6 years ago · 1280fca285
3 changed files with 5 additions and 3 deletions
--- a/src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Device.cs
+++ b/src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Device.cs
@ -18,7 +18,8 @@ namespace OpenIddict.Server.AspNetCore
                /*
                 * Device request extraction:
                 */
-                ExtractGetOrPostRequest<ExtractDeviceRequestContext>.Descriptor,
+                ExtractPostRequest<ExtractDeviceRequestContext>.Descriptor,
+                ExtractBasicAuthenticationCredentials<ExtractDeviceRequestContext>.Descriptor,

                /*
                 * Device response processing:
--- a/src/OpenIddict.Server.Owin/OpenIddictServerOwinHandler.cs
+++ b/src/OpenIddict.Server.Owin/OpenIddictServerOwinHandler.cs
@ -30,7 +30,7 @@ namespace OpenIddict.Server.Owin
        /// <summary>
        /// Creates a new instance of the <see cref="OpenIddictServerOwinHandler"/> class.
        /// </summary>
-        /// <param name="dispatcher">The OpenIddict server provider used by this instance.</param>
+        /// <param name="dispatcher">The OpenIddict server dispatcher used by this instance.</param>
        /// <param name="factory">The OpenIddict server factory used by this instance.</param>
        public OpenIddictServerOwinHandler(
            [NotNull] IOpenIddictServerDispatcher dispatcher,
--- a/src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.Device.cs
+++ b/src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.Device.cs
@ -18,7 +18,8 @@ namespace OpenIddict.Server.Owin
                /*
                 * Device request extraction:
                 */
-                ExtractGetOrPostRequest<ExtractDeviceRequestContext>.Descriptor,
+                ExtractPostRequest<ExtractDeviceRequestContext>.Descriptor,
+                ExtractBasicAuthenticationCredentials<ExtractDeviceRequestContext>.Descriptor,

                /*
                 * Device response processing: