From 1280fca2853df290441e754f79b1ce6dbfdb0699 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C3=A9vin=20Chalet?= <kevinchalet@gmail.com>
Date: Tue, 30 Jun 2020 18:31:37 +0200
Subject: [PATCH] Fix the device authorization endpoint to only accept POST
 requests and support client_secret_basic

---
 .../OpenIddictServerAspNetCoreHandlers.Device.cs               | 3 ++-
 src/OpenIddict.Server.Owin/OpenIddictServerOwinHandler.cs      | 2 +-
 .../OpenIddictServerOwinHandlers.Device.cs                     | 3 ++-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Device.cs b/src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Device.cs
index a549da28..fe150e46 100644
--- a/src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Device.cs
+++ b/src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Device.cs
@@ -18,7 +18,8 @@ namespace OpenIddict.Server.AspNetCore
                 /*
                  * Device request extraction:
                  */
-                ExtractGetOrPostRequest<ExtractDeviceRequestContext>.Descriptor,
+                ExtractPostRequest<ExtractDeviceRequestContext>.Descriptor,
+                ExtractBasicAuthenticationCredentials<ExtractDeviceRequestContext>.Descriptor,
 
                 /*
                  * Device response processing:
diff --git a/src/OpenIddict.Server.Owin/OpenIddictServerOwinHandler.cs b/src/OpenIddict.Server.Owin/OpenIddictServerOwinHandler.cs
index f8804289..233e944a 100644
--- a/src/OpenIddict.Server.Owin/OpenIddictServerOwinHandler.cs
+++ b/src/OpenIddict.Server.Owin/OpenIddictServerOwinHandler.cs
@@ -30,7 +30,7 @@ namespace OpenIddict.Server.Owin
         /// <summary>
         /// Creates a new instance of the <see cref="OpenIddictServerOwinHandler"/> class.
         /// </summary>
-        /// <param name="dispatcher">The OpenIddict server provider used by this instance.</param>
+        /// <param name="dispatcher">The OpenIddict server dispatcher used by this instance.</param>
         /// <param name="factory">The OpenIddict server factory used by this instance.</param>
         public OpenIddictServerOwinHandler(
             [NotNull] IOpenIddictServerDispatcher dispatcher,
diff --git a/src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.Device.cs b/src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.Device.cs
index 4303e840..f544df5b 100644
--- a/src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.Device.cs
+++ b/src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.Device.cs
@@ -18,7 +18,8 @@ namespace OpenIddict.Server.Owin
                 /*
                  * Device request extraction:
                  */
-                ExtractGetOrPostRequest<ExtractDeviceRequestContext>.Descriptor,
+                ExtractPostRequest<ExtractDeviceRequestContext>.Descriptor,
+                ExtractBasicAuthenticationCredentials<ExtractDeviceRequestContext>.Descriptor,
 
                 /*
                  * Device response processing: