Add QuickBooks Online to the list of supported providers

3 years ago · 8634f7b0f9
4 changed files with 31 additions and 13 deletions
--- a/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.Discovery.cs
+++ b/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.Discovery.cs
@ -92,7 +92,7 @@ public static partial class OpenIddictClientWebIntegrationHandlers
                // authorization code or implicit flows). To work around that, the list of supported grant
                // types is amended to include the known supported types for the providers that require it.

-                if (context.Registration.ProviderName is Providers.Apple)
+                if (context.Registration.ProviderName is Providers.Apple or Providers.QuickBooksOnline)
                {
                    context.Configuration.GrantTypesSupported.Add(GrantTypes.AuthorizationCode);
                    context.Configuration.GrantTypesSupported.Add(GrantTypes.RefreshToken);
--- a/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.Userinfo.cs
+++ b/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.Userinfo.cs
@ -116,20 +116,21 @@ public static partial class OpenIddictClientWebIntegrationHandlers
                // and require sending the access token as part of the userinfo request payload
                // or using a non-standard authentication scheme (e.g OAuth instead of Bearer).

-                (context.Request.AccessToken, request.Headers.Authorization) = context.Registration.ProviderName switch
+                // These providers require sending the access token as part of the request payload.
+                if (context.Registration.ProviderName is Providers.Deezer or Providers.Mixcloud or Providers.StackExchange)
                {
-                    // These providers require sending the access token as part of the request payload.
-                    Providers.Deezer   or
-                    Providers.Mixcloud or
-                    Providers.StackExchange
-                        => (request.Headers.Authorization?.Parameter, null),
+                    context.Request.AccessToken = request.Headers.Authorization?.Parameter;

-                    // Trovo requires using the "OAuth" scheme instead of the standard "Bearer" value.
-                    Providers.Trovo
-                        => (null, new AuthenticationHeaderValue("OAuth", request.Headers.Authorization?.Parameter)),
+                    // Remove the access token from the request headers to ensure it's not sent twice.
+                    request.Headers.Authorization = null;
+                }

-                    _ => (context.Request.AccessToken, request.Headers.Authorization)
-                };
+                // Trovo requires using the "OAuth" scheme instead of the standard "Bearer" value.
+                else if (context.Registration.ProviderName is Providers.Trovo)
+                {
+                    request.Headers.Authorization = new AuthenticationHeaderValue("OAuth",
+                        request.Headers.Authorization?.Parameter);
+                }

                return default;
            }
--- a/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.cs
+++ b/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.cs
@ -391,7 +391,7 @@ public static partial class OpenIddictClientWebIntegrationHandlers
            context.DisableBackchannelIdentityTokenNonceValidation = context.Registration.ProviderName switch
            {
                // These providers don't include the nonce in their identity tokens:
-                Providers.Asana or Providers.Dropbox => true,
+                Providers.Asana or Providers.Dropbox or Providers.QuickBooksOnline => true,

                _ => context.DisableBackchannelIdentityTokenNonceValidation
            };
--- a/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationProviders.xml
+++ b/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationProviders.xml
@ -482,6 +482,23 @@
             Description="The TLS client certificate that will be used with the backchannel endpoints (while not enforced yet, its use is strongly recommended)" />
  </Provider>

+  <!--
+              ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
+              ██ ▄▄ ██ ██ █▄ ▄██ ▄▄▀██ █▀▄██ ▄▄▀██ ▄▄▄ ██ ▄▄▄ ██ █▀▄██ ▄▄▄ ████ ▄▄▄ ██ ▀██ ██ ████▄ ▄██ ▀██ ██ ▄▄▄██
+              ██ ██ ██ ██ ██ ███ █████ ▄▀███ ▄▄▀██ ███ ██ ███ ██ ▄▀███▄▄▄▀▀████ ███ ██ █ █ ██ █████ ███ █ █ ██ ▄▄▄██
+              ██▄▄ ▀██▄▀▀▄█▀ ▀██ ▀▀▄██ ██ ██ ▀▀ ██ ▀▀▀ ██ ▀▀▀ ██ ██ ██ ▀▀▀ ████ ▀▀▀ ██ ██▄ ██ ▀▀ █▀ ▀██ ██▄ ██ ▀▀▀██
+              ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+  -->
+
+  <Provider Name="QuickBooksOnline" DisplayName="QuickBooks Online"
+            Documentation="https://developer.intuit.com/app/developer/qbo/docs/develop/authentication-and-authorization/openid-connect">
+    <Environment Name="Production" Issuer="https://oauth.platform.intuit.com/op/v1"
+                 ConfigurationEndpoint="https://developer.api.intuit.com/.well-known/openid_configuration" />
+
+    <Environment Name="Sandbox" Issuer="https://oauth.platform.intuit.com/op/v1"
+                 ConfigurationEndpoint="https://developer.api.intuit.com/.well-known/openid_sandbox_configuration" />
+  </Provider>
+
  <!--
                                            ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
                                            ██ ▄▄▀██ ▄▄▄██ ▄▄▀██ ▄▄▀█▄ ▄█▄▄ ▄▄██