OAuthV3 Support for authentication providers

[thabaum]

Description

OAuthV3 is now the latests version of OAuth supported by Authentication Providers such as Facebook, Twitters, ect.

DNN Platform/Library/Services/Authentication/OAuth/OAuthClientBase.cs

Supports up to OAuthV2 line 213

Current providers for Facebook, Twitter... fail to work as needed to allow login/registration.

• [x ] 9.2.1
• [x ] 9.2.0
• [x ] 9.1.1
• [x ] 9.1
• [x ] 9.0

Affected browser

• Chrome
• Firefox
• Safari
• Internet Explorer
• Edge

[thabaum]

InnerMessage:Object reference not set to an instance of an object.

InnerStackTrace:

at DotNetNuke.Services.Authentication.OAuth.OAuthClientBase.ExecuteWebRequest(HttpMethod method, Uri uri, String parameters, String authHeader) at DotNetNuke.Services.Authentication.OAuth.OAuthClientBase.ExchangeCodeForToken() at DotNetNuke.Services.Authentication.OAuth.OAuthClientBase.AuthorizeV2() at DotNetNuke.Services.Authentication.OAuth.OAuthLoginBase.OnLoad(EventArgs e) at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

[thabaum]

#1897

Not sure if this PR is related...

Maybe something here:

https://github.com/dnnsoftware/Dnn.Platform/blob/development/DNN%20Platform/Library/Services/Authentication/OAuth/OAuthLoginBase.cs

` protected override void OnLoad(EventArgs e)
{
base.OnLoad(e);

        if (!IsPostBack)
        {
            //Save the return Url in the cookie
            HttpContext.Current.Response.Cookies.Set(new HttpCookie("returnurl", RedirectURL)
            {
                Expires = DateTime.Now.AddMinutes(5),
                Path = (!string.IsNullOrEmpty(Globals.ApplicationPath) ? Globals.ApplicationPath : "/")
            });
        }


        bool shouldAuthorize = OAuthClient.IsCurrentService() && OAuthClient.HaveVerificationCode();
        if(Mode == AuthMode.Login)
        {
            shouldAuthorize = shouldAuthorize || OAuthClient.IsCurrentUserAuthorized();
        }


        if (shouldAuthorize)
        {
            if (OAuthClient.Authorize() == AuthorisationResult.Authorized)
            {
                OAuthClient.AuthenticateUser(GetCurrentUser(), PortalSettings, IPAddress, AddCustomProperties, OnUserAuthenticated);
            }
        }
    }`

[valadas]

@thabaum did #2479 fix this for facebook too or this issue is still needed ?

[SkyeHoefling]

@valadas there is no support for OAuthV3 in the DNN Authentication Providers. While I haven't looked into the OAuth V3 specification we should add new V3 APIs to the provider to make it easier to integrate with. Any change that has been made to current providers is most likely a work-around to support the new specification. We should investigate and make some decisions on how we want to proceed.

If OAuth 3.0 is starting to be adopted throughout the industry we should try and get this done by 10.0 if not sooner

Edit

After doing some quick research it doesn't appear that there is an OAuth 3.0 spec. Is there any docs anyone can provide on this?

[valadas]

Cool, I gonna make this an enhancement then

[thabaum]

This killed my web community when I made this report... so many users still cannot log I am sure gave up by now. I had to remove all authentication providers and I am pretty scared to add them again and embarrassed me trying to launch a community site that was taking off. I do look forward to the enhancement. thank you!

[valadas]

OAuth 3 is in progress unless someone has other news, I am closing this issue for now, if news change, feel free to comment and I will re-open