Verify external providers are using latest APIs #4684
Comments
|
What is the definition for an 'External login provider'? |
|
Like Google, Facebook, Twitter, MicrosoftAccount etc. |
|
Let's have a look in RC2. |
|
MSA: aspnet/Security#691 |
|
Google Token Endpoint to v4: aspnet/Security#829 |
|
FB to v2.6 aspnet/Security#828 |
|
Twitter looks fine |
|
Reviving for the next release. |
|
Its the zombie issue, that will never die... |
|
@Tratcher - anything we need to do for 2.0 RTM? |
|
I did a pass recently and filed some non-blocking bugs linked above. Move this to 2.1? We should avoid ever putting this issue in the backlog, only the next release. |
|
Ok. |
|
Bringing this front and center. Facebook is now at 2.12 and 2.6 will expire in July this year. |
|
See aspnet/Security#1306 for Facebook |
|
Facebook and Google fixed for 2.1. Twitter and MSA do not appear to require any updates. Punting this zombie issue to 2.2.0. |
Tratcher
added
affected-most
|
Updated Facebook to v11 for .NET 6 rc2. Other providers are up to date. Revisit late in .NET 7. |
|
Thanks for contacting us. We're moving this issue to the |
|
Both Google and Facebook support PKCE now: Should |
|
@FranklinWhale have you tried it? If it works feel free to send us a PR. |
Ya, both of them can detect invalid code verifier. I will submit a PR later :) Should the tests for Google and Facebook be similar to the one for Microsoft account in #10928? |
|
Yes, the tests will look similar to the Microsoft ones. |
RTM milestone.
External login providers routinely update their APIs and deprecate the old ones. Before we ship RTM we need to verify that each of our implementations is targeting the latest provider API versions to ensure our packages have the longest useful lifespan.
Example: #85
The text was updated successfully, but these errors were encountered: