From f99002a974106459d8bbb6b990cc820ea3168d05 Mon Sep 17 00:00:00 2001 From: Graeme Wilson <41788999+graemevwilson@users.noreply.github.com> Date: Sat, 23 Sep 2023 05:59:51 +0100 Subject: [PATCH] [csharp] fix authorization header casing issue (#16622) * Capitalise auth scheme irrespective of token_type capitalisation * Changes from generate-samples.sh * Add comment to change --- .../csharp/auth/OAuthAuthenticator.mustache | 12 +++++++++++- .../Client/Auth/OAuthAuthenticator.cs | 12 +++++++++++- .../Client/Auth/OAuthAuthenticator.cs | 12 +++++++++++- .../Client/Auth/OAuthAuthenticator.cs | 12 +++++++++++- .../Client/Auth/OAuthAuthenticator.cs | 12 +++++++++++- .../Client/Auth/OAuthAuthenticator.cs | 12 +++++++++++- .../Client/Auth/OAuthAuthenticator.cs | 12 +++++++++++- .../Client/Auth/OAuthAuthenticator.cs | 12 +++++++++++- 8 files changed, 88 insertions(+), 8 deletions(-) diff --git a/modules/openapi-generator/src/main/resources/csharp/auth/OAuthAuthenticator.mustache b/modules/openapi-generator/src/main/resources/csharp/auth/OAuthAuthenticator.mustache index dcf419c3d55..ae8f3c75391 100644 --- a/modules/openapi-generator/src/main/resources/csharp/auth/OAuthAuthenticator.mustache +++ b/modules/openapi-generator/src/main/resources/csharp/auth/OAuthAuthenticator.mustache @@ -81,7 +81,17 @@ namespace {{packageName}}.Client.Auth .AddParameter("client_id", _clientId) .AddParameter("client_secret", _clientSecret); var response = await client.PostAsync(request).ConfigureAwait(false); - return $"{response.TokenType} {response.AccessToken}"; + + // RFC6749 - token_type is case insensitive. + // RFC6750 - In Authorization header Bearer should be capitalized. + // Fix the capitalization irrespective of token_type casing. + switch (response.TokenType?.ToLower()) + { + case "bearer": + return $"Bearer {response.AccessToken}"; + default: + return $"{response.TokenType} {response.AccessToken}"; + } } } } diff --git a/samples/client/petstore/csharp/OpenAPIClient-ConditionalSerialization/src/Org.OpenAPITools/Client/Auth/OAuthAuthenticator.cs b/samples/client/petstore/csharp/OpenAPIClient-ConditionalSerialization/src/Org.OpenAPITools/Client/Auth/OAuthAuthenticator.cs index d0e9c804f33..f900e716ae8 100644 --- a/samples/client/petstore/csharp/OpenAPIClient-ConditionalSerialization/src/Org.OpenAPITools/Client/Auth/OAuthAuthenticator.cs +++ b/samples/client/petstore/csharp/OpenAPIClient-ConditionalSerialization/src/Org.OpenAPITools/Client/Auth/OAuthAuthenticator.cs @@ -89,7 +89,17 @@ namespace Org.OpenAPITools.Client.Auth .AddParameter("client_id", _clientId) .AddParameter("client_secret", _clientSecret); var response = await client.PostAsync(request).ConfigureAwait(false); - return $"{response.TokenType} {response.AccessToken}"; + + // RFC6749 - token_type is case insensitive. + // RFC6750 - In Authorization header Bearer should be capitalized. + // Fix the capitalization irrespective of token_type casing. + switch (response.TokenType?.ToLower()) + { + case "bearer": + return $"Bearer {response.AccessToken}"; + default: + return $"{response.TokenType} {response.AccessToken}"; + } } } } diff --git a/samples/client/petstore/csharp/OpenAPIClient-net47/src/Org.OpenAPITools/Client/Auth/OAuthAuthenticator.cs b/samples/client/petstore/csharp/OpenAPIClient-net47/src/Org.OpenAPITools/Client/Auth/OAuthAuthenticator.cs index d0e9c804f33..f900e716ae8 100644 --- a/samples/client/petstore/csharp/OpenAPIClient-net47/src/Org.OpenAPITools/Client/Auth/OAuthAuthenticator.cs +++ b/samples/client/petstore/csharp/OpenAPIClient-net47/src/Org.OpenAPITools/Client/Auth/OAuthAuthenticator.cs @@ -89,7 +89,17 @@ namespace Org.OpenAPITools.Client.Auth .AddParameter("client_id", _clientId) .AddParameter("client_secret", _clientSecret); var response = await client.PostAsync(request).ConfigureAwait(false); - return $"{response.TokenType} {response.AccessToken}"; + + // RFC6749 - token_type is case insensitive. + // RFC6750 - In Authorization header Bearer should be capitalized. + // Fix the capitalization irrespective of token_type casing. + switch (response.TokenType?.ToLower()) + { + case "bearer": + return $"Bearer {response.AccessToken}"; + default: + return $"{response.TokenType} {response.AccessToken}"; + } } } } diff --git a/samples/client/petstore/csharp/OpenAPIClient-net48/src/Org.OpenAPITools/Client/Auth/OAuthAuthenticator.cs b/samples/client/petstore/csharp/OpenAPIClient-net48/src/Org.OpenAPITools/Client/Auth/OAuthAuthenticator.cs index d0e9c804f33..f900e716ae8 100644 --- a/samples/client/petstore/csharp/OpenAPIClient-net48/src/Org.OpenAPITools/Client/Auth/OAuthAuthenticator.cs +++ b/samples/client/petstore/csharp/OpenAPIClient-net48/src/Org.OpenAPITools/Client/Auth/OAuthAuthenticator.cs @@ -89,7 +89,17 @@ namespace Org.OpenAPITools.Client.Auth .AddParameter("client_id", _clientId) .AddParameter("client_secret", _clientSecret); var response = await client.PostAsync(request).ConfigureAwait(false); - return $"{response.TokenType} {response.AccessToken}"; + + // RFC6749 - token_type is case insensitive. + // RFC6750 - In Authorization header Bearer should be capitalized. + // Fix the capitalization irrespective of token_type casing. + switch (response.TokenType?.ToLower()) + { + case "bearer": + return $"Bearer {response.AccessToken}"; + default: + return $"{response.TokenType} {response.AccessToken}"; + } } } } diff --git a/samples/client/petstore/csharp/OpenAPIClient-net5.0/src/Org.OpenAPITools/Client/Auth/OAuthAuthenticator.cs b/samples/client/petstore/csharp/OpenAPIClient-net5.0/src/Org.OpenAPITools/Client/Auth/OAuthAuthenticator.cs index d0e9c804f33..f900e716ae8 100644 --- a/samples/client/petstore/csharp/OpenAPIClient-net5.0/src/Org.OpenAPITools/Client/Auth/OAuthAuthenticator.cs +++ b/samples/client/petstore/csharp/OpenAPIClient-net5.0/src/Org.OpenAPITools/Client/Auth/OAuthAuthenticator.cs @@ -89,7 +89,17 @@ namespace Org.OpenAPITools.Client.Auth .AddParameter("client_id", _clientId) .AddParameter("client_secret", _clientSecret); var response = await client.PostAsync(request).ConfigureAwait(false); - return $"{response.TokenType} {response.AccessToken}"; + + // RFC6749 - token_type is case insensitive. + // RFC6750 - In Authorization header Bearer should be capitalized. + // Fix the capitalization irrespective of token_type casing. + switch (response.TokenType?.ToLower()) + { + case "bearer": + return $"Bearer {response.AccessToken}"; + default: + return $"{response.TokenType} {response.AccessToken}"; + } } } } diff --git a/samples/client/petstore/csharp/OpenAPIClient/src/Org.OpenAPITools/Client/Auth/OAuthAuthenticator.cs b/samples/client/petstore/csharp/OpenAPIClient/src/Org.OpenAPITools/Client/Auth/OAuthAuthenticator.cs index d0e9c804f33..f900e716ae8 100644 --- a/samples/client/petstore/csharp/OpenAPIClient/src/Org.OpenAPITools/Client/Auth/OAuthAuthenticator.cs +++ b/samples/client/petstore/csharp/OpenAPIClient/src/Org.OpenAPITools/Client/Auth/OAuthAuthenticator.cs @@ -89,7 +89,17 @@ namespace Org.OpenAPITools.Client.Auth .AddParameter("client_id", _clientId) .AddParameter("client_secret", _clientSecret); var response = await client.PostAsync(request).ConfigureAwait(false); - return $"{response.TokenType} {response.AccessToken}"; + + // RFC6749 - token_type is case insensitive. + // RFC6750 - In Authorization header Bearer should be capitalized. + // Fix the capitalization irrespective of token_type casing. + switch (response.TokenType?.ToLower()) + { + case "bearer": + return $"Bearer {response.AccessToken}"; + default: + return $"{response.TokenType} {response.AccessToken}"; + } } } } diff --git a/samples/client/petstore/csharp/OpenAPIClientCore/src/Org.OpenAPITools/Client/Auth/OAuthAuthenticator.cs b/samples/client/petstore/csharp/OpenAPIClientCore/src/Org.OpenAPITools/Client/Auth/OAuthAuthenticator.cs index d0e9c804f33..f900e716ae8 100644 --- a/samples/client/petstore/csharp/OpenAPIClientCore/src/Org.OpenAPITools/Client/Auth/OAuthAuthenticator.cs +++ b/samples/client/petstore/csharp/OpenAPIClientCore/src/Org.OpenAPITools/Client/Auth/OAuthAuthenticator.cs @@ -89,7 +89,17 @@ namespace Org.OpenAPITools.Client.Auth .AddParameter("client_id", _clientId) .AddParameter("client_secret", _clientSecret); var response = await client.PostAsync(request).ConfigureAwait(false); - return $"{response.TokenType} {response.AccessToken}"; + + // RFC6749 - token_type is case insensitive. + // RFC6750 - In Authorization header Bearer should be capitalized. + // Fix the capitalization irrespective of token_type casing. + switch (response.TokenType?.ToLower()) + { + case "bearer": + return $"Bearer {response.AccessToken}"; + default: + return $"{response.TokenType} {response.AccessToken}"; + } } } } diff --git a/samples/client/petstore/csharp/OpenAPIClientCoreAndNet47/src/Org.OpenAPITools/Client/Auth/OAuthAuthenticator.cs b/samples/client/petstore/csharp/OpenAPIClientCoreAndNet47/src/Org.OpenAPITools/Client/Auth/OAuthAuthenticator.cs index 3239c4b63f4..b0da60f1df6 100644 --- a/samples/client/petstore/csharp/OpenAPIClientCoreAndNet47/src/Org.OpenAPITools/Client/Auth/OAuthAuthenticator.cs +++ b/samples/client/petstore/csharp/OpenAPIClientCoreAndNet47/src/Org.OpenAPITools/Client/Auth/OAuthAuthenticator.cs @@ -89,7 +89,17 @@ namespace Org.OpenAPITools.Client.Auth .AddParameter("client_id", _clientId) .AddParameter("client_secret", _clientSecret); var response = await client.PostAsync(request).ConfigureAwait(false); - return $"{response.TokenType} {response.AccessToken}"; + + // RFC6749 - token_type is case insensitive. + // RFC6750 - In Authorization header Bearer should be capitalized. + // Fix the capitalization irrespective of token_type casing. + switch (response.TokenType?.ToLower()) + { + case "bearer": + return $"Bearer {response.AccessToken}"; + default: + return $"{response.TokenType} {response.AccessToken}"; + } } } }