SolarNetwork/Swarm
2
3
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

🐛 Fix OpenID 2.0 state handling (steam)

Browse Source
This commit is contained in:
LittleSheep
2025-11-04 23:43:43 +08:00
parent 09625335f0
commit 3e98ac29b7
1 changed files with 19 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
DysonNetwork.Pass/Auth/OpenId/SteamOidcService.cs
View File

@@ -1,4 +1,5 @@
using DysonNetwork.Shared.Cache;
using System.Web;
namespace DysonNetwork.Pass.Auth.OpenId;
@@ -25,17 +26,19 @@ public class SteamOidcService(
var config = GetProviderConfig();
var returnUrl = config.RedirectUri;
// Steam OpenID 2.0 doesn't support state parameter directly
// Include state in the return URL as a query parameter
var returnUrlWithState = $"{returnUrl}{(returnUrl.Contains('?') ? '&' : '?')}state={Uri.EscapeDataString(state)}";
// Steam OpenID 2.0 authorization URL construction
var queryParams = new Dictionary<string, string>
{
{ "openid.ns", "http://specs.openid.net/auth/2.0" },
{ "openid.mode", "checkid_setup" },
{ "openid.return_to", returnUrl },
{ "openid.return_to", returnUrlWithState },
{ "openid.realm", new Uri(returnUrl).GetLeftPart(UriPartial.Authority) },
{ "openid.identity", "http://specs.openid.net/auth/2.0/identifier_select" },
{ "openid.claimed_id", "http://specs.openid.net/auth/2.0/identifier_select" },
// Store state in the return URL as a query parameter since Steam doesn't support state directly
{ "openid.state", state }
{ "openid.claimed_id", "http://specs.openid.net/auth/2.0/identifier_select" }
};
var queryString = string.Join("&", queryParams.Select(p => $"{p.Key}={Uri.EscapeDataString(p.Value)}"));
@@ -59,6 +62,18 @@ public class SteamOidcService(
throw new InvalidOperationException("Invalid OpenID response mode");
}
// Extract state from the return_to URL since Steam doesn't support state parameter directly
var returnTo = queryParams.GetValueOrDefault("openid.return_to");
if (!string.IsNullOrEmpty(returnTo))
{
var returnToUri = new Uri(returnTo);
var stateParam = System.Web.HttpUtility.ParseQueryString(returnToUri.Query).Get("state");
if (!string.IsNullOrEmpty(stateParam))
{
callbackData.State = stateParam;
}
}
// Extract Steam ID from claimed_id
var claimedId = queryParams.GetValueOrDefault("openid.claimed_id");
if (string.IsNullOrEmpty(claimedId))