New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
State value in callback query doesn't compared with session stored value #218
Comments
Hi @AlexanderSysoev - thanks for filing this issue. can you please give some sample data where this fails the check, so I can understand the problem more. plz? |
@PureKrome I've not tested yet, but I didn't find any comparison inside this region: |
OK - so what you're saying is that I'm missing the state check in this part of the code? (still trying to grok the problem) |
Exactly |
Ok - ta. gotcha! Phew :) BTW - how did you figure this out? |
@PureKrome sorry for my bad communication skills)
Just viewing the code) |
At BaseOAuth20Provider.cs:
May be this line of code needed:
callbackState.Equals(state, StringComparison.OrdinalIgnoreCase)
The text was updated successfully, but these errors were encountered: