Facebook.UserInformationEndpoint + access_token make Invalid Backchannel URL

[bchavez]

When the back-channel URL graph call is constructed here it is possible for Options.UserInformationEndpoint to already contain ?. However, as-is currently ?access_token is appended to the endpoint without checking if ? already exists.

This can lead to an malformed URL API call to Facebook.

For example,

var fops = new FacebookAuthenticationOptions()
    {
        AppId = "appID",
        AppSecret = "Secret",
        Scope = {"public_profile", "email"},
        Provider = new FacebookAuthenticationProvider
            {
                OnAuthenticated = async (ctx) =>
                    {
                        ctx.Identity.AddClaim(new Claim("timezone", ctx.User['timezone'].ToString()));
                    }
            },
        UserInformationEndpoint = "https://graph.facebook.com/me?fields=email,verified,currency,timezone,picture"
    };

Would result in a malformed URL when making a request to Facebook because the URL would contain two ?.