This repository was archived by the owner on Dec 13, 2018. It is now read-only.
This repository was archived by the owner on Dec 13, 2018. It is now read-only.
Consider moving GenerateCorrelationId and ValidateCorrelationId to RemoteAuthenticationHandler #647
Description
Currently, both OAuthHandler and OpenIdConnectHandler rely on private or protected methods to generate and validate anti-XSRF tokens.
To make things DRYier, standardize the two implementations and allow RemoteAuthenticationHandler inheritors to use correlation checks without having to embed their own methods, moving GenerateCorrelationId and ValidateCorrelationId to RemoteAuthenticationHandler would be ideal.
(FYI, I had to copy these methods for the generic OpenID2 middleware: https://github.com/aspnet-contrib/AspNet.Security.OpenId.Providers/blob/dev/src/AspNet.Security.OpenId/OpenIdAuthenticationHandler.cs)