From 5abf4542f02cd6b56a00e3bb42bf04a9d390b6dc Mon Sep 17 00:00:00 2001 From: LuckyNoS7evin Date: Thu, 15 Mar 2018 21:18:15 +0000 Subject: [PATCH 1/2] Major Issue - Secret Check Rotated Secret Manager would never have worked only checks current secret not older ones which may still be valid. --- TwitchLib.Extension/Extension/ExtensionBase.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TwitchLib.Extension/Extension/ExtensionBase.cs b/TwitchLib.Extension/Extension/ExtensionBase.cs index 505c09f..1182021 100644 --- a/TwitchLib.Extension/Extension/ExtensionBase.cs +++ b/TwitchLib.Extension/Extension/ExtensionBase.cs @@ -335,7 +335,7 @@ private ClaimsPrincipal VerifyWithSecret(string jwt, string secret, out Security { var validationParameters = new TokenValidationParameters { - IssuerSigningKey = new SymmetricSecurityKey(Convert.FromBase64String(CurrentSecret)), + IssuerSigningKey = new SymmetricSecurityKey(Convert.FromBase64String(secret)), ValidateAudience = false, ValidateLifetime = false, ValidateIssuer = false, From 0837968ec9ae8268c3cab08e2f344eb2f28ff9f7 Mon Sep 17 00:00:00 2001 From: LuckyNoS7evin Date: Sat, 17 Mar 2018 13:21:57 +0000 Subject: [PATCH 2/2] Version update for new nuget * One Major fix to Verify secret as it was not correct, this would have broken the system for anyone using a rotated secret --- TwitchLib.Extension.Core/TwitchLib.Extension.Core.csproj | 6 +++--- TwitchLib.Extension/TwitchLib.Extension.csproj | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/TwitchLib.Extension.Core/TwitchLib.Extension.Core.csproj b/TwitchLib.Extension.Core/TwitchLib.Extension.Core.csproj index af3d6d0..5d387e8 100644 --- a/TwitchLib.Extension.Core/TwitchLib.Extension.Core.csproj +++ b/TwitchLib.Extension.Core/TwitchLib.Extension.Core.csproj @@ -2,7 +2,7 @@ netcoreapp2.0 TwitchLib.Extension.Core - 1.0.0 + 1.1.0 Extension component of TwitchLib. This component expands the base Extension Library to include a dot net standard (core) Authentication Middleware and Extension Manager true luckyNoS7evin @@ -16,8 +16,8 @@ Git twitch extension api c# csharp nbet standard 2.0 authorization extension mamnager en-US - 2.0.0.0 - 2.0.0.0 + 2.1.0.0 + 2.1.0.0 diff --git a/TwitchLib.Extension/TwitchLib.Extension.csproj b/TwitchLib.Extension/TwitchLib.Extension.csproj index d9f8839..8c9d7fc 100644 --- a/TwitchLib.Extension/TwitchLib.Extension.csproj +++ b/TwitchLib.Extension/TwitchLib.Extension.csproj @@ -2,7 +2,7 @@ netstandard2.0;net452 TwitchLib.Extension - 1.0.0 + 1.1.0 Extension component of TwitchLib. This component allows you to access Twitch's Extension Api system true luckyNoS7evin @@ -16,8 +16,8 @@ Git twitch extension api c# csharp nbet standard 2.0 en-US - 2.0.0.0 - 2.0.0.0 + 2.1.0.0 + 2.1.0.0