Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

OAuth2 Custom Providers: Thread Aborts With No Reason

See original GitHub issue

Description of bug

When building an OAuth2 Authorization Provider, during the login phase OAuthClient.Authorize() an exception is captured and is ignored that states the thread is aborted.

{"Thread was being aborted."}
    Data: {System.Collections.ListDictionaryInternal}
    ExceptionState: Unable to evaluate expression because the code is optimized or a native frame is on top of the call stack.
    HResult: -2146233040
    HelpLink: null
    InnerException: null
    Message: "Thread was being aborted."
    Source: "mscorlib"
    StackTrace: "   at System.Threading.Thread.AbortInternal()\r\n   at System.Threading.Thread.Abort(Object stateInfo)\r\n   at DotNetNuke.Services.Authentication.OAuth.OAuthClientBase.AuthorizeV2() ... <omitted stack> ..."
    TargetSite: {Void AbortInternal()}

Steps to reproduce

List the steps to reproduce the behavior:

Create OAuth Authorization Provider
Install module
Login

Details of problem

The OAuth Authorize workflow lives in the OAuthClient class of the DotNetNuke.Library. This is the class that is used to create custom OAuth Provider Modules. The Module will manually invoke var result = OAuthClient.Authorize();

(Code Truncated for brevity)

public virtual AuthorisationResult Authorize()
{
    if (OAuthVersion == "1.0")
    {
        return AuthorizeV1();
    }
    return AuthorizeV2();
}

private AuthorisationResult AuthorizeV2()
{
    string errorReason = HttpContext.Current.Request.Params["error_reason"];
    bool userDenied = (errorReason != null);
    if (userDenied)
    {
        return AuthorisationResult.Denied;
    }

    if (!HaveVerificationCode())
    {
        var parameters = new List<QueryParameter>
                                {
                                    new QueryParameter("scope", Scope),
                                    new QueryParameter(OAuthClientIdKey, APIKey),
                                    new QueryParameter(OAuthRedirectUriKey, HttpContext.Current.Server.UrlEncode(CallbackUri.ToString())),
                                    new QueryParameter("state", Service),
                                    new QueryParameter("response_type", "code")
                                };

        HttpContext.Current.Response.Redirect(AuthorizationEndpoint + "?" + parameters.ToNormalizedString(), true);
        return AuthorisationResult.RequestingCode;
    }

    ExchangeCodeForToken();

    return String.IsNullOrEmpty(AuthToken) ? AuthorisationResult.Denied : AuthorisationResult.Authorized;
}

The problem has to deal with the following line of code:

HttpContext.Current.Response.Redirect(AuthorizationEndpoint + "?" + parameters.ToNormalizedString(), true);

The parameter request if the thread aborts or not and we are passing in true. If we update this code to false the thread will not abort.

My Thoughts

Aborting the thread or continuing doesn’t really matter for an OAuth2 integration, but it makes it VERY confusing to a module developer on what is happening when the error just reads the Thread was aborted. I think we should allow the thread to continue along and finish processing any logic that may exist in the custom module.