From 9d1fd1331f9f19a985582edffe6dac895828b5ea Mon Sep 17 00:00:00 2001
From: Martin Gudgin <mgudgin@microsoft.com>
Date: Mon, 2 Mar 2020 09:10:15 -0800
Subject: [PATCH 1/2] Update OAuth Token operations to new APIs

Per ['Deprecating OAuth Application API'](https://developer.github.com/changes/2020-02-14-deprecating-oauth-app-endpoint/)
the HTTP API endpoints called by CheckApplicationAuthentication,
ResetApplicationAuthentication and RevokeApplicationAuthentication are
being deprecated.

This PR updates those APIs to call the new HTTP API endpoints as
documented at the above link.

* Details

Amend CheckApplicationAuthentication, ResetApplicationAuthentication and
RevokeApplicationAuthentication to create an object containing the OAuth
access token and to call the single arg version of
ApiUrls.ApplicationAuthorization. The object is used as the request
body.

Amend CheckApplicationAuthentication to use POST.

Amend ResetApplicationAuthentication to use PATCH.

Remove the two arg version of ApiUrls.ApplicationAuthorization as it is
no longer called. Amend the single arg version to use the new API path.

Amend unit tests to account for the above changes.
---
 .../Clients/AuthorizationsClientTests.cs      | 13 +++++-----
 Octokit/Clients/AuthorizationsClient.cs       | 26 ++++++++++++++-----
 Octokit/Helpers/ApiUrls.Authorizations.cs     |  7 +----
 3 files changed, 28 insertions(+), 18 deletions(-)

diff --git a/Octokit.Tests/Clients/AuthorizationsClientTests.cs b/Octokit.Tests/Clients/AuthorizationsClientTests.cs
index 5851071246..3a7824f864 100644
--- a/Octokit.Tests/Clients/AuthorizationsClientTests.cs
+++ b/Octokit.Tests/Clients/AuthorizationsClientTests.cs
@@ -290,9 +290,9 @@ public async Task ChecksApplicationAuthenticateAtCorrectUrl()
 
                 authEndpoint.CheckApplicationAuthentication("clientId", "accessToken");
 
-                client.Received().Get<ApplicationAuthorization>(
-                    Arg.Is<Uri>(u => u.ToString() == "applications/clientId/tokens/accessToken"),
-                    null);
+                client.Received().Post<ApplicationAuthorization>(
+                    Arg.Is<Uri>(u => u.ToString() == "applications/clientId/token"),
+                    Args.Object);
             }
 
             [Fact]
@@ -318,8 +318,8 @@ public async Task ResetsApplicationAuthenticationAtCorrectUrl()
 
                 authEndpoint.ResetApplicationAuthentication("clientId", "accessToken");
 
-                client.Received().Post<ApplicationAuthorization>(
-                    Arg.Is<Uri>(u => u.ToString() == "applications/clientId/tokens/accessToken"),
+                client.Received().Patch<ApplicationAuthorization>(
+                    Arg.Is<Uri>(u => u.ToString() == "applications/clientId/token"),
                     Args.Object);
             }
 
@@ -347,7 +347,8 @@ public async Task RevokesApplicationAuthenticationAtCorrectUrl()
                 authEndpoint.RevokeApplicationAuthentication("clientId", "accessToken");
 
                 client.Received().Delete(
-                    Arg.Is<Uri>(u => u.ToString() == "applications/clientId/tokens/accessToken"));
+                    Arg.Is<Uri>(u => u.ToString() == "applications/clientId/token"),
+                    Args.Object);
             }
 
             [Fact]
diff --git a/Octokit/Clients/AuthorizationsClient.cs b/Octokit/Clients/AuthorizationsClient.cs
index e58a8f6767..d2cdf15844 100644
--- a/Octokit/Clients/AuthorizationsClient.cs
+++ b/Octokit/Clients/AuthorizationsClient.cs
@@ -341,8 +341,13 @@ public Task<ApplicationAuthorization> CheckApplicationAuthentication(string clie
             Ensure.ArgumentNotNullOrEmptyString(clientId, nameof(clientId));
             Ensure.ArgumentNotNullOrEmptyString(accessToken, nameof(accessToken));
 
-            var endpoint = ApiUrls.ApplicationAuthorization(clientId, accessToken);
-            return ApiConnection.Get<ApplicationAuthorization>(endpoint, null);
+            var requestData = new
+            {
+                access_token = accessToken
+            };
+
+            var endpoint = ApiUrls.ApplicationAuthorization(clientId);
+            return ApiConnection.Post<ApplicationAuthorization>(endpoint, requestData);
         }
 
         /// <summary>
@@ -360,9 +365,13 @@ public Task<ApplicationAuthorization> ResetApplicationAuthentication(string clie
             Ensure.ArgumentNotNullOrEmptyString(clientId, nameof(clientId));
             Ensure.ArgumentNotNullOrEmptyString(accessToken, nameof(accessToken));
 
-            var requestData = new { };
+            var requestData = new
+            {
+                access_token = accessToken
+            };
 
-            return ApiConnection.Post<ApplicationAuthorization>(ApiUrls.ApplicationAuthorization(clientId, accessToken), requestData);
+            var endpoint = ApiUrls.ApplicationAuthorization(clientId);
+            return ApiConnection.Patch<ApplicationAuthorization>(endpoint, requestData);
         }
 
         /// <summary>
@@ -380,8 +389,13 @@ public Task RevokeApplicationAuthentication(string clientId, string accessToken)
             Ensure.ArgumentNotNullOrEmptyString(clientId, nameof(clientId));
             Ensure.ArgumentNotNullOrEmptyString(accessToken, nameof(accessToken));
 
-            return ApiConnection.Delete(
-                ApiUrls.ApplicationAuthorization(clientId, accessToken));
+            var requestData = new
+            {
+                access_token = accessToken
+            };
+
+            var endpoint = ApiUrls.ApplicationAuthorization(clientId);
+            return ApiConnection.Delete(endpoint, requestData);
         }
 
         /// <summary>
diff --git a/Octokit/Helpers/ApiUrls.Authorizations.cs b/Octokit/Helpers/ApiUrls.Authorizations.cs
index 4cae9842c5..66112e2c5d 100644
--- a/Octokit/Helpers/ApiUrls.Authorizations.cs
+++ b/Octokit/Helpers/ApiUrls.Authorizations.cs
@@ -36,12 +36,7 @@ public static Uri AuthorizationsForClient(string clientId)
 
         public static Uri ApplicationAuthorization(string clientId)
         {
-            return "applications/{0}/tokens".FormatUri(clientId);
-        }
-
-        public static Uri ApplicationAuthorization(string clientId, string accessToken)
-        {
-            return "applications/{0}/tokens/{1}".FormatUri(clientId, accessToken);
+            return "applications/{0}/token".FormatUri(clientId);
         }
     }
 }

From 6c039cdac4ddd5e97703772aa7fe651316f50ff9 Mon Sep 17 00:00:00 2001
From: Martin Gudgin <mgudgin@microsoft.com>
Date: Mon, 2 Mar 2020 10:29:38 -0800
Subject: [PATCH 2/2] Update unit tests to check request payload

Add a check to the unit tests to verify that the request payload
contains an access_token field with the expected value.
---
 Octokit.Tests/Clients/AuthorizationsClientTests.cs | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Octokit.Tests/Clients/AuthorizationsClientTests.cs b/Octokit.Tests/Clients/AuthorizationsClientTests.cs
index 3a7824f864..1f0f13d5a9 100644
--- a/Octokit.Tests/Clients/AuthorizationsClientTests.cs
+++ b/Octokit.Tests/Clients/AuthorizationsClientTests.cs
@@ -292,7 +292,7 @@ public async Task ChecksApplicationAuthenticateAtCorrectUrl()
 
                 client.Received().Post<ApplicationAuthorization>(
                     Arg.Is<Uri>(u => u.ToString() == "applications/clientId/token"),
-                    Args.Object);
+                    Arg.Is<Object>(o => o.GetType().GetProperty("access_token").GetValue(o).ToString() == "accessToken"));
             }
 
             [Fact]
@@ -320,7 +320,7 @@ public async Task ResetsApplicationAuthenticationAtCorrectUrl()
 
                 client.Received().Patch<ApplicationAuthorization>(
                     Arg.Is<Uri>(u => u.ToString() == "applications/clientId/token"),
-                    Args.Object);
+                    Arg.Is<Object>(o => o.GetType().GetProperty("access_token").GetValue(o).ToString() == "accessToken"));
             }
 
             [Fact]
@@ -348,7 +348,7 @@ public async Task RevokesApplicationAuthenticationAtCorrectUrl()
 
                 client.Received().Delete(
                     Arg.Is<Uri>(u => u.ToString() == "applications/clientId/token"),
-                    Args.Object);
+                    Arg.Is<Object>(o => o.GetType().GetProperty("access_token").GetValue(o).ToString() == "accessToken"));
             }
 
             [Fact]