From 16e25867248cb446bf1bba3f975c6e676b52ba6e Mon Sep 17 00:00:00 2001
From: huysentruitw <wouter_huysentruit@hotmail.com>
Date: Mon, 30 Mar 2020 22:12:54 +0200
Subject: [PATCH] Use Backchannel.DefaultRequestVersion in OAuth & OIDC
 requests #20096 (#20295)

---
 src/Security/Authentication/OAuth/src/OAuthHandler.cs          | 1 +
 .../Authentication/OpenIdConnect/src/OpenIdConnectHandler.cs   | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/Security/Authentication/OAuth/src/OAuthHandler.cs b/src/Security/Authentication/OAuth/src/OAuthHandler.cs
index 29ef3036f8..99dccc6b7e 100644
--- a/src/Security/Authentication/OAuth/src/OAuthHandler.cs
+++ b/src/Security/Authentication/OAuth/src/OAuthHandler.cs
@@ -196,6 +196,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
             var requestMessage = new HttpRequestMessage(HttpMethod.Post, Options.TokenEndpoint);
             requestMessage.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
             requestMessage.Content = requestContent;
+            requestMessage.Version = Backchannel.DefaultRequestVersion;
             var response = await Backchannel.SendAsync(requestMessage, Context.RequestAborted);
             if (response.IsSuccessStatusCode)
             {
diff --git a/src/Security/Authentication/OpenIdConnect/src/OpenIdConnectHandler.cs b/src/Security/Authentication/OpenIdConnect/src/OpenIdConnectHandler.cs
index e601f5c06b..73f7f96d69 100644
--- a/src/Security/Authentication/OpenIdConnect/src/OpenIdConnectHandler.cs
+++ b/src/Security/Authentication/OpenIdConnect/src/OpenIdConnectHandler.cs
@@ -806,7 +806,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
             var requestMessage = new HttpRequestMessage(HttpMethod.Post, tokenEndpointRequest.TokenEndpoint ?? _configuration.TokenEndpoint);
             requestMessage.Content = new FormUrlEncodedContent(tokenEndpointRequest.Parameters);
-
+            requestMessage.Version = Backchannel.DefaultRequestVersion;
             var responseMessage = await Backchannel.SendAsync(requestMessage);
 
             var contentMediaType = responseMessage.Content.Headers.ContentType?.MediaType;
@@ -869,6 +869,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             Logger.RetrievingClaims();
             var requestMessage = new HttpRequestMessage(HttpMethod.Get, userInfoEndpoint);
             requestMessage.Headers.Authorization = new AuthenticationHeaderValue("Bearer", message.AccessToken);
+            requestMessage.Version = Backchannel.DefaultRequestVersion;
             var responseMessage = await Backchannel.SendAsync(requestMessage);
             responseMessage.EnsureSuccessStatusCode();
             var userInfoResponse = await responseMessage.Content.ReadAsStringAsync();