Problem/Motivation
Relying on the provider_name property from an oembed response can result in exceptions.
We should not be trusting a oembed provider to provide the same provider name as found in oembed.com/providers.json, two independent parties.
In various places, we already validate a URL by checking that a provider responds to a URL, then for some reason that provider is effectively discarded when we fetch the oembed resource, relying on the oembed resource to provide us a valid provider name in our system.
Take \Drupal\media\Plugin\Validation\Constraint\OEmbedResourceConstraintValidator::validate, which validates we have a provider for a URL by running $this->urlResolver->getProviderByUrl($url). Later in the method $this->resourceFetcher->fetchResource($resource_url); is executed. fetchResource calls createResource, which results in this behaviour.
Example
URL: https://www.reddit.com/r/aww/comments/get9f5/guess_youre_about_to_buy_every_toy_in_the_store/.
In the case of Reddit, in providers.json the provider_name is "Reddit", versus a response from Reddit itself has provider_name = 'reddit'. I dont think a reasonable fix is to simply lowercase everything.
Proposed solution: We should either be passing $provider down the stack, or re-running getProviderByUrl from within createResource.
Related example
Another similar but not exactly the same example of this is Sound Cloud. provider.json has a provider_name of SoundCloud, but resources returned from SoundCloud do not return a provider name. Supplying a provider_name in a resource response is also optional. In this case we have a provider already! But createResource currently isnt matching it up to the known provider. Retrieving a SoundCloud resource doesn't result in an exception, like Reddit resources, because the property is not present in the first place; NULL is set as the provider to \Drupal\media\OEmbed\Resource objects.
Steps to reproduce
Proposed resolution
Remaining tasks
User interface changes
API changes
Data model changes
Release notes snippet