public override ISecurityToken getSecurityTokenFromRequest(HttpRequest request)
{
OAuthMessage requestMessage = OAuthServlet.getMessage(request, null);
String containerKey = getParameter(requestMessage, OAuth.OAUTH_CONSUMER_KEY);
String containerSignature = getParameter(requestMessage, OAuth.OAUTH_SIGNATURE);
String userId = request.Params[REQUESTOR_ID_PARAM].Trim();
if (containerKey == null || containerSignature == null || string.IsNullOrEmpty(userId))
{
// This isn't a proper OAuth request
return(null);
}
try
{
if (service.thirdPartyHasAccessToUser(requestMessage, containerKey, userId))
{
return(service.getSecurityToken(containerKey, userId));
}
throw new InvalidAuthenticationException("Access for app not allowed", null);
}
catch (OAuthException oae)
{
throw new InvalidAuthenticationException(oae.Message, oae);
}
}
