/// <summary> /// Decrypts the user ID from a given authentication token. /// </summary> public bool GetUserId(string authenticationToken, out string userId, out LiveAuthException error) { Debug.Assert(!string.IsNullOrEmpty(authenticationToken)); return(LiveAuthWebUtility.ReadUserIdFromAuthenticationToken( authenticationToken, this.clientSecret, out userId, out error)); }
/// <summary> /// Validate if the user Id from the received session matches the one from the refresh token and current session. /// </summary> private LiveAuthException ValidateSession(LiveConnectSession session) { Debug.Assert(session != null); string currentUserId = null; string userId; LiveAuthException error = null; LiveConnectSession currentSession = (this.loginStatus == null) ? null : this.loginStatus.Session; // Read current session user Id, if available. if (currentSession != null) { LiveAuthException currentSessionError; LiveAuthWebUtility.ReadUserIdFromAuthenticationToken( currentSession.AuthenticationToken, this.clientSecret, out currentUserId, out currentSessionError); } // Read user Id from the new session received from the auth server. LiveAuthWebUtility.ReadUserIdFromAuthenticationToken(session.AuthenticationToken, this.clientSecret, out userId, out error); if (error == null) { if (!string.IsNullOrEmpty(currentUserId) && string.Compare(userId, currentUserId, StringComparison.InvariantCultureIgnoreCase) != 0) { // The user Id should match current session user Id error = new LiveAuthException(AuthErrorCodes.InvalidRequest, ErrorText.NewSessionDoesNotMatchCurrentUserId); } else if (this.refreshTokenInfo != null && string.Compare(userId, this.refreshTokenInfo.UserId, StringComparison.InvariantCultureIgnoreCase) != 0) { // The user Id should match the uesr Id from the one in the refresh token if available. error = new LiveAuthException(AuthErrorCodes.InvalidRequest, ErrorText.RefereshTokenNotMatchUserId); } } return(error); }