public override void OnReceive(Context context, Intent intent) { PluginDatabase pluginDb = new PluginDatabase(context); if (intent.Action == Strings.ActionRequestAccess) { string senderPackage = intent.GetStringExtra(Strings.ExtraSender); string requestToken = intent.GetStringExtra(Strings.ExtraRequestToken); IList <string> requestedScopes = intent.GetStringArrayListExtra(Strings.ExtraScopes); if (!AreScopesValid(requestedScopes)) { Log.Debug(_tag, "requested scopes not valid"); return; } if (pluginDb.GetRequestToken(senderPackage) != requestToken) { Log.Warn(_tag, "Invalid requestToken!"); return; } string currentAccessToken = pluginDb.GetAccessToken(senderPackage); if ((currentAccessToken != null) && (AccessManager.IsSubset(requestedScopes, pluginDb.GetPluginScopes(senderPackage)))) { //permission already there. var i = new Intent(Strings.ActionReceiveAccess); i.PutExtra(Strings.ExtraSender, context.PackageName); i.PutExtra(Strings.ExtraAccessToken, currentAccessToken); //TODO: Plugin should verify requestToken to make sure it doesn't receive accessTokens from malicious apps i.PutExtra(Strings.ExtraRequestToken, requestToken); i.SetPackage(senderPackage); context.SendBroadcast(i); Log.Debug(_tag, "Plugin " + senderPackage + " enabled."); } else { //store that scope was requested but not yet approved (=> accessToken = null) pluginDb.StorePlugin(senderPackage, null, requestedScopes); Log.Debug(_tag, "Plugin " + senderPackage + " not enabled."); //see if the plugin has an access token string accessToken = intent.GetStringExtra(Strings.ExtraAccessToken); if (accessToken != null) { //notify plugin that access token is no longer valid or sufficient Intent i = new Intent(Strings.ActionRevokeAccess); i.PutExtra(Strings.ExtraSender, context.PackageName); i.PutExtra(Strings.ExtraAccessToken, accessToken); i.SetPackage(senderPackage); context.SendBroadcast(i); Log.Warn(_tag, "Access token of plugin " + senderPackage + " not (or no more) valid."); } } if (OnReceivedRequest != null) { OnReceivedRequest(this, new PluginHostEventArgs() { Package = senderPackage }); } } }