/// <summary>
/// Requests an access token using a partially .initialized request message.
/// </summary>
/// <param name="request">The request message.</param>
/// <param name="scopes">The scopes requested by the client.</param>
/// <returns>The result of the request.</returns>
private IAuthorizationState RequestAccessToken(ScopedAccessTokenRequest request, IEnumerable <string> scopes = null)
{
Requires.NotNull(request, "request");
var authorizationState = new AuthorizationState(scopes);
request.ClientIdentifier = this.ClientIdentifier;
this.ApplyClientCredential(request);
request.Scope.UnionWith(authorizationState.Scope);
var response = this.Channel.Request(request);
var success = response as AccessTokenSuccessResponse;
var failure = response as AccessTokenFailedResponse;
ErrorUtilities.VerifyProtocol(success != null || failure != null, MessagingStrings.UnexpectedMessageReceivedOfMany);
if (success != null)
{
authorizationState.Scope.Clear(); // clear the scope we requested so that the response will repopulate it.
UpdateAuthorizationWithResponse(authorizationState, success);
}
else // failure
{
Logger.OAuth.Info("Credentials rejected by the Authorization Server.");
authorizationState.Delete();
}
return(authorizationState);
}
/// <summary>
/// Requests an access token using a partially .initialized request message.
/// </summary>
/// <param name="request">The request message.</param>
/// <param name="scopes">The scopes requested by the client.</param>
/// <param name="cancellationToken">The cancellation token.</param>
/// <returns>
/// The result of the request.
/// </returns>
private async Task <IAuthorizationState> RequestAccessTokenAsync(IDirectedProtocolMessage request, IEnumerable <string> scopes, CancellationToken cancellationToken)
{
Requires.NotNull(request, "request");
var authorizationState = new AuthorizationState(scopes);
// Process client credential and scopes if supported by request message.
var accessTokenRequest = request as IAccessTokenRequest;
if (accessTokenRequest != null)
{
var authRequest = request as AuthenticatedClientRequestBase;
if (authRequest != null)
{
authRequest.ClientIdentifier = this.ClientIdentifier;
}
this.ApplyClientCredential(accessTokenRequest);
accessTokenRequest.Scope.UnionWith(authorizationState.Scope);
}
var response = await this.Channel.RequestAsync(request, cancellationToken);
var success = response as AccessTokenSuccessResponse;
var failure = response as AccessTokenFailedResponse;
ErrorUtilities.VerifyProtocol(success != null || failure != null, MessagingStrings.UnexpectedMessageReceivedOfMany);
if (success != null)
{
authorizationState.Scope.Clear(); // clear the scope we requested so that the response will repopulate it.
UpdateAuthorizationWithResponse(authorizationState, success);
}
else
{ // failure
Logger.OAuth.Info("Credentials rejected by the Authorization Server.");
authorizationState.Delete();
}
return(authorizationState);
}
/// <summary>
/// Requests an access token using a partially .initialized request message.
/// </summary>
/// <param name="request">The request message.</param>
/// <param name="scopes">The scopes requested by the client.</param>
/// <param name="cancellationToken">The cancellation token.</param>
/// <returns>
/// The result of the request.
/// </returns>
private async Task<IAuthorizationState> RequestAccessTokenAsync(ScopedAccessTokenRequest request, IEnumerable<string> scopes, CancellationToken cancellationToken) {
Requires.NotNull(request, "request");
var authorizationState = new AuthorizationState(scopes);
request.ClientIdentifier = this.ClientIdentifier;
this.ApplyClientCredential(request);
request.Scope.UnionWith(authorizationState.Scope);
var response = await this.Channel.RequestAsync(request, cancellationToken);
var success = response as AccessTokenSuccessResponse;
var failure = response as AccessTokenFailedResponse;
ErrorUtilities.VerifyProtocol(success != null || failure != null, MessagingStrings.UnexpectedMessageReceivedOfMany);
if (success != null) {
authorizationState.Scope.Clear(); // clear the scope we requested so that the response will repopulate it.
UpdateAuthorizationWithResponse(authorizationState, success);
} else { // failure
Logger.OAuth.Info("Credentials rejected by the Authorization Server.");
authorizationState.Delete();
}
return authorizationState;
}
/// <summary>
/// Exchanges a resource owner's password credential for OAuth 2.0 refresh and access tokens.
/// </summary>
/// <param name="userName">The resource owner's username, as it is known by the authorization server.</param>
/// <param name="password">The resource owner's account password.</param>
/// <param name="scopes">The desired scope of access.</param>
/// <returns>The result, containing the tokens if successful.</returns>
public IAuthorizationState ExchangeUserCredentialForToken(string userName, string password, IEnumerable<string> scopes = null) {
Requires.NotNullOrEmpty(userName, "userName");
Requires.NotNull(password, "password");
var authorizationState = new AuthorizationState(scopes);
var request = new AccessTokenResourceOwnerPasswordCredentialsRequest(this.AuthorizationServer.TokenEndpoint, this.AuthorizationServer.Version) {
ClientIdentifier = this.ClientIdentifier,
ClientSecret = this.ClientSecret,
UserName = userName,
Password = password,
};
var response = this.Channel.Request(request);
var success = response as AccessTokenSuccessResponse;
var failure = response as AccessTokenFailedResponse;
ErrorUtilities.VerifyProtocol(success != null || failure != null, MessagingStrings.UnexpectedMessageReceivedOfMany);
if (success != null) {
UpdateAuthorizationWithResponse(authorizationState, success);
} else { // failure
Logger.OAuth.Info("Resource Owner credentials rejected by the Authorization Server.");
authorizationState.Delete();
}
return authorizationState;
}
/// <summary>
/// Requests an access token using a partially .initialized request message.
/// </summary>
/// <param name="request">The request message.</param>
/// <param name="scopes">The scopes requested by the client.</param>
/// <returns>The result of the request.</returns>
private IAuthorizationState RequestAccessToken(ScopedAccessTokenRequest request, IEnumerable<string> scopes = null) {
Requires.NotNull(request, "request");
var authorizationState = new AuthorizationState(scopes);
request.ClientIdentifier = this.ClientIdentifier;
request.ClientSecret = this.ClientSecret;
request.Scope.UnionWith(authorizationState.Scope);
var response = this.Channel.Request(request);
var success = response as AccessTokenSuccessResponse;
var failure = response as AccessTokenFailedResponse;
ErrorUtilities.VerifyProtocol(success != null || failure != null, MessagingStrings.UnexpectedMessageReceivedOfMany);
if (success != null) {
UpdateAuthorizationWithResponse(authorizationState, success);
} else { // failure
Logger.OAuth.Info("Credentials rejected by the Authorization Server.");
authorizationState.Delete();
}
return authorizationState;
}
