/// <summary>
/// Decrypts the user ID from a given authentication token.
/// </summary>
public bool GetUserId(string authenticationToken, out string userId, out LiveAuthException error)
{
Debug.Assert(!string.IsNullOrEmpty(authenticationToken));
return(LiveAuthWebUtility.ReadUserIdFromAuthenticationToken(
authenticationToken,
this.clientSecret,
out userId,
out error));
}
/// <summary>
/// Validate if the user Id from the received session matches the one from the refresh token and current session.
/// </summary>
private LiveAuthException ValidateSession(LiveConnectSession session)
{
Debug.Assert(session != null);
string currentUserId = null;
string userId;
LiveAuthException error = null;
LiveConnectSession currentSession = (this.loginStatus == null) ? null : this.loginStatus.Session;
// Read current session user Id, if available.
if (currentSession != null)
{
LiveAuthException currentSessionError;
LiveAuthWebUtility.ReadUserIdFromAuthenticationToken(
currentSession.AuthenticationToken,
this.clientSecret,
out currentUserId,
out currentSessionError);
}
// Read user Id from the new session received from the auth server.
LiveAuthWebUtility.ReadUserIdFromAuthenticationToken(session.AuthenticationToken, this.clientSecret, out userId, out error);
if (error == null)
{
if (!string.IsNullOrEmpty(currentUserId) &&
string.Compare(userId, currentUserId, StringComparison.InvariantCultureIgnoreCase) != 0)
{
// The user Id should match current session user Id
error = new LiveAuthException(AuthErrorCodes.InvalidRequest, ErrorText.NewSessionDoesNotMatchCurrentUserId);
}
else if (this.refreshTokenInfo != null &&
string.Compare(userId, this.refreshTokenInfo.UserId, StringComparison.InvariantCultureIgnoreCase) != 0)
{
// The user Id should match the uesr Id from the one in the refresh token if available.
error = new LiveAuthException(AuthErrorCodes.InvalidRequest, ErrorText.RefereshTokenNotMatchUserId);
}
}
return(error);
}
