/// <summary>
/// Sends a request for exchanging authorization code to an access token, and handles the response.
/// </summary>
/// <param name="config">Client configuration, overridden to use the contain the dynamic
/// redirect URI.</param>
/// <param name="args">Authorization operation arguments.</param>
protected void RequestAndHandleAccessToken(
IAuthorizationCodeGrantConfig config,
AuthorizationCodeGrantArgs args)
{
string jsonResponse = RequestAccessToken(config, args);
ReadAccessTokenResponse(jsonResponse);
}
/// <summary>
/// Exchanges an authorization code received earlier during OAuth 2.0 Authorization Code Grant flow execution
/// to an access token.
/// </summary>
/// <param name="code">The authorization code.</param>
/// <param name="oauthConfig">OAuth configuration.</param>
/// <param name="codeVerifier">PKCE (Proog Key for Code Exchange) code verifier,
/// if using PKCE to secure the Authorization Code Grant flow.</param>
/// <returns>The access token response as a string.</returns>
public static string RequestAccessToken(string code, IAuthorizationCodeGrantConfig oauthConfig, string codeVerifier = null)
{
if (oauthConfig.TokenUri == null)
{
throw new InvalidOperationException("OAuthConfig.TokenUri must be specified");
}
var tokenRequest = WebRequest.CreateHttp(oauthConfig.TokenUri);
if (oauthConfig.AllowInsecureCerts)
{
tokenRequest.ServerCertificateValidationCallback =
(sender, certificate, chain, sslPolicyErrors) => true;
}
tokenRequest.Method = "POST";
tokenRequest.AllowAutoRedirect = false;
tokenRequest.ContentType = "application/x-www-form-urlencoded";
using (var requestStreamWriter = new StreamWriter(tokenRequest.GetRequestStream()))
{
requestStreamWriter.Write("grant_type=");
requestStreamWriter.Write(HttpUtility.UrlEncode(GRANT_TYPE_AUTHORIZATION_CODE));
requestStreamWriter.Write("&code=");
requestStreamWriter.Write(HttpUtility.UrlEncode(code));
requestStreamWriter.Write("&client_id=");
requestStreamWriter.Write(HttpUtility.UrlEncode(oauthConfig.ClientID));
if (oauthConfig.RedirectUri != null)
{
requestStreamWriter.Write("&redirect_uri=");
requestStreamWriter.Write(HttpUtility.UrlEncode(oauthConfig.RedirectUri));
}
if (oauthConfig.ClientSecret != null && !oauthConfig.UsePkce)
{
requestStreamWriter.Write("&client_secret=");
requestStreamWriter.Write(HttpUtility.UrlEncode(oauthConfig.ClientSecret));
}
if (codeVerifier != null && oauthConfig.UsePkce)
{
requestStreamWriter.Write("&code_verifier=");
requestStreamWriter.Write(HttpUtility.UrlEncode(codeVerifier));
}
}
string jsonResponse;
using (var response = tokenRequest.GetResponse())
{
using (var responseStreamReader = new StreamReader(response.GetResponseStream()))
{
jsonResponse = responseStreamReader.ReadToEnd();
}
}
return(jsonResponse);
}
/// <summary>
/// Exchanges a refresh token received earlier during OAuth 2.0 Authorization Code Grant flow execution
/// to a new access token.
/// </summary>
/// <param name="refreshToken">The refresh token.</param>
/// <param name="oauthConfig">OAuth configuration.</param>
/// <param name="scope">OAuth scope, optional. If <c>null</c>, requesting the same scope that had been granted
/// with the original access token.</param>
/// <returns>The access token response as a string.</returns>
public static string RefreshAccessToken(string refreshToken, IAuthorizationCodeGrantConfig oauthConfig, string scope = null)
{
if (oauthConfig.TokenUri == null)
{
throw new InvalidOperationException("OAuthConfig.TokenUri must be specified");
}
var tokenRequest = WebRequest.CreateHttp(oauthConfig.TokenUri);
tokenRequest.Method = "POST";
tokenRequest.AllowAutoRedirect = false;
tokenRequest.ContentType = "application/x-www-form-urlencoded";
using (var requestStreamWriter = new StreamWriter(tokenRequest.GetRequestStream()))
{
requestStreamWriter.Write("grant_type=");
requestStreamWriter.Write(HttpUtility.UrlEncode(GRANT_TYPE_REFRESH_TOKEN));
requestStreamWriter.Write("&refresh_token=");
requestStreamWriter.Write(HttpUtility.UrlEncode(refreshToken));
requestStreamWriter.Write("&client_id=");
requestStreamWriter.Write(HttpUtility.UrlEncode(oauthConfig.ClientID));
if (oauthConfig.ClientSecret != null)
{
requestStreamWriter.Write("&client_secret=");
requestStreamWriter.Write(HttpUtility.UrlEncode(oauthConfig.ClientSecret));
}
if (scope != null)
{
requestStreamWriter.Write("&scope=");
requestStreamWriter.Write(HttpUtility.UrlEncode(scope));
}
}
string jsonResponse;
using (var response = tokenRequest.GetResponse())
{
using (var responseStreamReader = new StreamReader(response.GetResponseStream()))
{
jsonResponse = responseStreamReader.ReadToEnd();
}
}
return(jsonResponse);
}
/// <summary>
/// Reads response and populates this object from the response parameters received
/// from the server as a response to an authorization request.
/// </summary>
/// <param name="config">Client configuration, overridden to use the contain the dynamic
/// redirect URI.</param>
/// <param name="args">Authorization operation arguments.</param>
/// <param name="responseParameters">The response parameters from the server.</param>
/// <returns>Returns the OAuth state read from the response parameters, or <c>null</c> if no <c>state</c>
/// response parameter found.</returns>
protected string ReadAuthorizationResponse(
IAuthorizationCodeGrantConfig config,
AuthorizationCodeGrantArgs args,
NameValueCollection responseParameters)
{
AuthorizationCode = responseParameters["code"];
var retValue = base.ReadAuthorizationResponse(args, responseParameters);
if (AuthorizationCode != null)
{
try
{
// Authorization code has been received, call the token endpoint for getting an access token
RequestAndHandleAccessToken(config, args);
}
finally
{
AuthorizationCode = null;
}
}
return(retValue);
}
/// <summary>
/// Exchanges a refresh token received earlier during OAuth 2.0 Authorization Code Grant flow execution
/// to a new access token.
/// </summary>
/// <param name="refreshToken">The refresh token.</param>
/// <param name="oauthConfig">OAuth configuration.</param>
/// <param name="scope">OAuth scope, optional. If <c>null</c>, requesting the same scope that had been granted
/// with the original access token.</param>
/// <returns>The access token response as a string.</returns>
public static string RefreshAccessToken(string refreshToken, IAuthorizationCodeGrantConfig oauthConfig, string scope = null)
{
if (oauthConfig.TokenUri == null)
{
throw new InvalidOperationException("OAuthConfig.TokenUri must be specified");
}
var tokenRequest = WebRequest.CreateHttp(oauthConfig.TokenUri);
tokenRequest.Method = "POST";
tokenRequest.AllowAutoRedirect = false;
tokenRequest.ContentType = "application/x-www-form-urlencoded";
using (var requestStreamWriter = new StreamWriter(tokenRequest.GetRequestStream()))
{
requestStreamWriter.Write("grant_type=");
requestStreamWriter.Write(HttpUtility.UrlEncode(GRANT_TYPE_REFRESH_TOKEN));
requestStreamWriter.Write("&refresh_token=");
requestStreamWriter.Write(HttpUtility.UrlEncode(refreshToken));
requestStreamWriter.Write("&client_id=");
requestStreamWriter.Write(HttpUtility.UrlEncode(oauthConfig.ClientID));
if (!oauthConfig.UsePkce && !string.IsNullOrEmpty(oauthConfig.ClientSecret))
{
requestStreamWriter.Write("&client_secret=");
requestStreamWriter.Write(HttpUtility.UrlEncode(oauthConfig.ClientSecret));
}
if (scope != null)
{
requestStreamWriter.Write("&scope=");
requestStreamWriter.Write(HttpUtility.UrlEncode(scope));
}
}
string jsonResponse;
var certValidationCallback = ServicePointManager.ServerCertificateValidationCallback;
try
{
if (oauthConfig.AllowInsecureCerts)
{
ServicePointManager.ServerCertificateValidationCallback = delegate { return(true); };
}
using (var response = tokenRequest.GetResponse())
using (var responseStreamReader = new StreamReader(response.GetResponseStream()))
{
jsonResponse = responseStreamReader.ReadToEnd();
}
}
catch (WebException ex)
{
using (var errorResponse = ex.Response.GetResponseStream())
using (var errorResponseStreamReader = new StreamReader(errorResponse))
{
jsonResponse = errorResponseStreamReader.ReadToEnd();
}
}
finally
{
if (oauthConfig.AllowInsecureCerts)
{
ServicePointManager.ServerCertificateValidationCallback = certValidationCallback;
}
}
return(jsonResponse);
}
/// <summary>
/// Initialized a new instance of the <see cref="AuthorizationCodeGrantConfigWrapper"/> class.
/// </summary>
/// <param name="wrapped">The wrapped config object.</param>
protected AuthorizationCodeGrantConfigWrapper(IAuthorizationCodeGrantConfig wrapped)
: base(wrapped)
{
}
public AuthorizationCodeGrantConfigWithDynamicRedirectUri(IAuthorizationCodeGrantConfig wrapped, string redirectUri)
: base(wrapped)
{
this.redirectUri = redirectUri;
}
/// <summary>
/// Sends a request for exchanging authorization code to an access token.
/// </summary>
/// <param name="config">Client configuration, overridden to use the contain the dynamic
/// redirect URI.</param>
/// <param name="args">Authorization operation arguments.</param>
protected string RequestAccessToken(
IAuthorizationCodeGrantConfig config,
AuthorizationCodeGrantArgs args)
{
return(OAuthUtil.RequestAccessToken(AuthorizationCode, config, args.CodeVerifier));
}
