private static List <Scope> ValidateScopesForContext(IdentityMembership membership, List <Scope> resultingScopes)
{
if (membership == null)
{
return(resultingScopes);
}
if (!membership.CanAccessNeeds)
{
RemoveScope(resultingScopes, "needs");
}
if (!membership.CanAccessMembership)
{
RemoveScope(resultingScopes, "membership");
}
if (!membership.CanAccessSentShares)
{
RemoveScope(resultingScopes, "sent_shares");
}
if (!membership.CanAccessReceivedShares)
{
RemoveScope(resultingScopes, "received_shares");
}
return(resultingScopes);
}
private static void ValidateScopes(AuthorizeRequest request, ValidatedRequest validatedRequest, IdentityMembership membership)
{
// validate scopes
if (string.IsNullOrEmpty(request.scope))
{
throw new AuthorizeRequestClientException(
"Missing scope.",
new Uri(validatedRequest.RedirectUri.Uri),
OAuthConstants.Errors.InvalidScope,
validatedRequest.ResponseType,
validatedRequest.State);
}
var requestedScopes = request.scope.Split(' ').ToList();
List <Scope> resultingScopes;
if (validatedRequest.Application.Scopes.TryValidateScopes(validatedRequest.Client.ClientId, requestedScopes, out resultingScopes))
{
resultingScopes = ValidateScopesForContext(membership, resultingScopes);
validatedRequest.Scopes = resultingScopes;
Tracing.InformationFormat("Requested scopes: {0}", request.scope);
}
else
{
throw new AuthorizeRequestClientException(
"Invalid scope.",
new Uri(validatedRequest.RedirectUri.Uri),
OAuthConstants.Errors.InvalidScope,
validatedRequest.ResponseType,
validatedRequest.State);
}
}
