// This will automatically set an agent cookie if the client did not
// pass one. Call it only once on a given HttpContext, because it
// isn't smart enough to check if there's already a Set-Cookie.
public SVAuthRequestContext(SVX.Entity serverPrincipal, HttpContext httpContext)
{
http = httpContext;
string sessionId;
if (!httpContext.Request.Cookies.TryGetValue(cookieName, out sessionId))
{
sessionId = SVX.Utils.RandomIdString();
httpContext.Response.Headers.Add("Set-Cookie", $"{cookieName}={sessionId}; path=/");
}
// Arguably it would be better design to start with the public
// session ID and compute the session cookie as an HMAC, but
// this is a little easier.
string publicSessionId = Utils.Digest(sessionId);
channel = SVX.Channel.Of(serverPrincipal, publicSessionId);
}
// Very little of this is Weibo-specific. Consider moving it to
// OAuth20. (Exception: it's unclear if the user profile request is an
// OAuth20 concept at all, so maybe the entirety of that should move to
// Weibo with only a hook remaining in OAuth20.)
/*** implementing the methods for AuthorizationRequest ***/
public override OAuth20.AuthorizationRequest createAuthorizationRequest(SVX.Channel client)
{
var authorizationRequest = new OAuth20.AuthorizationRequest();
authorizationRequest.client_id = client_id;
authorizationRequest.response_type = "code";
//authorizationRequest.scope = "user_about_me email";
authorizationRequest.redirect_uri = redirect_uri;
var stateParams = new OAuth20.StateParams
{
client = client,
idpPrincipal = idpParticipantId.principal
};
authorizationRequest.state = stateGenerator.Generate(stateParams, SVX_Principal);
return(authorizationRequest);
}
/*** Methods about AuthorizationRequest ***/ public abstract AuthorizationRequest createAuthorizationRequest(SVX.Channel client);