private IAuthorizationState RequestAccessTokenAsync(ScopedAccessTokenRequest request, IEnumerable <string> scopes, CancellationToken cancellationToken)
{
var authorizationState = new AuthorizationState(scopes);
request.ClientIdentifier = this.ClientIdentifier;
this.ApplyClientCredential(request);
request.Scope.UnionWith(authorizationState.Scope);
var response = this.Channel.RequestAsync(request, cancellationToken);
var success = response as AccessTokenSuccessResponse;
var failure = response as AccessTokenFailedResponse;
ErrorUtilities.VerifyProtocol(success != null || failure != null, MessagingStrings.UnexpectedMessageReceivedOfMany);
if (success != null)
{
authorizationState.Scope.Clear();
UpdateAuthorizationWithResponse(authorizationState, success);
}
else
{
Logger.OAuth.Info("Credentials rejected by the Authorization Server.");
authorizationState.Delete();
}
return(authorizationState);
}
/// <summary>
/// 用户授权请求
/// </summary>
/// <param name="scopes">请求范围</param>
/// <param name="returnTo">回调地址</param>
/// <param name="cancellationToken"></param>
/// <returns></returns>
public HttpResponseMessage PrepareRequestUserAuthorizationAsync(IEnumerable <string> scopes = null, Uri returnTo = null, CancellationToken cancellationToken = default(CancellationToken))
{
var authorizationState = new AuthorizationState(scopes)
{
Callback = returnTo
};
return(this.PrepareRequestUserAuthorizationAsync(authorizationState, cancellationToken));
}
public IAuthorizationState GetScopedAccessTokenAsync(string refreshToken, HashSet <string> scope, CancellationToken cancellationToken)
{
var request = new AccessTokenRefreshRequestC(this.AuthorizationServer)
{
ClientIdentifier = this.ClientIdentifier,
RefreshToken = refreshToken
};
this.ApplyClientCredential(request);
var response = this.Channel.RequestAsync <AccessTokenSuccessResponse>(request, cancellationToken);
var authorization = new AuthorizationState();
UpdateAuthorizationWithResponse(authorization, response);
return(authorization);
}
public IAuthorizationState ProcessUserAuthorizationAsync(HttpRequestMessage request, CancellationToken cancellationToken = default(CancellationToken))
{
var response = this.Channel.TryReadFromRequestAsync <IMessageWithClientState>(request, cancellationToken);
if (response != null)
{
Uri callback = request.RequestUri.StripMessagePartsFromQueryString(this.Channel.MessageDescriptions.Get(response));
IAuthorizationState authorizationState;
if (this.AuthorizationTracker != null)
{
authorizationState = this.AuthorizationTracker.GetAuthorizationState(callback, response.ClientState);
ErrorUtilities.VerifyProtocol(authorizationState != null, ClientStrings.AuthorizationResponseUnexpectedMismatch);
}
else
{
var xsrfCookieValue = (from cookieHeader in request.Headers.GetCookies()
from cookie in cookieHeader.Cookies
where cookie.Name == XsrfCookieName
select cookie.Value).FirstOrDefault();
ErrorUtilities.VerifyProtocol(xsrfCookieValue != null && string.Equals(response.ClientState, xsrfCookieValue, StringComparison.Ordinal), ClientStrings.AuthorizationResponseUnexpectedMismatch);
authorizationState = new AuthorizationState {
Callback = callback
};
}
var success = response as EndUserAuthorizationSuccessAuthCodeResponse;
var failure = response as EndUserAuthorizationFailedResponse;
ErrorUtilities.VerifyProtocol(success != null || failure != null, MessagingStrings.UnexpectedMessageReceivedOfMany);
if (success != null)
{
this.UpdateAuthorizationWithResponseAsync(authorizationState, success, cancellationToken);
}
else
{
Logger.OAuth.Info("User refused to grant the requested authorization at the Authorization Server.");
authorizationState.Delete();
}
return(authorizationState);
}
return(null);
}
