/// <summary>
/// Requests an access token using a partially .initialized request message.
/// </summary>
/// <param name="request">The request message.</param>
/// <param name="scopes">The scopes requested by the client.</param>
/// <returns>The result of the request.</returns>
private IAuthorizationState RequestAccessToken(ScopedAccessTokenRequest request, IEnumerable <string> scopes = null)
{
var authorizationState = new AuthorizationState(scopes);
request.ClientIdentifier = this.ClientIdentifier;
this.ApplyClientCredential(request);
request.Scope.UnionWith(authorizationState.Scope);
var response = this.Channel.Request(request);
var success = response as AccessTokenSuccessResponse;
var failure = response as AccessTokenFailedResponse;
ErrorUtilities.VerifyProtocol(success != null || failure != null, MessagingStrings.UnexpectedMessageReceivedOfMany);
if (success != null)
{
UpdateAuthorizationWithResponse(authorizationState, success);
}
else
{
// failure
authorizationState.Delete();
}
return(authorizationState);
}
/// <summary>
/// Prepares a request for user authorization from an authorization server.
/// </summary>
/// <param name="scope">The scope of authorized access requested.</param>
/// <param name="returnTo">The URL the authorization server should redirect the browser (typically on this site) to when the authorization is completed. If null, the current request's URL will be used.</param>
public void RequestUserAuthorization(IEnumerable <string> scope = null, Uri returnTo = null)
{
var authorizationState = new AuthorizationState(scope)
{
Callback = returnTo,
};
this.PrepareRequestUserAuthorization(authorizationState).Send();
}
/// <summary>
/// Prepares a request for user authorization from an authorization server.
/// </summary>
/// <param name="scopes">The scope of authorized access requested.</param>
/// <param name="returnTo">The URL the authorization server should redirect the browser (typically on this site) to when the authorization is completed. If null, the current request's URL will be used.</param>
/// <returns>The authorization request.</returns>
public OutgoingWebResponse PrepareRequestUserAuthorization(IEnumerable <string> scopes = null, Uri returnTo = null)
{
var authorizationState = new AuthorizationState(scopes)
{
Callback = returnTo,
};
return(this.PrepareRequestUserAuthorization(authorizationState));
}
/// <summary>
/// Generates a URL that the user's browser can be directed to in order to authorize
/// this client to access protected data at some resource server.
/// </summary>
/// <param name="scope">The scope of authorized access requested.</param>
/// <param name="state">The client state that should be returned with the authorization response.</param>
/// <param name="returnTo">The URL that the authorization response should be sent to via a user-agent redirect.</param>
/// <returns>
/// A fully-qualified URL suitable to initiate the authorization flow.
/// </returns>
public Uri RequestUserAuthorization(IEnumerable <string> scope = null, string state = null, Uri returnTo = null)
{
var authorization = new AuthorizationState(scope)
{
Callback = returnTo,
};
return(this.RequestUserAuthorization(authorization, state: state));
}
/// <summary>
/// Processes the authorization response from an authorization server, if available.
/// </summary>
/// <param name="request">The incoming HTTP request that may carry an authorization response.</param>
/// <returns>The authorization state that contains the details of the authorization.</returns>
public IAuthorizationState ProcessUserAuthorization(HttpRequestBase request = null)
{
if (request == null)
{
request = this.Channel.GetRequestFromContext();
}
IMessageWithClientState response;
if (this.Channel.TryReadFromRequest <IMessageWithClientState>(request, out response))
{
Uri callback = MessagingUtilities.StripMessagePartsFromQueryString(request.GetPublicFacingUrl(), this.Channel.MessageDescriptions.Get(response));
IAuthorizationState authorizationState;
if (this.AuthorizationTracker != null)
{
authorizationState = this.AuthorizationTracker.GetAuthorizationState(callback, response.ClientState);
ErrorUtilities.VerifyProtocol(authorizationState != null, ClientStrings.AuthorizationResponseUnexpectedMismatch);
}
else
{
var context = this.Channel.GetHttpContext();
if (context.Session != null)
{
ErrorUtilities.VerifyProtocol(string.Equals(response.ClientState, context.Session.SessionID, StringComparison.Ordinal), ClientStrings.AuthorizationResponseUnexpectedMismatch);
}
else
{
}
authorizationState = new AuthorizationState {
Callback = callback
};
}
var success = response as EndUserAuthorizationSuccessAuthCodeResponse;
var failure = response as EndUserAuthorizationFailedResponse;
ErrorUtilities.VerifyProtocol(success != null || failure != null, MessagingStrings.UnexpectedMessageReceivedOfMany);
if (success != null)
{
this.UpdateAuthorizationWithResponse(authorizationState, success);
}
else
{ // failure
authorizationState.Delete();
}
return(authorizationState);
}
return(null);
}
/// <summary>
/// Scans the incoming request for an authorization response message.
/// </summary>
/// <param name="actualRedirectUrl">The actual URL of the incoming HTTP request.</param>
/// <param name="authorizationState">The authorization.</param>
/// <returns>The granted authorization, or <c>null</c> if the incoming HTTP request did not contain an authorization server response or authorization was rejected.</returns>
public IAuthorizationState ProcessUserAuthorization(Uri actualRedirectUrl, IAuthorizationState authorizationState = null)
{
if (authorizationState == null)
{
authorizationState = new AuthorizationState();
}
var carrier = new HttpRequestInfo("GET", actualRedirectUrl);
IDirectedProtocolMessage response = this.Channel.ReadFromRequest(carrier);
if (response == null)
{
return(null);
}
return(this.ProcessUserAuthorization(authorizationState, response));
}
/// <summary>
/// Gets an access token that may be used for only a subset of the scope for which a given
/// refresh token is authorized.
/// </summary>
/// <param name="refreshToken">The refresh token.</param>
/// <param name="scope">The scope subset desired in the access token.</param>
/// <returns>A description of the obtained access token, and possibly a new refresh token.</returns>
/// <remarks>
/// If the return value includes a new refresh token, the old refresh token should be discarded and
/// replaced with the new one.
/// </remarks>
public IAuthorizationState GetScopedAccessToken(string refreshToken, HashSet <string> scope)
{
Contract.Ensures(Contract.Result <IAuthorizationState>() != null);
var request = new AccessTokenRefreshRequestC(this.AuthorizationServer)
{
ClientIdentifier = this.ClientIdentifier,
RefreshToken = refreshToken,
};
this.ApplyClientCredential(request);
var response = this.Channel.Request <AccessTokenSuccessResponse>(request);
var authorization = new AuthorizationState();
UpdateAuthorizationWithResponse(authorization, response);
return(authorization);
}
