public string GrantAccessToken()
{
RequestAccessTokenParams rap = new RequestAccessTokenParams();
rap.GrantType = current.Request.QueryString[Constants.GrantTypeParameter];
rap.Scope = current.Request.QueryString[Constants.ScopeParameter];
rap.Code = current.Request.QueryString[Constants.CodeParameter];
rap.RedirectUri = current.Request.QueryString[Constants.RedirectUriParameter];
rap.Username = current.Request.QueryString[Constants.UsernameParameter];
rap.Password = current.Request.QueryString[Constants.PasswordParameter];
// Grant Type must be specified.
if (string.IsNullOrEmpty(rap.GrantType))
{
DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, Constants.OAUTH2_ERROR_INVALID_REQUEST, null, null);
}
//// Make sure we've implemented the requested grant type
var grantTypes = GetSupportedGrantTypes();
if (!grantTypes.Contains(rap.GrantType))
{
DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, Constants.OAUTH2_ERROR_UNSUPPORTED_GRANT_TYPE, null, null);
}
//// Authorize the client
var clientCridentials = GetClientCredentials();
if (!CheckClientCredentials(clientCridentials.ClientId, clientCridentials.ClientSecret))
{
DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, Constants.OAUTH2_ERROR_INVALID_CLIENT, null, null);
}
string scopes = "";
//// Do the granting
switch (rap.GrantType)
{
case Constants.OAUTH2_GRANT_TYPE_AUTH_CODE:
if (string.IsNullOrEmpty(rap.Code) || string.IsNullOrEmpty(rap.RedirectUri))
{
DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, Constants.OAUTH2_ERROR_INVALID_REQUEST, null, null);
}
var stored = GetAuthCode(rap.Code);
if (stored == null)
{
DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, null, null, null);
}
scopes = stored.Scopes;
// Ensure that the input uri starts with the stored uri
if (!rap.RedirectUri.Equals(stored.RedirectUri, StringComparison.CurrentCultureIgnoreCase))
{
DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, Constants.OAUTH2_ERROR_INVALID_GRANT, null, null);
}
if (!clientCridentials.ClientId.Equals(stored.ClientId, StringComparison.CurrentCultureIgnoreCase))
{
DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, Constants.OAUTH2_ERROR_INVALID_GRANT, null, null);
}
if (stored.Expires < DateTime.Now.TimeOfDay)
{
DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, Constants.OAUTH2_ERROR_EXPIRED_TOKEN, null, null);
}
break;
case Constants.OAUTH2_GRANT_TYPE_USER_CREDENTIALS:
if (string.IsNullOrEmpty(rap.Username) || string.IsNullOrEmpty(rap.Password))
{
DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, Constants.OAUTH2_ERROR_INVALID_REQUEST, null, null);
}
if (!CheckUserCredentials(clientCridentials.ClientId, rap.Username, rap.Password))
{
DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, Constants.OAUTH2_ERROR_INVALID_GRANT, null, null);
}
break;
default: break;
}
//// Check scope, if provided
if (!string.IsNullOrEmpty(rap.Scope) && !CheckScope(scopes, rap.Scope))
{
DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, Constants.OAUTH2_ERROR_INVALID_SCOPE, null, null);
}
string token = CreateAccessToken(clientCridentials.ClientId, rap.Scope);
return(token);
}
public string GrantAccessToken()
{
RequestAccessTokenParams rap = new RequestAccessTokenParams();
rap.GrantType = current.Request.QueryString[Constants.GrantTypeParameter];
rap.Scope = current.Request.QueryString[Constants.ScopeParameter];
rap.Code = current.Request.QueryString[Constants.CodeParameter];
rap.RedirectUri = current.Request.QueryString[Constants.RedirectUriParameter];
rap.Username = current.Request.QueryString[Constants.UsernameParameter];
rap.Password = current.Request.QueryString[Constants.PasswordParameter];
// Grant Type must be specified.
if (string.IsNullOrEmpty(rap.GrantType))
DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, Constants.OAUTH2_ERROR_INVALID_REQUEST, null, null);
//// Make sure we've implemented the requested grant type
var grantTypes = GetSupportedGrantTypes();
if (!grantTypes.Contains(rap.GrantType))
DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, Constants.OAUTH2_ERROR_UNSUPPORTED_GRANT_TYPE, null, null);
//// Authorize the client
var clientCridentials = GetClientCredentials();
if (!CheckClientCredentials(clientCridentials.ClientId, clientCridentials.ClientSecret))
DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, Constants.OAUTH2_ERROR_INVALID_CLIENT, null, null);
string scopes = "";
//// Do the granting
switch (rap.GrantType)
{
case Constants.OAUTH2_GRANT_TYPE_AUTH_CODE:
if (string.IsNullOrEmpty(rap.Code) || string.IsNullOrEmpty(rap.RedirectUri))
DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, Constants.OAUTH2_ERROR_INVALID_REQUEST, null, null);
var stored = GetAuthCode(rap.Code);
if (stored == null)
DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, null, null, null);
scopes = stored.Scopes;
// Ensure that the input uri starts with the stored uri
if (!rap.RedirectUri.Equals(stored.RedirectUri, StringComparison.CurrentCultureIgnoreCase))
DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, Constants.OAUTH2_ERROR_INVALID_GRANT, null, null);
if (!clientCridentials.ClientId.Equals(stored.ClientId, StringComparison.CurrentCultureIgnoreCase))
DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, Constants.OAUTH2_ERROR_INVALID_GRANT, null, null);
if (stored.Expires < DateTime.Now.TimeOfDay)
DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, Constants.OAUTH2_ERROR_EXPIRED_TOKEN, null, null);
break;
case Constants.OAUTH2_GRANT_TYPE_USER_CREDENTIALS:
if (string.IsNullOrEmpty(rap.Username) || string.IsNullOrEmpty(rap.Password))
DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, Constants.OAUTH2_ERROR_INVALID_REQUEST, null, null);
if (!CheckUserCredentials(clientCridentials.ClientId, rap.Username, rap.Password))
DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, Constants.OAUTH2_ERROR_INVALID_GRANT, null, null);
break;
default: break;
}
//// Check scope, if provided
if (!string.IsNullOrEmpty(rap.Scope) && !CheckScope(scopes, rap.Scope))
DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, Constants.OAUTH2_ERROR_INVALID_SCOPE, null, null);
string token = CreateAccessToken(clientCridentials.ClientId, rap.Scope);
return token;
}
