/// <summary> /// The entry point for all AuthProvider providers. Runs inside the AuthService so exceptions are treated normally. /// Overridable so you can provide your own Auth implementation. /// </summary> /// <param name="authService"></param> /// <param name="session"></param> /// <param name="request"></param> /// <returns></returns> public override object Authenticate(IServiceBase authService, IAuthSession session, Authenticate request) { var tokens = Init(authService, ref session, request); //Default OAuth logic based on Twitter's OAuth workflow if (!tokens.RequestToken.IsNullOrEmpty() && !request.oauth_token.IsNullOrEmpty()) { OAuthUtils.RequestToken = tokens.RequestToken; OAuthUtils.RequestTokenSecret = tokens.RequestTokenSecret; OAuthUtils.AuthorizationToken = request.oauth_token; OAuthUtils.AuthorizationVerifier = request.oauth_verifier; if (OAuthUtils.AcquireAccessToken()) { session.IsAuthenticated = true; tokens.AccessToken = OAuthUtils.AccessToken; tokens.AccessTokenSecret = OAuthUtils.AccessTokenSecret; return(OnAuthenticated(authService, session, tokens, OAuthUtils.AuthInfo) ?? authService.Redirect(SuccessRedirectUrlFilter(this, session.ReferrerUrl.SetParam("s", "1")))); //Haz Access } //No Joy :( tokens.RequestToken = null; tokens.RequestTokenSecret = null; authService.SaveSession(session, SessionExpiry); return(authService.Redirect(FailedRedirectUrlFilter(this, session.ReferrerUrl.SetParam("f", "AccessTokenFailed")))); } if (OAuthUtils.AcquireRequestToken()) { tokens.RequestToken = OAuthUtils.RequestToken; tokens.RequestTokenSecret = OAuthUtils.RequestTokenSecret; authService.SaveSession(session, SessionExpiry); //Redirect to OAuth provider to approve access return(authService.Redirect(AccessTokenUrlFilter(this, this.AuthorizeUrl .AddQueryParam("oauth_token", tokens.RequestToken) .AddQueryParam("oauth_callback", session.ReferrerUrl)))); } return(authService.Redirect(FailedRedirectUrlFilter(this, session.ReferrerUrl.SetParam("f", "RequestTokenFailed")))); }
public override object Authenticate(IServiceBase authService, IAuthSession session, Authenticate request) { var tokens = Init(authService, ref session, request); //Transferring AccessToken/Secret from Mobile/Desktop App to Server if (request.AccessToken != null && request.AccessTokenSecret != null) { tokens.AccessToken = request.AccessToken; tokens.AccessTokenSecret = request.AccessTokenSecret; var validToken = AuthHttpGateway.VerifyTwitterAccessToken( ConsumerKey, ConsumerSecret, tokens.AccessToken, tokens.AccessTokenSecret, out var userId, out var email); if (!validToken) { return(HttpError.Unauthorized("AccessToken is invalid")); } if (!string.IsNullOrEmpty(request.UserName) && userId != request.UserName) { return(HttpError.Unauthorized("AccessToken does not match UserId: " + request.UserName)); } tokens.UserId = userId; session.IsAuthenticated = true; var failedResult = OnAuthenticated(authService, session, tokens, new Dictionary <string, string>()); var isHtml = authService.Request.IsHtml(); if (failedResult != null) { return(ConvertToClientError(failedResult, isHtml)); } return(isHtml ? authService.Redirect(SuccessRedirectUrlFilter(this, session.ReferrerUrl.SetParam("s", "1"))) : null); //return default AuthenticateResponse } //Default OAuth logic based on Twitter's OAuth workflow if (!tokens.RequestTokenSecret.IsNullOrEmpty() && !request.oauth_token.IsNullOrEmpty()) { if (OAuthUtils.AcquireAccessToken(tokens.RequestTokenSecret, request.oauth_token, request.oauth_verifier)) { session.IsAuthenticated = true; tokens.AccessToken = OAuthUtils.AccessToken; tokens.AccessTokenSecret = OAuthUtils.AccessTokenSecret; return(OnAuthenticated(authService, session, tokens, OAuthUtils.AuthInfo) ?? authService.Redirect(SuccessRedirectUrlFilter(this, session.ReferrerUrl.SetParam("s", "1")))); //Haz Access } //No Joy :( tokens.RequestToken = null; tokens.RequestTokenSecret = null; this.SaveSession(authService, session, SessionExpiry); return(authService.Redirect(FailedRedirectUrlFilter(this, session.ReferrerUrl.SetParam("f", "AccessTokenFailed")))); } if (OAuthUtils.AcquireRequestToken()) { tokens.RequestToken = OAuthUtils.RequestToken; tokens.RequestTokenSecret = OAuthUtils.RequestTokenSecret; this.SaveSession(authService, session, SessionExpiry); //Redirect to OAuth provider to approve access return(authService.Redirect(AccessTokenUrlFilter(this, this.AuthorizeUrl .AddQueryParam("oauth_token", tokens.RequestToken) .AddQueryParam("oauth_callback", session.ReferrerUrl) .AddQueryParam(Keywords.State, session.Id) // doesn't support state param atm, but it's here when it does ))); } return(authService.Redirect(FailedRedirectUrlFilter(this, session.ReferrerUrl.SetParam("f", "RequestTokenFailed")))); }
public override object Authenticate(IServiceBase authService, IAuthSession session, Authenticate request) { var tokens = Init(authService, ref session, request); //Transfering AccessToken/Secret from Mobile/Desktop App to Server if (request.AccessToken != null && request.AccessTokenSecret != null) { session.IsAuthenticated = true; long userId; if (request.UserName != null && long.TryParse(request.UserName, out userId)) { tokens.UserId = userId.ToString(); } tokens.AccessToken = request.AccessToken; tokens.AccessTokenSecret = request.AccessTokenSecret; var authResponse = OnAuthenticated(authService, session, tokens, new Dictionary <string, string>()); if (authResponse != null) { return(authResponse); } var isHtml = authService.Request.ResponseContentType.MatchesContentType(MimeTypes.Html); return(isHtml ? authService.Redirect(SuccessRedirectUrlFilter(this, session.ReferrerUrl.SetParam("s", "1"))) : null); //return default AuthenticateResponse } //Default OAuth logic based on Twitter's OAuth workflow if (!tokens.RequestToken.IsNullOrEmpty() && !request.oauth_token.IsNullOrEmpty()) { OAuthUtils.RequestToken = tokens.RequestToken; OAuthUtils.RequestTokenSecret = tokens.RequestTokenSecret; OAuthUtils.AuthorizationToken = request.oauth_token; OAuthUtils.AuthorizationVerifier = request.oauth_verifier; if (OAuthUtils.AcquireAccessToken()) { session.IsAuthenticated = true; tokens.AccessToken = OAuthUtils.AccessToken; tokens.AccessTokenSecret = OAuthUtils.AccessTokenSecret; return(OnAuthenticated(authService, session, tokens, OAuthUtils.AuthInfo) ?? authService.Redirect(SuccessRedirectUrlFilter(this, session.ReferrerUrl.SetParam("s", "1")))); //Haz Access } //No Joy :( tokens.RequestToken = null; tokens.RequestTokenSecret = null; this.SaveSession(authService, session, SessionExpiry); return(authService.Redirect(FailedRedirectUrlFilter(this, session.ReferrerUrl.SetParam("f", "AccessTokenFailed")))); } if (OAuthUtils.AcquireRequestToken()) { tokens.RequestToken = OAuthUtils.RequestToken; tokens.RequestTokenSecret = OAuthUtils.RequestTokenSecret; this.SaveSession(authService, session, SessionExpiry); //Redirect to OAuth provider to approve access return(authService.Redirect(AccessTokenUrlFilter(this, this.AuthorizeUrl .AddQueryParam("oauth_token", tokens.RequestToken) .AddQueryParam("oauth_callback", session.ReferrerUrl)))); } return(authService.Redirect(FailedRedirectUrlFilter(this, session.ReferrerUrl.SetParam("f", "RequestTokenFailed")))); }