public ActionResult ProcessAuthorization(bool isApproved)
{
// Have DotNetOpenAuth read the info we need out of the request
EndUserAuthorizationRequest pendingRequest = _authorizationServer.ReadAuthorizationRequest();
if (pendingRequest == null)
{
throw new HttpException(Convert.ToInt32(HttpStatusCode.BadRequest), "Missing authorization request.");
}
// Make sure the client is one we recognize
Client requestingClient = _clientRepository.GetById(pendingRequest.ClientIdentifier);
if (requestingClient == null)
{
throw new HttpException(Convert.ToInt32(HttpStatusCode.BadRequest), "Invalid request");
}
// Make sure the resource is defined, it definitely should be due to the ResourceAuthenticated attribute
Resource requestedResource = _resourceRepository.FindWithSupportedScopes(pendingRequest.Scope);
if (requestedResource == null)
{
throw new HttpException(Convert.ToInt32(HttpStatusCode.BadRequest), "Invalid request");
}
// See if authorization of this client was approved by the user
// At this point, the user either agrees to the entire scope requested by the client or none of it.
// If we gave capability for user to reduce scope to give client less access, some changes would be required here
IDirectedProtocolMessage authRequest;
if (isApproved)
{
// Add user to our repository if this is their first time
var requestingUser = _userRepository.GetById(User.Identity.Name);
if (requestingUser == null)
{
requestingUser = new User {
Id = User.Identity.Name, CreateDateUtc = DateTime.UtcNow
};
_userRepository.Insert(requestingUser);
_userRepository.Save();
}
// The authorization we file in our database lasts until the user explicitly revokes it.
// You can cause the authorization to expire by setting the ExpirationDateUTC
// property in the below created ClientAuthorization.
_authorizationRepository.Insert(new Authorization
{
ClientId = requestingClient.Id,
Scope = OAuthUtilities.JoinScopes(pendingRequest.Scope),
UserId = requestingUser.Id,
ResourceId = requestedResource.Id,
CreatedOnUtc = DateTime.UtcNow
});
_authorizationRepository.Save();
// Have DotNetOpenAuth generate an approval to send back to the client
authRequest = _authorizationServer.PrepareApproveAuthorizationRequest(pendingRequest, User.Identity.Name);
}
else
{
// Have DotNetOpenAuth generate a rejection to send back to the client
authRequest = _authorizationServer.PrepareRejectAuthorizationRequest(pendingRequest);
// The PrepareResponse call below is giving an error of "The following required parameters were missing from the DotNetOpenAuth.OAuth2.Messages.EndUserAuthorizationFailedResponse message: error"
// unless I do this.....
var msg = (EndUserAuthorizationFailedResponse)authRequest;
msg.Error = "User denied your request";
}
// This will redirect to the client app using their defined callback, so they can handle
// the approval or rejection as they see fit
return(_authorizationServer.Channel.PrepareResponse(authRequest).AsActionResult());
}