private static List <Scope> ValidateScopesForContext(IdentityMembership membership, List <Scope> resultingScopes) { if (membership == null) { return(resultingScopes); } if (!membership.CanAccessNeeds) { RemoveScope(resultingScopes, "needs"); } if (!membership.CanAccessMembership) { RemoveScope(resultingScopes, "membership"); } if (!membership.CanAccessSentShares) { RemoveScope(resultingScopes, "sent_shares"); } if (!membership.CanAccessReceivedShares) { RemoveScope(resultingScopes, "received_shares"); } return(resultingScopes); }
private static void ValidateScopes(AuthorizeRequest request, ValidatedRequest validatedRequest, IdentityMembership membership) { // validate scopes if (string.IsNullOrEmpty(request.scope)) { throw new AuthorizeRequestClientException( "Missing scope.", new Uri(validatedRequest.RedirectUri.Uri), OAuthConstants.Errors.InvalidScope, validatedRequest.ResponseType, validatedRequest.State); } var requestedScopes = request.scope.Split(' ').ToList(); List <Scope> resultingScopes; if (validatedRequest.Application.Scopes.TryValidateScopes(validatedRequest.Client.ClientId, requestedScopes, out resultingScopes)) { resultingScopes = ValidateScopesForContext(membership, resultingScopes); validatedRequest.Scopes = resultingScopes; Tracing.InformationFormat("Requested scopes: {0}", request.scope); } else { throw new AuthorizeRequestClientException( "Invalid scope.", new Uri(validatedRequest.RedirectUri.Uri), OAuthConstants.Errors.InvalidScope, validatedRequest.ResponseType, validatedRequest.State); } }