/// <summary>
/// Initializes a new instance of the <see cref="AuthorizationServer"/> class.
/// </summary>
/// <param name="authorizationServer">The authorization server.</param>
public AuthorizationServer(IAuthorizationServerHost authorizationServer) {
Requires.NotNull(authorizationServer, "authorizationServer");
this.aggregatingClientAuthenticationModule = new AggregatingClientCredentialReader(this.clientAuthenticationModules);
this.Channel = new OAuth2AuthorizationServerChannel(authorizationServer, this.aggregatingClientAuthenticationModule);
this.clientAuthenticationModules.AddRange(OAuth2AuthorizationServerSection.Configuration.ClientAuthenticationModules.CreateInstances(true));
this.ScopeSatisfiedCheck = DefaultScopeSatisfiedCheck;
}
/// <summary>
/// Attempts to extract client identification/authentication information from a message.
/// </summary>
/// <param name="authorizationServerHost">The authorization server host.</param>
/// <param name="requestMessage">The incoming message.</param>
/// <param name="clientIdentifier">Receives the client identifier, if one was found.</param>
/// <returns>The level of the extracted client information.</returns>
public override ClientAuthenticationResult TryAuthenticateClient(IAuthorizationServerHost authorizationServerHost, AuthenticatedClientRequestBase requestMessage, out string clientIdentifier)
{
Requires.NotNull(authorizationServerHost, "authorizationServerHost");
Requires.NotNull(requestMessage, "requestMessage");
ClientAuthenticationModule authenticator = null;
ClientAuthenticationResult result = ClientAuthenticationResult.NoAuthenticationRecognized;
clientIdentifier = null;
foreach (var candidateAuthenticator in this.authenticators)
{
string candidateClientIdentifier;
var resultCandidate = candidateAuthenticator.TryAuthenticateClient(authorizationServerHost, requestMessage, out candidateClientIdentifier);
ErrorUtilities.VerifyProtocol(
result == ClientAuthenticationResult.NoAuthenticationRecognized || resultCandidate == ClientAuthenticationResult.NoAuthenticationRecognized,
"Message rejected because multiple forms of client authentication ({0} and {1}) were detected, which is forbidden by the OAuth 2 Protocol Framework specification.",
authenticator,
candidateAuthenticator);
if (resultCandidate != ClientAuthenticationResult.NoAuthenticationRecognized)
{
authenticator = candidateAuthenticator;
result = resultCandidate;
clientIdentifier = candidateClientIdentifier;
}
}
return(result);
}
/// <summary>
/// Verifies a condition is true or throws an exception describing the problem.
/// </summary>
/// <param name="condition">The condition that evaluates to true to avoid an exception.</param>
/// <param name="requestMessage">The request message.</param>
/// <param name="error">A single error code from <see cref="Protocol.AccessTokenRequestErrorCodes"/>.</param>
/// <param name="authenticationModule">The authentication module from which to glean the WWW-Authenticate header when applicable.</param>
/// <param name="unformattedDescription">A human-readable UTF-8 encoded text providing additional information, used to assist the client developer in understanding the error that occurred.</param>
/// <param name="args">The formatting arguments to generate the actual description.</param>
internal static void TokenEndpointVerify(bool condition, AccessTokenRequestBase requestMessage, string error, ClientAuthenticationModule authenticationModule = null, string unformattedDescription = null, params object[] args) {
if (!condition) {
string description = unformattedDescription != null ? string.Format(CultureInfo.CurrentCulture, unformattedDescription, args) : null;
string wwwAuthenticateHeader = null;
if (authenticationModule != null) {
wwwAuthenticateHeader = authenticationModule.AuthenticateHeader;
}
throw new TokenEndpointProtocolException(requestMessage, error, description, authenticateHeader: wwwAuthenticateHeader);
}
}
/// <summary>
/// Initializes a new instance of the <see cref="OAuth2AuthorizationServerChannel"/> class.
/// </summary>
/// <param name="authorizationServer">The authorization server.</param>
/// <param name="clientAuthenticationModule">The aggregating client authentication module.</param>
protected internal OAuth2AuthorizationServerChannel(IAuthorizationServerHost authorizationServer, ClientAuthenticationModule clientAuthenticationModule)
: base(MessageTypes, InitializeBindingElements(authorizationServer, clientAuthenticationModule)) {
Requires.NotNull(authorizationServer, "authorizationServer");
this.AuthorizationServer = authorizationServer;
}
/// <summary>
/// Initializes the binding elements for the OAuth channel.
/// </summary>
/// <param name="authorizationServer">The authorization server.</param>
/// <param name="clientAuthenticationModule">The aggregating client authentication module.</param>
/// <returns>
/// An array of binding elements used to initialize the channel.
/// </returns>
private static IChannelBindingElement[] InitializeBindingElements(IAuthorizationServerHost authorizationServer, ClientAuthenticationModule clientAuthenticationModule) {
Requires.NotNull(authorizationServer, "authorizationServer");
Requires.NotNull(clientAuthenticationModule, "clientAuthenticationModule");
var bindingElements = new List<IChannelBindingElement>();
// The order they are provided is used for outgoing messgaes, and reversed for incoming messages.
bindingElements.Add(new MessageValidationBindingElement(clientAuthenticationModule));
bindingElements.Add(new TokenCodeSerializationBindingElement());
return bindingElements.ToArray();
}
/// <summary>
/// Initializes a new instance of the <see cref="OAuth2AuthorizationServerChannel"/> class.
/// </summary>
/// <param name="authorizationServer">The authorization server.</param>
/// <param name="clientAuthenticationModule">The aggregating client authentication module.</param>
protected internal OAuth2AuthorizationServerChannel(IAuthorizationServerHost authorizationServer, ClientAuthenticationModule clientAuthenticationModule)
: base(MessageTypes, InitializeBindingElements(authorizationServer, clientAuthenticationModule))
{
Requires.NotNull(authorizationServer, "authorizationServer");
this.AuthorizationServer = authorizationServer;
}
/// <summary>
/// Initializes the binding elements for the OAuth channel.
/// </summary>
/// <param name="authorizationServer">The authorization server.</param>
/// <param name="clientAuthenticationModule">The aggregating client authentication module.</param>
/// <returns>
/// An array of binding elements used to initialize the channel.
/// </returns>
private static IChannelBindingElement[] InitializeBindingElements(IAuthorizationServerHost authorizationServer, ClientAuthenticationModule clientAuthenticationModule)
{
Requires.NotNull(authorizationServer, "authorizationServer");
Requires.NotNull(clientAuthenticationModule, "clientAuthenticationModule");
var bindingElements = new List <IChannelBindingElement>();
// The order they are provided is used for outgoing messgaes, and reversed for incoming messages.
bindingElements.Add(new MessageValidationBindingElement(clientAuthenticationModule));
bindingElements.Add(new TokenCodeSerializationBindingElement());
return(bindingElements.ToArray());
}
/// <summary>
/// Initializes a new instance of the <see cref="MessageValidationBindingElement"/> class.
/// </summary>
/// <param name="clientAuthenticationModule">The aggregating client authentication module.</param>
internal MessageValidationBindingElement(ClientAuthenticationModule clientAuthenticationModule)
{
Requires.NotNull(clientAuthenticationModule, "clientAuthenticationModule");
this.clientAuthenticationModule = clientAuthenticationModule;
}
/// <summary>
/// Initializes a new instance of the <see cref="MessageValidationBindingElement"/> class.
/// </summary>
/// <param name="clientAuthenticationModule">The aggregating client authentication module.</param>
internal MessageValidationBindingElement(ClientAuthenticationModule clientAuthenticationModule) {
Requires.NotNull(clientAuthenticationModule, "clientAuthenticationModule");
this.clientAuthenticationModule = clientAuthenticationModule;
}