/// <summary>
/// Approves an authorization request and sends an HTTP response to the user agent to redirect the user back to the Client.
/// </summary>
/// <param name="authorizationRequest">The authorization request to approve.</param>
/// <param name="userName">The username of the account that approved the request (or whose data will be accessed by the client).</param>
/// <param name="nonce">The nonce data.</param>
/// <param name="successAccessTokenResponse">The end user authorization success access token response.</param>
/// <param name="scopes">The scope of access the client should be granted. If <c>null</c>, all scopes in the original request will be granted.</param>
/// <param name="callback">The Client callback URL to use when formulating the redirect to send the user agent back to the Client.</param>
public void ApproveAuthorizationRequest(EndUserAuthorizationRequest authorizationRequest, string userName, string nonce,
out EndUserAuthorizationSuccessAccessTokenResponse successAccessTokenResponse, IEnumerable <string> scopes = null, Uri callback = null)
{
var response = this.PrepareApproveAuthorizationRequest(authorizationRequest, userName, nonce, out successAccessTokenResponse, scopes, callback);
this.Channel.Respond(response);
}
/// <summary>
/// Approves an authorization request.
/// </summary>
/// <param name="authorizationRequest">The authorization request to approve.</param>
/// <param name="userDataAndNonce">The username of the account that approved the request (or whose data will be accessed by the client).</param>
/// <param name="nonce">The nonce data.</param>
/// <param name="successAccessTokenResponse">The end user authorization success access token response.</param>
/// <param name="scopes">The scope of access the client should be granted. If <c>null</c>, all scopes in the original request will be granted.</param>
/// <param name="callback">The Client callback URL to use when formulating the redirect to send the user agent back to the Client.</param>
/// <returns>The authorization response message to send to the Client.</returns>
public EndUserAuthorizationSuccessResponseBase PrepareApproveAuthorizationRequest(EndUserAuthorizationRequest authorizationRequest,
string userDataAndNonce, string nonce, out EndUserAuthorizationSuccessAccessTokenResponse successAccessTokenResponse, IEnumerable <string> scopes = null, Uri callback = null)
{
Contract.Ensures(Contract.Result <EndUserAuthorizationSuccessResponseBase>() != null);
if (callback == null)
{
callback = this.GetCallback(authorizationRequest);
}
var client = this.AuthorizationServerServices.GetClientOrThrow(authorizationRequest.ClientIdentifier);
EndUserAuthorizationSuccessResponseBase response;
EndUserAuthorizationSuccessAccessTokenResponse implicitGrantResponse = null;
switch (authorizationRequest.ResponseType)
{
case EndUserAuthorizationResponseType.AccessToken:
IAccessTokenRequestInternal accessRequestInternal = (EndUserAuthorizationImplicitRequest)authorizationRequest;
var accessTokenResult = this.AuthorizationServerServices.CreateAccessToken(accessRequestInternal, nonce);
ErrorUtilities.VerifyHost(accessTokenResult != null, "IAuthorizationServerHost.CreateAccessToken must not return null.");
accessRequestInternal.AccessTokenResult = accessTokenResult;
implicitGrantResponse = new EndUserAuthorizationSuccessAccessTokenResponse(callback, authorizationRequest);
implicitGrantResponse.Lifetime = accessTokenResult.AccessToken.Lifetime;
accessTokenResult.AccessToken.ApplyAuthorization(implicitGrantResponse.Scope, userDataAndNonce, implicitGrantResponse.Lifetime);
IAccessTokenCarryingRequest tokenCarryingResponse = implicitGrantResponse;
tokenCarryingResponse.AuthorizationDescription = accessTokenResult.AccessToken;
response = implicitGrantResponse;
break;
case EndUserAuthorizationResponseType.AuthorizationCode:
var authCodeResponse = new EndUserAuthorizationSuccessAuthCodeResponseAS(callback, authorizationRequest);
IAuthorizationCodeCarryingRequest codeCarryingResponse = authCodeResponse;
codeCarryingResponse.AuthorizationDescription = new AuthorizationCode(
authorizationRequest.ClientIdentifier,
authorizationRequest.Callback,
authCodeResponse.Scope,
userDataAndNonce);
response = authCodeResponse;
break;
default:
throw ErrorUtilities.ThrowInternal("Unexpected response type.");
}
response.AuthorizingUsername = userDataAndNonce;
// Customize the approved scope if the authorization server has decided to do so.
if (scopes != null)
{
response.Scope.ResetContents(scopes);
}
successAccessTokenResponse = implicitGrantResponse;
return(response);
}
/// <summary>
/// Create a authorise token from the request. Returns the bdy html result.
/// </summary>
/// <param name="httpRequest">The current http request.</param>
/// <param name="rawUri">A System.Uri object containing information regarding the URL of the current request.</param>
/// <param name="queryString">The collection of HTTP query string variables.</param>
/// <param name="form">The collection of form variables.</param>
/// <param name="headers">The collection of HTTP headers.</param>
/// <param name="cookies">The collection of cookies sent by the client.</param>
/// <param name="returnType">The type of response to return.</param>
/// <param name="responseHeaders">The response headers for the request.</param>
/// <param name="isApprovedByUser">Has the user approved the client to access the resources.</param>
/// <returns>The formatted redirect url; else null.</returns>
private object CreateAuthorise(HttpRequestBase httpRequest, Uri rawUri, NameValueCollection queryString,
NameValueCollection form, NameValueCollection headers, HttpCookieCollection cookies, int returnType,
out System.Net.WebHeaderCollection responseHeaders, bool isApprovedByUser)
{
IDirectedProtocolMessage response = null;
OutgoingWebResponse webResponse = null;
string clientID = null;
string nonce = null;
string codeKey = null;
try
{
// Make sure that all the passed parameters are valid.
if (httpRequest == null)
{
throw new ArgumentNullException("httpRequest");
}
if (rawUri == null)
{
throw new ArgumentNullException("rawUri");
}
if (queryString == null)
{
throw new ArgumentNullException("queryString");
}
if (form == null)
{
throw new ArgumentNullException("form");
}
if (headers == null)
{
throw new ArgumentNullException("headers");
}
if (cookies == null)
{
throw new ArgumentNullException("cookies");
}
// Read the request make sure it is valid.
EndUserAuthorizationRequest pendingRequest = _authorizationServer.ReadAuthorizationRequest(httpRequest);
if (pendingRequest == null)
{
throw new Exception("Missing authorization request.");
}
// Only process if the user has approved the request.
if (isApprovedByUser)
{
// Make sure all maditor parameters are present.
_oAuthAuthorizationServer.ValidateAuthoriseRequestParametersAbsent(queryString);
if (_oAuthAuthorizationServer.ParametersAbsent.Count() > 0)
{
throw new Exception("Some authorisation request parameters are missing.");
}
// Assign each query string parameter.
clientID = pendingRequest.ClientIdentifier;
string callback = pendingRequest.Callback.ToString();
string state = pendingRequest.ClientState;
string scope = OAuthUtilities.JoinScopes(pendingRequest.Scope);
string responseType = (pendingRequest.ResponseType == EndUserAuthorizationResponseType.AccessToken ? "token" : "code");
string companyUniqueUserID = queryString["com_unique_uid"];
// Set the crytography key store values.
_authorizationServer.AuthorizationServerServices.CryptoKeyStore.ExpiryDateTime = DateTime.UtcNow.AddYears(1);
_authorizationServer.AuthorizationServerServices.CryptoKeyStore.ClientIndetifier = clientID;
_authorizationServer.AuthorizationServerServices.CryptoKeyStore.GetCodeKey = false;
// Create a new nonce and store it in the nonce store.
nonce = _nonceStore.GenerateNonce();
_nonceStore.StoreNonce(DateTime.UtcNow, nonce, clientID);
// Create the access token from the stores, and create a new verification code.
string verifier = _consumerStore.SetVerificationCode(clientID, nonce, companyUniqueUserID, scope);
EndUserAuthorizationSuccessAccessTokenResponse successAccessTokenResponse = null;
// Prepare the request. pass the nonce and join the userID and nonce of
// the user that approved the resource access request.
response = _authorizationServer.PrepareApproveAuthorizationRequest(
pendingRequest,
companyUniqueUserID + "_" + nonce,
nonce,
out successAccessTokenResponse);
// Prepare the authorisation response.
webResponse = _authorizationServer.Channel.PrepareResponse(response);
// Create the query collection of the code request
// and extract the code value that is to be sent
// the the client.
NameValueCollection queryResponseString = new NameValueCollection();
Uri uriRequest = webResponse.GetDirectUriRequest(_authorizationServer.Channel);
// For each query item.
string[] queries = uriRequest.Query.Split(new char[] { '&' });
foreach (string query in queries)
{
// Add the query name and value to the collection.
string[] queriesNameValue = query.Split(new char[] { '=' });
queryResponseString.Add(queriesNameValue[0].TrimStart(new char[] { '?' }), queriesNameValue[1]);
}
// What type of response is to be handled.
switch (pendingRequest.ResponseType)
{
case EndUserAuthorizationResponseType.AuthorizationCode:
// The user has requested a code, this is
// used so the client can get a token later.
// If the code response type exits.
if (queryResponseString["code"] != null)
{
codeKey = HttpUtility.UrlDecode(queryResponseString["code"]);
}
// Insert the code key (code or token);
if (!String.IsNullOrEmpty(codeKey))
{
_tokenStore.StoreCodeKey(clientID, nonce, codeKey);
}
break;
case EndUserAuthorizationResponseType.AccessToken:
// This is used so the client is approved and a token is sent back.
// Update the access token.
if (successAccessTokenResponse != null)
{
if (!String.IsNullOrEmpty(successAccessTokenResponse.AccessToken))
{
_tokenStore.UpdateAccessToken(successAccessTokenResponse.AccessToken, nonce);
}
}
break;
}
}
else
{
// Send an error response.
response = _authorizationServer.PrepareRejectAuthorizationRequest(pendingRequest);
}
// What type should be returned.
switch (returnType)
{
case 0:
// A URI request redirect only.
responseHeaders = webResponse.Headers;
return(webResponse.GetDirectUriRequest(_authorizationServer.Channel));
case 1:
// The complete html body.
responseHeaders = webResponse.Headers;
return(webResponse.Body);
default:
// Default is the complete html body.
responseHeaders = webResponse.Headers;
return(webResponse.Body);
}
}
catch (Exception ex)
{
// Get the current token errors.
responseHeaders = null;
_tokenError = ex.Message;
return(null);
}
}
/// <summary>
/// Updates the authorization state maintained by the client with the content of an outgoing response.
/// </summary>
/// <param name="authorizationState">The authorization state maintained by the client.</param>
/// <param name="accessTokenSuccess">The access token containing response message.</param>
internal static void UpdateAuthorizationWithResponse(IAuthorizationState authorizationState, EndUserAuthorizationSuccessAccessTokenResponse accessTokenSuccess)
{
Requires.NotNull(authorizationState, "authorizationState");
Requires.NotNull(accessTokenSuccess, "accessTokenSuccess");
authorizationState.AccessToken = accessTokenSuccess.AccessToken;
authorizationState.AccessTokenExpirationUtc = DateTime.UtcNow + accessTokenSuccess.Lifetime;
authorizationState.AccessTokenIssueDateUtc = DateTime.UtcNow;
if (accessTokenSuccess.Scope != null && accessTokenSuccess.Scope != authorizationState.Scope)
{
if (authorizationState.Scope != null)
{
Logger.OAuth.InfoFormat(
"Requested scope of \"{0}\" changed to \"{1}\" by authorization server.",
authorizationState.Scope,
accessTokenSuccess.Scope);
}
authorizationState.Scope.ResetContents(accessTokenSuccess.Scope);
}
authorizationState.SaveChanges();
}
/// <summary>
/// Updates the authorization state maintained by the client with the content of an outgoing response.
/// </summary>
/// <param name="authorizationState">The authorization state maintained by the client.</param>
/// <param name="accessTokenSuccess">The access token containing response message.</param>
internal static void UpdateAuthorizationWithResponse(IAuthorizationState authorizationState, EndUserAuthorizationSuccessAccessTokenResponse accessTokenSuccess)
{
authorizationState.AccessToken = accessTokenSuccess.AccessToken;
authorizationState.AccessTokenExpirationUtc = DateTime.UtcNow + accessTokenSuccess.Lifetime;
authorizationState.AccessTokenIssueDateUtc = DateTime.UtcNow;
if (accessTokenSuccess.Scope != null && accessTokenSuccess.Scope != authorizationState.Scope)
{
if (authorizationState.Scope != null)
{
}
authorizationState.Scope.ResetContents(accessTokenSuccess.Scope);
}
authorizationState.SaveChanges();
}
