/// <summary>
/// Determines whether a described authorization is (still) valid.
/// </summary>
/// <param name="authorization">The authorization.</param>
/// <returns>
/// <c>true</c> if the original authorization is still valid; otherwise, <c>false</c>.
/// </returns>
/// <remarks>
/// <para>
/// When establishing that an authorization is still valid,
/// it's very important to only match on recorded authorizations that
/// meet these criteria:
/// </para>
/// 1) The client identifier matches.
/// 2) The user account matches.
/// 3) The scope on the recorded authorization must include all scopes in the given authorization.
/// 4) The date the recorded authorization was issued must be <em>no later</em> that the date the given authorization
/// was issued.
/// <para>
/// One possible scenario is where the user authorized a client, later revoked authorization,
/// and even later reinstated authorization. This subsequent recorded authorization
/// would not satisfy requirement #4 in the above list. This is important because the revocation
/// the user went through should invalidate all previously issued tokens as a matter of
/// security in the event the user was revoking access in order to sever authorization on a stolen
/// account or piece of hardware in which the tokens were stored.
/// </para>
/// </remarks>
public bool IsAuthorizationValid(IAuthorizationDescription authorization)
{
Guard.NotNull(() => authorization, authorization);
// Verify the user still exists
if (IsUserExists(authorization.User))
{
//Verify the application still exists
if (IsClientExist(authorization.ClientIdentifier))
{
//Verify the scope is valid
if ((authorization.Scope.Count == 1) &&
(authorization.Scope.First().EqualsIgnoreCase(AccessScope.Profile)))
{
return(true);
}
}
}
//TODO: When we support user configuration of applications and scopes of access
//TODO: Verify the scopes the user permits
//TODO: verify that the user still permits this application
//TODO: Verify the date issued is no sooner than the date the user permitted the application
// TODO: This is where we should check (e.g. in our authorization database)
//that the resource owner has not revoked the authorization associated with the request.
return(false);
}
public bool IsAuthorizationValid(IAuthorizationDescription authorization)
{
//这里可以改进
//只要到达这步,说明authorization.Scope已经获得认证了,不需要再重新校验
//return this.IsAuthorizationValid(authorization.Scope, authorization.ClientIdentifier, authorization.UtcIssued, authorization.User);
return(true);
}
// Determine whether the given authorization is still ok
public bool IsAuthorizationValid(IAuthorizationDescription authorization)
{
// If db precision exceeds token time precision (which is common), the following query would
// often disregard a token that is minted immediately after the authorization record is stored in the db.
// To compensate for this, we'll increase the timestamp on the token's issue date by 1 second.
var grantedAuths = _authorizationRepository.FindCurrent(authorization.ClientIdentifier, authorization.User,
authorization.UtcIssued + TimeSpan.FromSeconds(1)).ToList();
if (!grantedAuths.Any())
{
// No granted authorizations prior to the issuance of this token, so it must have been revoked.
// Even if later authorizations restore this client's ability to call in, we can't allow
// access tokens issued before the re-authorization because the revoked authorization should
// effectively and permanently revoke all access and refresh tokens.
return(false);
}
// Determine the set of all scopes the user has authorized for this client
var grantedScopes = new HashSet <string>(OAuthUtilities.ScopeStringComparer);
foreach (var auth in grantedAuths)
{
grantedScopes.UnionWith(OAuthUtilities.SplitScopes(auth.Scope));
}
// See if what's requested is authorized
return(authorization.Scope.IsSubsetOf(grantedScopes));
}
/// <summary>
/// Initializes a new instance of the <see cref="RefreshToken"/> class.
/// </summary>
/// <param name="authorization">The authorization this refresh token should describe.</param>
internal RefreshToken(IAuthorizationDescription authorization)
{
this.ClientIdentifier = authorization.ClientIdentifier;
this.UtcCreationDate = authorization.UtcIssued;
this.UserDataAndNonce = authorization.UserDataAndNonce;
this.Scope.ResetContents(authorization.Scope);
}
public void ApplyAuthorization(IAuthorizationDescription authorization)
{
this.ClientIdentifier = authorization.ClientIdentifier;
this.UtcCreationDate = authorization.UtcIssued;
this.User = authorization.User;
this.Scope.ResetContents(authorization.Scope);
}
public bool IsAuthorizationValid(IAuthorizationDescription authorization)
{
if (authorization == null)
{
throw new ArgumentNullException(nameof(authorization));
}
return(IsAuthorizationValid(authorization.Scope, authorization.ClientIdentifier, authorization.UtcIssued, authorization.User));
}
/// <summary>
/// Initializes a new instance of the <see cref="RefreshToken"/> class.
/// </summary>
/// <param name="authorization">The authorization this refresh token should describe.</param>
internal RefreshToken(IAuthorizationDescription authorization) {
Contract.Requires<ArgumentNullException>(authorization != null);
this.ClientIdentifier = authorization.ClientIdentifier;
this.UtcCreationDate = authorization.UtcIssued;
this.User = authorization.User;
this.Scope.ResetContents(authorization.Scope);
}
/// <summary>
/// Initializes this instance of the <see cref="AccessToken"/> class.
/// </summary>
/// <param name="authorization">The authorization to apply to this access token.</param>
internal void ApplyAuthorization(IAuthorizationDescription authorization) {
Requires.NotNull(authorization, "authorization");
this.ClientIdentifier = authorization.ClientIdentifier;
this.UtcCreationDate = authorization.UtcIssued;
this.User = authorization.User;
this.Scope.ResetContents(authorization.Scope);
}
/// <summary>
/// Determines whether a described authorization is (still) valid.
/// </summary>
/// <param name="authorization">The authorization.</param>
/// <returns>
/// <c>true</c> if the original authorization is still valid; otherwise, <c>false</c>.
/// </returns>
/// <remarks>
/// <para>When establishing that an authorization is still valid,
/// it's very important to only match on recorded authorizations that
/// meet these criteria:</para>
/// 1) The client identifier matches.
/// 2) The user account matches.
/// 3) The scope on the recorded authorization must include all scopes in the given authorization.
/// 4) The date the recorded authorization was issued must be <em>no later</em> that the date the given authorization was issued.
/// <para>One possible scenario is where the user authorized a client, later revoked authorization,
/// and even later reinstated authorization. This subsequent recorded authorization
/// would not satisfy requirement #4 in the above list. This is important because the revocation
/// the user went through should invalidate all previously issued tokens as a matter of
/// security in the event the user was revoking access in order to sever authorization on a stolen
/// account or piece of hardware in which the tokens were stored. </para>
/// </remarks>
public bool IsAuthorizationValid(IAuthorizationDescription authorization)
{
// If your application supports access revocation (highly recommended),
// this method should return false if the specified authorization is not
// discovered in your current authorizations table.
//// TODO: code here
return(true);
}
/// <summary>
/// Initializes a new instance of the <see cref="AccessToken"/> class.
/// </summary>
/// <param name="authorization">The authorization to be described by the access token.</param>
/// <param name="lifetime">The lifetime of the access token.</param>
internal AccessToken(IAuthorizationDescription authorization, TimeSpan? lifetime) {
Contract.Requires<ArgumentNullException>(authorization != null);
this.ClientIdentifier = authorization.ClientIdentifier;
this.UtcCreationDate = authorization.UtcIssued;
this.User = authorization.User;
this.Scope.ResetContents(authorization.Scope);
this.Lifetime = lifetime;
}
/// <summary>
/// Initializes a new instance of the <see cref="RefreshToken"/> class.
/// </summary>
/// <param name="authorization">The authorization this refresh token should describe.</param>
internal RefreshToken(IAuthorizationDescription authorization)
{
Requires.NotNull(authorization, "authorization");
this.ClientIdentifier = authorization.ClientIdentifier;
this.UtcCreationDate = authorization.UtcIssued;
this.User = authorization.User;
this.Scope.ResetContents(authorization.Scope);
}
/// <summary>
/// Initializes a new instance of the <see cref="AccessToken"/> class.
/// </summary>
/// <param name="authorization">The authorization to be described by the access token.</param>
/// <param name="lifetime">The lifetime of the access token.</param>
internal AccessToken(IAuthorizationDescription authorization, TimeSpan? lifetime) {
Requires.NotNull(authorization, "authorization");
this.ClientIdentifier = authorization.ClientIdentifier;
this.UtcCreationDate = authorization.UtcIssued;
this.User = authorization.User;
this.Scope.ResetContents(authorization.Scope);
this.Lifetime = lifetime;
}
public bool IsAuthorizationValid(IAuthorizationDescription authorization)
{
if (authorization.ClientIdentifier == "RP" &&
authorization.Scope.Count == 1 &&
authorization.Scope.First() == "http://localhost/demo" &&
authorization.User == "Max Muster")
{
return(true);
}
return(false);
}
public bool IsAuthorizationValid(IAuthorizationDescription authorization)
{
var client = DataStore.Instance.Clients
.First(c => c.ClientIdentifier == authorization.ClientIdentifier);
var authorizations = client.ClientAuthorizations
.Where(a => a.UserId == authorization.User &&
a.IssueDate <= authorization.UtcIssued.AddSeconds(1) &&
(!a.ExpirationDateUtc.HasValue ||
a.ExpirationDateUtc.Value >= DateTime.UtcNow));
if (!authorizations.Any()) // No authorizations
{
return(false);
}
var grantedScopes = new HashSet <string>();
authorizations.ToList().ForEach(a => grantedScopes.UnionWith(a.Scope));
return(authorization.Scope.IsSubsetOf(grantedScopes));
}
/// <summary>
/// Determines whether a described authorization is (still) valid.
/// </summary>
/// <param name="authorization">The authorization.</param>
/// <returns>
/// <c>true</c> if the original authorization is still valid; otherwise, <c>false</c>.
/// </returns>
/// <remarks>
/// <para>When establishing that an authorization is still valid,
/// it's very important to only match on recorded authorizations that
/// meet these criteria:</para>
/// 1) The client identifier matches.
/// 2) The user account matches.
/// 3) The scope on the recorded authorization must include all scopes in the given authorization.
/// 4) The date the recorded authorization was issued must be <em>no later</em> that the date the given authorization was issued.
/// <para>One possible scenario is where the user authorized a client, later revoked authorization,
/// and even later reinstated authorization. This subsequent recorded authorization
/// would not satisfy requirement #4 in the above list. This is important because the revocation
/// the user went through should invalidate all previously issued tokens as a matter of
/// security in the event the user was revoking access in order to sever authorization on a stolen
/// account or piece of hardware in which the tokens were stored. </para>
/// </remarks>
public bool IsAuthorizationValid(IAuthorizationDescription authorization)
{
// Try to find a user with the specified username and password
var user = this.db.Users.FirstOrDefault(u => u.OpenIDClaimedIdentifier == authorization.User);
// If no user was found with the specified username/password combination, the authorization is not valid
if (user == null)
{
return(false);
}
// Try to find the authorization the user has with the specified client
var userAuthorizationForClient = user.Authorizations.FirstOrDefault(a => a.Client.ClientIdentifier == authorization.ClientIdentifier);
// If no user authorization was found, that means that the user is not authorized for the specified client.
// As a consequence, the authorization is not valid
if (userAuthorizationForClient == null)
{
return(false);
}
// We check once again if the user is authorized for the specified scopes
return(RequestedScopeIsValid(authorization.Scope, OAuthUtilities.SplitScopes(userAuthorizationForClient.Scope)));
}
public bool IsAuthorizationValid(IAuthorizationDescription authorization) {
return this.IsAuthorizationValid(authorization.Scope, authorization.ClientIdentifier, authorization.UtcIssued, authorization.User);
}
public bool IsAuthorizationValid(IAuthorizationDescription authorization)
{
throw new NotImplementedException();
}
bool IAuthorizationServerHost.IsAuthorizationValid(IAuthorizationDescription authorization)
{
throw new NotImplementedException();
}
public bool IsAuthorizationValid(IAuthorizationDescription authorization)
{
// possibly only called on refresh token so always return false for now
return false;
}
public bool IsAuthorizationValid(IAuthorizationDescription authorization)
{
return(this.IsAuthorizationValid(authorization.Scope, authorization.ClientIdentifier, authorization.UtcIssued, authorization.User));
}
/// <summary>
/// Determines whether a described authorization is (still) valid.
/// </summary>
/// <param name="authorization">The authorization.</param>
/// <returns>
/// <c>true</c> if the original authorization is still valid; otherwise, <c>false</c>.
/// </returns>
/// <remarks>
/// <para>When establishing that an authorization is still valid,
/// it's very important to only match on recorded authorizations that
/// meet these criteria:</para>
/// 1) The client identifier matches.
/// 2) The user account matches.
/// 3) The scope on the recorded authorization must include all scopes in the given authorization.
/// 4) The date the recorded authorization was issued must be <em>no later</em> that the date the given authorization was issued.
/// <para>One possible scenario is where the user authorized a client, later revoked authorization,
/// and even later reinstated authorization. This subsequent recorded authorization
/// would not satisfy requirement #4 in the above list. This is important because the revocation
/// the user went through should invalidate all previously issued tokens as a matter of
/// security in the event the user was revoking access in order to sever authorization on a stolen
/// account or piece of hardware in which the tokens were stored. </para>
/// </remarks>
bool IAuthorizationServerHost.IsAuthorizationValid(IAuthorizationDescription authorization)
{
Requires.NotNull(authorization, "authorization");
throw new NotImplementedException();
}
/// <summary>
/// Determines whether a described authorization is (still) valid.
/// </summary>
/// <param name="authorization">The authorization.</param>
/// <returns>
/// <c>true</c> if the original authorization is still valid; otherwise, <c>false</c>.
/// </returns>
/// <remarks>
/// <para>When establishing that an authorization is still valid,
/// it's very important to only match on recorded authorizations that
/// meet these criteria:</para>
/// 1) The client identifier matches.
/// 2) The user account matches.
/// 3) The scope on the recorded authorization must include all scopes in the given authorization.
/// 4) The date the recorded authorization was issued must be <em>no later</em> that the date the given authorization was issued.
/// <para>One possible scenario is where the user authorized a client, later revoked authorization,
/// and even later reinstated authorization. This subsequent recorded authorization
/// would not satisfy requirement #4 in the above list. This is important because the revocation
/// the user went through should invalidate all previously issued tokens as a matter of
/// security in the event the user was revoking access in order to sever authorization on a stolen
/// account or piece of hardware in which the tokens were stored. </para>
/// </remarks>
public bool IsAuthorizationValid(IAuthorizationDescription authorization)
{
// If your application supports access revocation (highly recommended),
// this method should return false if the specified authorization is not
// discovered in your current authorizations table.
//// TODO: code here
return true;
}
/// <summary>
/// Determines whether a described authorization is (still) valid.
/// </summary>
/// <param name="authorization">The authorization.</param>
/// <returns>
/// <c>true</c> if the original authorization is still valid; otherwise, <c>false</c>.
/// </returns>
/// <remarks>
/// <para>When establishing that an authorization is still valid,
/// it's very important to only match on recorded authorizations that
/// meet these criteria:</para>
/// 1) The client identifier matches.
/// 2) The user account matches.
/// 3) The scope on the recorded authorization must include all scopes in the given authorization.
/// 4) The date the recorded authorization was issued must be <em>no later</em> that the date the given authorization was issued.
/// <para>One possible scenario is where the user authorized a client, later revoked authorization,
/// and even later reinstated authorization. This subsequent recorded authorization
/// would not satisfy requirement #4 in the above list. This is important because the revocation
/// the user went through should invalidate all previously issued tokens as a matter of
/// security in the event the user was revoking access in order to sever authorization on a stolen
/// account or piece of hardware in which the tokens were stored. </para>
/// </remarks>
public bool IsAuthorizationValid(IAuthorizationDescription authorization)
{
// Try to find a user with the specified username and password
var user = this.db.Users.FirstOrDefault(u => u.OpenIDClaimedIdentifier == authorization.User);
// If no user was found with the specified username/password combination, the authorization is not valid
if (user == null)
{
return false;
}
// Try to find the authorization the user has with the specified client
var userAuthorizationForClient = user.Authorizations.FirstOrDefault(a => a.Client.ClientIdentifier == authorization.ClientIdentifier);
// If no user authorization was found, that means that the user is not authorized for the specified client.
// As a consequence, the authorization is not valid
if (userAuthorizationForClient == null)
{
return false;
}
// We check once again if the user is authorized for the specified scopes
return RequestedScopeIsValid(authorization.Scope, OAuthUtilities.SplitScopes(userAuthorizationForClient.Scope));
}
/// <summary>
/// Determines whether a described authorization is (still) valid.
/// </summary>
/// <param name="authorization">The authorization.</param>
/// <returns>
/// <c>true</c> if the original authorization is still valid; otherwise, <c>false</c>.
/// </returns>
/// <remarks>
/// <para>When establishing that an authorization is still valid,
/// it's very important to only match on recorded authorizations that
/// meet these criteria:</para>
/// 1) The client identifier matches.
/// 2) The user account matches.
/// 3) The scope on the recorded authorization must include all scopes in the given authorization.
/// 4) The date the recorded authorization was issued must be <em>no later</em> that the date the given authorization was issued.
/// <para>One possible scenario is where the user authorized a client, later revoked authorization,
/// and even later reinstated authorization. This subsequent recorded authorization
/// would not satisfy requirement #4 in the above list. This is important because the revocation
/// the user went through should invalidate all previously issued tokens as a matter of
/// security in the event the user was revoking access in order to sever authorization on a stolen
/// account or piece of hardware in which the tokens were stored. </para>
/// </remarks>
bool IAuthorizationServer.IsAuthorizationValid(IAuthorizationDescription authorization) {
Contract.Requires<ArgumentNullException>(authorization != null);
throw new NotImplementedException();
}
public bool IsAuthorizationValid(IAuthorizationDescription authorization)
{
throw new NotImplementedException();
}
/// <summary>
/// Determines whether a described authorization is (still) valid.
/// </summary>
/// <param name="authorization">The authorization.</param>
/// <returns>
/// <c>true</c> if the original authorization is still valid; otherwise, <c>false</c>.
/// </returns>
/// <remarks>
/// <para>When establishing that an authorization is still valid,
/// it's very important to only match on recorded authorizations that
/// meet these criteria:</para>
/// 1) The client identifier matches.
/// 2) The user account matches.
/// 3) The scope on the recorded authorization must include all scopes in the given authorization.
/// 4) The date the recorded authorization was issued must be <em>no later</em> that the date the given authorization was issued.
/// <para>One possible scenario is where the user authorized a client, later revoked authorization,
/// and even later reinstated authorization. This subsequent recorded authorization
/// would not satisfy requirement #4 in the above list. This is important because the revocation
/// the user went through should invalidate all previously issued tokens as a matter of
/// security in the event the user was revoking access in order to sever authorization on a stolen
/// account or piece of hardware in which the tokens were stored. </para>
/// </remarks>
public bool IsAuthorizationValid(IAuthorizationDescription authorization)
{
HashSet <string> requestedScopes = authorization.Scope;
string clientIdentifier = authorization.ClientIdentifier;
DateTime issuedUtc = authorization.UtcIssued;
string userData = authorization.UserDataAndNonce;
// Get the client for the consumer key
var client = GetSpecificClient(clientIdentifier);
if (client != null)
{
string[] userNonce = userData.Split(new char[] { '_' });
string userID = userNonce[0];
string nonce = userNonce[1];
// Get the nonce
var nonceData = GetSpecificNonce(clientIdentifier, nonce);
if (nonceData != null)
{
// Get the specific OAuth consumer.
var oAuthConsumer = GetSpecificOAuthConsumers(nonceData.OAuthConsumerID);
if (oAuthConsumer != null)
{
// If the verification code has been set
// then grant access.
if (!String.IsNullOrEmpty(oAuthConsumer.VerificationCode) && (oAuthConsumer.UserID != null))
{
// Get the specifice user authorization.
var clientAuth = GetSpecificClientAuthorization(client.ClientID, nonceData.Code);
if (clientAuth != null)
{
// If the verification code has been set
// then grant access.
if ((clientAuth.UserID != null) && (clientAuth.ExpirationDateUtc.HasValue))
{
// Add one second onto the creation date.
issuedUtc += TimeSpan.FromSeconds(1);
if ((clientAuth.CreatedOnUtc <= issuedUtc) && (clientAuth.ExpirationDateUtc.Value >= DateTime.UtcNow))
{
return(true);
}
else
{
return(false);
}
}
else
{
return(false);
}
}
else
{
throw new Exception("No request authorization has been found, can not find a verification code.");
}
}
else
{
return(false);
}
}
else
{
throw new Exception("No request authorization has been found, can not find a verification code.");
}
}
else
{
throw new Exception("No request nonce has been found, can not find a verification code.");
}
}
else
{
throw new Exception("The client for consumer key : " + clientIdentifier + " does not exist.");
}
}
// Determine whether the given authorization is still ok
public bool IsAuthorizationValid(IAuthorizationDescription authorization)
{
// If db precision exceeds token time precision (which is common), the following query would
// often disregard a token that is minted immediately after the authorization record is stored in the db.
// To compensate for this, we'll increase the timestamp on the token's issue date by 1 second.
var grantedAuths = _authorizationRepository.FindCurrent(authorization.ClientIdentifier, authorization.User,
authorization.UtcIssued + TimeSpan.FromSeconds(1)).ToList();
if (!grantedAuths.Any())
{
// No granted authorizations prior to the issuance of this token, so it must have been revoked.
// Even if later authorizations restore this client's ability to call in, we can't allow
// access tokens issued before the re-authorization because the revoked authorization should
// effectively and permanently revoke all access and refresh tokens.
return false;
}
// Determine the set of all scopes the user has authorized for this client
var grantedScopes = new HashSet<string>(OAuthUtilities.ScopeStringComparer);
foreach (var auth in grantedAuths)
{
grantedScopes.UnionWith(OAuthUtilities.SplitScopes(auth.Scope));
}
// See if what's requested is authorized
return authorization.Scope.IsSubsetOf(grantedScopes);
}
public bool IsAuthorizationValid(IAuthorizationDescription authorization)
{
//TODO: Maybe put some code here. This is mainly used for revocation of authorization grants - if
//need to do it, we can, but for now assume that we don't need to do any revocation beyond expiry.
return true;
}
/// <summary>
/// Determines whether a described authorization is (still) valid.
/// </summary>
/// <param name="authorization">The authorization.</param>
/// <returns>
/// <c>true</c> if the original authorization is still valid; otherwise, <c>false</c>.
/// </returns>
/// <remarks>
/// <para>When establishing that an authorization is still valid,
/// it's very important to only match on recorded authorizations that
/// meet these criteria:</para>
/// 1) The client identifier matches.
/// 2) The user account matches.
/// 3) The scope on the recorded authorization must include all scopes in the given authorization.
/// 4) The date the recorded authorization was issued must be <em>no later</em> that the date the given authorization was issued.
/// <para>One possible scenario is where the user authorized a client, later revoked authorization,
/// and even later reinstated authorization. This subsequent recorded authorization
/// would not satisfy requirement #4 in the above list. This is important because the revocation
/// the user went through should invalidate all previously issued tokens as a matter of
/// security in the event the user was revoking access in order to sever authorization on a stolen
/// account or piece of hardware in which the tokens were stored. </para>
/// </remarks>
public bool IsAuthorizationValid(IAuthorizationDescription authorization)
{
// This method will never be called as we store our tokens in-memory so any attempt to
// refresh a token will fail before this method is called as the server will not recognize
// the token as being one it issued. For demo purposes, we show what the implementation
// might look like
return UserIsAuthorizedForRequestedScopes(authorization.User, authorization.Scope);
}
public bool IsAuthorizationValid(IAuthorizationDescription authorization)
{
return true;
}
/// <summary>
/// Determines whether a described authorization is (still) valid.
/// </summary>
/// <param name="authorization">The authorization.</param>
/// <returns>
/// <c>true</c> if the original authorization is still valid; otherwise, <c>false</c>.
/// </returns>
/// <remarks>
/// <para>When establishing that an authorization is still valid,
/// it's very important to only match on recorded authorizations that
/// meet these criteria:</para>
/// 1) The client identifier matches.
/// 2) The user account matches.
/// 3) The scope on the recorded authorization must include all scopes in the given authorization.
/// 4) The date the recorded authorization was issued must be <em>no later</em> that the date the given authorization was issued.
/// <para>One possible scenario is where the user authorized a client, later revoked authorization,
/// and even later reinstated authorization. This subsequent recorded authorization
/// would not satisfy requirement #4 in the above list. This is important because the revocation
/// the user went through should invalidate all previously issued tokens as a matter of
/// security in the event the user was revoking access in order to sever authorization on a stolen
/// account or piece of hardware in which the tokens were stored. </para>
/// </remarks>
bool IAuthorizationServerHost.IsAuthorizationValid(IAuthorizationDescription authorization) {
Requires.NotNull(authorization, "authorization");
throw new NotImplementedException();
}
public bool IsAuthorizationValid(IAuthorizationDescription authorization)
{
//TODO: Maybe put some code here. This is mainly used for revocation of authorization grants - if
//need to do it, we can, but for now assume that we don't need to do any revocation beyond expiry.
return(true);
}
public bool IsAuthorizationValid(IAuthorizationDescription authorization)
{
return(true);
}
/// <summary>
/// Determines whether a described authorization is (still) valid.
/// </summary>
/// <param name="authorization">The authorization.</param>
/// <returns>
/// <c>true</c> if the original authorization is still valid; otherwise, <c>false</c>.
/// </returns>
/// <remarks>
/// <para>When establishing that an authorization is still valid,
/// it's very important to only match on recorded authorizations that
/// meet these criteria:</para>
/// 1) The client identifier matches.
/// 2) The user account matches.
/// 3) The scope on the recorded authorization must include all scopes in the given authorization.
/// 4) The date the recorded authorization was issued must be <em>no later</em> that the date the given authorization was issued.
/// <para>One possible scenario is where the user authorized a client, later revoked authorization,
/// and even later reinstated authorization. This subsequent recorded authorization
/// would not satisfy requirement #4 in the above list. This is important because the revocation
/// the user went through should invalidate all previously issued tokens as a matter of
/// security in the event the user was revoking access in order to sever authorization on a stolen
/// account or piece of hardware in which the tokens were stored. </para>
/// </remarks>
bool IAuthorizationServerHost.IsAuthorizationValid(IAuthorizationDescription authorization)
{
throw new NotImplementedException();
}
/// <summary>
/// Determines whether a described authorization is (still) valid.
/// </summary>
/// <param name="authorization">The authorization.</param>
/// <returns>
/// <c>true</c> if the original authorization is still valid; otherwise, <c>false</c>.
/// </returns>
/// <remarks>
/// <para>When establishing that an authorization is still valid,
/// it's very important to only match on recorded authorizations that
/// meet these criteria:</para>
/// 1) The client identifier matches.
/// 2) The user account matches.
/// 3) The scope on the recorded authorization must include all scopes in the given authorization.
/// 4) The date the recorded authorization was issued must be <em>no later</em> that the date the given authorization was issued.
/// <para>One possible scenario is where the user authorized a client, later revoked authorization,
/// and even later reinstated authorization. This subsequent recorded authorization
/// would not satisfy requirement #4 in the above list. This is important because the revocation
/// the user went through should invalidate all previously issued tokens as a matter of
/// security in the event the user was revoking access in order to sever authorization on a stolen
/// account or piece of hardware in which the tokens were stored. </para>
/// </remarks>
public bool IsAuthorizationValid(IAuthorizationDescription authorization)
{
// We check once again if the user is authorized for the specified scopes
return(UserIsAuthorizedForRequestedScopes(authorization.User, authorization.Scope));
}
/// <summary>
/// Determines whether a described authorization is (still) valid.
/// </summary>
/// <param name="authorization">The authorization.</param>
/// <returns>
/// <c>true</c> if the original authorization is still valid; otherwise, <c>false</c>.
/// </returns>
/// <remarks>
/// <para>When establishing that an authorization is still valid,
/// it's very important to only match on recorded authorizations that
/// meet these criteria:</para>
/// 1) The client identifier matches.
/// 2) The user account matches.
/// 3) The scope on the recorded authorization must include all scopes in the given authorization.
/// 4) The date the recorded authorization was issued must be <em>no later</em> that the date the given authorization was issued.
/// <para>One possible scenario is where the user authorized a client, later revoked authorization,
/// and even later reinstated authorization. This subsequent recorded authorization
/// would not satisfy requirement #4 in the above list. This is important because the revocation
/// the user went through should invalidate all previously issued tokens as a matter of
/// security in the event the user was revoking access in order to sever authorization on a stolen
/// account or piece of hardware in which the tokens were stored. </para>
/// </remarks>
public bool IsAuthorizationValid(IAuthorizationDescription authorization)
{
// We check once again if the user is authorized for the specified scopes
return UserIsAuthorizedForRequestedScopes(authorization.User, authorization.Scope);
}