public async Task <VenmoAuthResponse> RefreshAuth(string refreshToken)
{
logger.LogInformation("Attempting to refresh Venmo token");
Url url = new Url(BaseUrl).AppendPathSegments("oauth", "access_token");
Dictionary <string, string> data = new Dictionary <string, string>()
{
{ "client_id", Secrets.VenmoClientId },
{ "client_secret", Secrets.VenmoClientSecret },
{ "refresh_token", refreshToken }
};
HttpResponseMessage responseMessage = await Post(url, new FormUrlEncodedContent(data));
if (!responseMessage.IsSuccessStatusCode)
{
logger.LogError($"Failed to refresh token. " +
$"Refresh token: {refreshToken}. Status code: {responseMessage.StatusCode}. " +
$"Message: {await responseMessage.Content.ReadAsStringAsync()}");
throw new Exception("Failed to refresh token");
}
string responseString = await responseMessage.Content.ReadAsStringAsync();
logger.LogInformation(responseString);
VenmoAuthResponse response = JsonConvert.DeserializeObject <VenmoAuthResponse>(responseString) !;
AccessToken = response.AccessToken;
logger.LogInformation("Refreshed token successfully");
return(response);
}
private async Task <VenmoAuthResponse> Authorize(string deviceId, HttpRequestMessage requestMessage)
{
requestMessage.Headers.Add("device-id", deviceId);
HttpResponseMessage responseMessage = await Send(requestMessage);
if (responseMessage.IsSuccessStatusCode)
{
VenmoAuthResponse response = JsonConvert.DeserializeObject <VenmoAuthResponse>(await responseMessage.Content.ReadAsStringAsync()) !;
AccessToken = response.AccessToken;
// User id will not be null here, it's returned by the Venmo API
UserId = response.User?.Id;
return(response);
}
else if (responseMessage.StatusCode == System.Net.HttpStatusCode.BadRequest)
{
throw CreateVenmoError(await responseMessage.Content.ReadAsStringAsync());
}
else if (responseMessage.StatusCode == System.Net.HttpStatusCode.Unauthorized)
{
VenmoException venmoException = CreateVenmoError(await responseMessage.Content.ReadAsStringAsync());
if (venmoException.Error != null && venmoException.Error.Code.HasValue)
{
if (venmoException.Error.Code != 81109)
{
logger.LogWarning($"Unexpected 2FA error code. Expected: 81109. Actual: {venmoException.Error.Code.Value}");
}
}
List <string> secretList = responseMessage.Headers.GetValues("venmo-otp-secret").ToList();
if (secretList.Count == 0)
{
logger.LogError("venmo-otp-secret doesn't exist in error headers");
throw venmoException;
}
string venmoOtpSecret = secretList[0];
venmoException.VenmoOtpSecret = venmoOtpSecret;
await SendTwoFactorCode(venmoOtpSecret, deviceId);
throw venmoException;
}
else
{
throw CreateVenmoError(await responseMessage.Content.ReadAsStringAsync());
}
}
public async Task <VenmoAuthResponse> CompleteAuth(string code)
{
Url url = new Url(BaseUrl).AppendPathSegments("oauth", "access_token");
Dictionary <string, string> data = new Dictionary <string, string>()
{
{ "client_id", Secrets.VenmoClientId },
{ "client_secret", Secrets.VenmoClientSecret },
{ "code", code }
};
HttpResponseMessage responseMessage = await Post(url, new FormUrlEncodedContent(data));
VenmoAuthResponse response = JsonConvert.DeserializeObject <VenmoAuthResponse>(await responseMessage.Content.ReadAsStringAsync()) !;
AccessToken = response.AccessToken;
// User id will not be null here, it's returned by the Venmo API
UserId = response.User?.Id;
return(response);
}
public async Task AuthorizeWith2FA_Succeeds()
{
const string deviceId = "device";
const string venmoOtpSecret = "test";
const string otp = "123456";
VenmoAuthResponse expectedResponse = new VenmoAuthResponse()
{
AccessToken = "0_0",
User = new VenmoUser()
{
Id = "auser"
}
};
httpMessageHandler
.SetupRequest(HttpMethod.Post, "https://api.venmo.com/v1/oauth/access_token", request =>
{
string requestDeviceId = request.Headers.GetValues("device-id").ToList()[0];
string requestVenmoOtpSecret = request.Headers.GetValues("venmo-otp-secret").ToList()[0];
string requestOtp = request.Headers.GetValues("venmo-otp").ToList()[0];
Assert.Equal(deviceId, requestDeviceId);
Assert.Equal(venmoOtpSecret, requestVenmoOtpSecret);
Assert.Equal(otp, requestOtp);
return(requestDeviceId == deviceId && requestVenmoOtpSecret == venmoOtpSecret && requestOtp == otp);
})
.ReturnsResponse(System.Net.HttpStatusCode.OK, message =>
{
message.Content = new StringContent(JsonConvert.SerializeObject(expectedResponse), Encoding.UTF8, "application/json");
});
VenmoAuthResponse response = await venmoApi.AuthorizeWith2FA(otp, venmoOtpSecret, deviceId);
Assert.Equal(expectedResponse.AccessToken, response.AccessToken);
Assert.NotNull(response.User);
Assert.Equal(expectedResponse.User.Id, response.User !.Id);
}
