/// <summary>
/// Uses the specified refresh token to retrieve an access token from ACS to call the specified principal
/// at the specified targetHost. The targetHost must be registered for target principal. If specified realm is
/// null, the "Realm" setting in web.config will be used instead.
/// </summary>
/// <param name="refreshToken">Refresh token to exchange for access token</param>
/// <param name="targetPrincipalName">Name of the target principal to retrieve an access token for</param>
/// <param name="targetHost">Url authority of the target principal</param>
/// <param name="targetRealm">Realm to use for the access token's nameid and audience</param>
/// <returns>An access token with an audience of the target principal</returns>
internal static OAuth2AccessTokenResponse GetAccessToken(string refreshToken, string targetPrincipalName, string targetHost, string targetRealm)
{
if (targetRealm == null)
{
targetRealm = WebConfigAddInDataRescue.Realm;
}
string resource = ProcessTokenStrings.GetFormattedPrincipal(targetPrincipalName, targetHost, targetRealm);
string clientId = ProcessTokenStrings.GetFormattedPrincipal(WebConfigAddInDataRescue.ClientId, null, targetRealm);
OAuth2AccessTokenRequest oauth2Request = OAuth2MessageFactory
.CreateAccessTokenRequestWithRefreshToken(clientId, WebConfigAddInDataRescue.ClientSecret, refreshToken, resource);
OAuth2S2SClient client = new OAuth2S2SClient();
OAuth2AccessTokenResponse oauth2Response;
try
{
oauth2Response =
client.Issue(DocumentMetadataOp.GetStsUrl(targetRealm), oauth2Request) as OAuth2AccessTokenResponse;
}
catch (WebException wex)
{
using (StreamReader sr = new StreamReader(wex.Response.GetResponseStream()))
{
string responseText = sr.ReadToEnd();
throw new WebException(wex.Message + " - " + responseText, wex);
}
}
return(oauth2Response);
}
/// <summary>
/// Uses the specified authorization code to retrieve an access token from ACS to call the specified principal
/// at the specified targetHost. The targetHost must be registered for target principal. If specified realm is
/// null, the "Realm" setting in web.config will be used instead.
/// </summary>
/// <param name="authorizationCode">Authorization code to exchange for access token</param>
/// <param name="targetPrincipalName">Name of the target principal to retrieve an access token for</param>
/// <param name="targetHost">Url authority of the target principal</param>
/// <param name="targetRealm">Realm to use for the access token's nameid and audience</param>
/// <param name="redirectUri">Redirect URI registered for this add-in</param>
/// <returns>An access token with an audience of the target principal</returns>
internal static OAuth2AccessTokenResponse GetAccessToken(string authorizationCode, string targetPrincipalName, string targetHost, string targetRealm, Uri redirectUri)
{
if (targetRealm == null)
{
targetRealm = WebConfigAddInDataRescue.Realm;
}
string resource = ProcessTokenStrings.GetFormattedPrincipal(targetPrincipalName, targetHost, targetRealm);
string clientId = ProcessTokenStrings.GetFormattedPrincipal(WebConfigAddInDataRescue.ClientId, null, targetRealm);
// Create request for token. The RedirectUri is null here. This will fail if redirect uri is registered
OAuth2AccessTokenRequest oauth2Request = OAuth2MessageFactory
.CreateAccessTokenRequestWithAuthorizationCode(clientId, WebConfigAddInDataRescue.ClientSecret, authorizationCode, redirectUri, resource);
// Get token
OAuth2S2SClient client = new OAuth2S2SClient();
OAuth2AccessTokenResponse oauth2Response;
try
{
oauth2Response = client.Issue(DocumentMetadataOp.GetStsUrl(targetRealm), oauth2Request) as OAuth2AccessTokenResponse;
}
catch (WebException wex)
{
using (StreamReader sr = new StreamReader(wex.Response.GetResponseStream()))
{
string responseText = sr.ReadToEnd();
throw new WebException(wex.Message + " - " + responseText, wex);
}
}
return(oauth2Response);
}
