private static FormUrlEncodedContent GetContent(IOAuthRequest request, string signature)
{
var list = request.Parameters.AllKeys.Select(key => new KeyValuePair <string, string>(key, request.Parameters[key])).ToList();
list.Add(new KeyValuePair <string, string>(OAuthConstants.SignatureParameter, signature));
return(new FormUrlEncodedContent(list));
}
public Token Authorize(IOAuthRequest request)
{
_logger.Debug("Authorizing client credentials token request");
//Make sure consumer is valid
var consumer = _serviceLocator.ConsumerRepository.GetByClientId(request.ClientId);
if (consumer == null || !consumer.Secret.Equals(request.ClientSecret, StringComparison.OrdinalIgnoreCase))
{
throw new OAuthException(ErrorCode.InvalidClient, "Client credentials are invalid");
}
var data = new TokenData
{
ConsumerId = consumer.ConsumerId,
Timestamp = DateTimeOffset.UtcNow.DateTime.Ticks
};
return(new Token
{
AccessToken = _serviceLocator.Issuer.GenerateAccessToken(data),
RefreshToken = _serviceLocator.Issuer.GenerateRefreshToken(data),
ExpiresIn = _serviceLocator.Configuration.AccessTokenExpirationLength
});
}
public ValidationResult ValidateRequest(IOAuthRequest request)
{
_logger.Debug("Validating password request");
var grantType = request.GrantType;
if (string.IsNullOrWhiteSpace(grantType))
return new ValidationResult { ErrorCode = ErrorCode.InvalidRequest, ErrorDescription = "Parameter grant_type is missing" };
if (grantType != GrantType.Password)
return new ValidationResult { ErrorCode = ErrorCode.InvalidGrant, ErrorDescription = "The specified grant_type is not supported" };
var username = request.Username;
if (string.IsNullOrWhiteSpace(username))
return new ValidationResult { ErrorCode = ErrorCode.InvalidRequest, ErrorDescription = "Parameter username is missing" };
var password = request.Password;
if (string.IsNullOrWhiteSpace(password))
return new ValidationResult { ErrorCode = ErrorCode.InvalidRequest, ErrorDescription = "Parameter password is missing" };
var clientId = request.ClientId;
if (string.IsNullOrWhiteSpace(clientId))
return new ValidationResult { ErrorCode = ErrorCode.InvalidRequest, ErrorDescription = "Parameter client_id is missing" };
var clientSecret = request.ClientSecret;
if (string.IsNullOrWhiteSpace(clientSecret))
return new ValidationResult { ErrorCode = ErrorCode.InvalidRequest, ErrorDescription = "Parameter client_secret is missing" };
if (!request.IsFormEncoded())
return new ValidationResult { ErrorCode = ErrorCode.InvalidRequest, ErrorDescription = "Content-Type must be application/x-www-form-urlencoded" };
return new ValidationResult { Success = true };
}
public ValidationResult ValidateRequest(IOAuthRequest request)
{
_logger.Debug("Validating client credentials request");
if (request.Method != HttpMethod.Post)
return new ValidationResult { ErrorCode = ErrorCode.InvalidRequest, ErrorDescription = "Http POST method is required" };
if (!request.IsFormEncoded())
return new ValidationResult { ErrorCode = ErrorCode.InvalidRequest, ErrorDescription = "Content-Type must be application/x-www-form-urlencoded" };
var grantType = request.GrantType;
if (string.IsNullOrWhiteSpace(grantType))
return new ValidationResult { ErrorCode = ErrorCode.InvalidRequest, ErrorDescription = "Parameter grant_type is missing" };
if (grantType != GrantType.ClientCredentials)
return new ValidationResult { ErrorCode = ErrorCode.InvalidGrant, ErrorDescription = "The specified grant_type is not supported" };
var clientId = request.ClientId;
if (string.IsNullOrWhiteSpace(clientId))
return new ValidationResult { ErrorCode = ErrorCode.InvalidRequest, ErrorDescription = "Parameter client_id is missing" };
var clientSecret = request.ClientSecret;
if (string.IsNullOrWhiteSpace(clientSecret))
return new ValidationResult { ErrorCode = ErrorCode.InvalidRequest, ErrorDescription = "Parameter client_secret is missing" };
return new ValidationResult { Success = true };
}
public static bool IsFormEncoded(this IOAuthRequest request)
{
// Content-Type may or may not include the character encoding (e.g. charset=UTF-8)
var contentType = request.ContentType;
return(!string.IsNullOrEmpty(contentType) && contentType.StartsWith(ContentType.FormEncoded, StringComparison.OrdinalIgnoreCase));
}
public static void ParseRequest(this IOAuthRequest oauthRequest, HttpRequestBase request, bool skipValidation)
{
oauthRequest.HttpMethod = request.HttpMethod;
oauthRequest.Url = request.Url;
// Launch requests pass parameters as form fields
oauthRequest.Parameters.Add(skipValidation ? request.Unvalidated.Form : request.Form);
}
public ValidationResult ValidateRequest(IOAuthRequest request)
{
_logger.Debug("Validating resource request");
if (string.IsNullOrWhiteSpace(request.AccessToken))
return new ValidationResult {Success = false};
return new ValidationResult {Success = true};
}
public Token Authorize(IOAuthRequest request)
{
_logger.Debug("Authorizing refresh token request");
if (request.ContentType != ContentType.FormEncoded)
{
throw new OAuthException(ErrorCode.InvalidRequest, "Invalid content type.");
}
//Make sure consumer is valid
var consumer = _consumerRepository.GetByClientId(request.ClientId);
if (consumer == null)
{
throw new OAuthException(ErrorCode.InvalidClient, "Client credentials are invalid");
}
if (consumer.Secret != request.ClientSecret)
{
throw new OAuthException(ErrorCode.InvalidClient, "User credentials are invalid");
}
var refreshToken = request.RefreshToken;
if (string.IsNullOrWhiteSpace(refreshToken))
{
throw new OAuthException(ErrorCode.InvalidRequest, "Refresh token is invalid");
}
var tokenData = _issuer.DecodeRefreshToken(refreshToken);
if (tokenData.ConsumerId != consumer.ConsumerId)
{
throw new OAuthException(ErrorCode.UnauthorizedClient, "Refresh token is invalid");
}
if (!_resourceOwnerRepository.IsConsumerApproved(tokenData.ResourceOwnerId, tokenData.ConsumerId))
{
throw new OAuthException(ErrorCode.UnauthorizedClient, "Unauthorized access");
}
var newTokenData = new TokenData
{
ConsumerId = consumer.ConsumerId,
ResourceOwnerId = tokenData.ResourceOwnerId,
Timestamp = DateTimeOffset.UtcNow.DateTime.Ticks
};
return(new Token
{
AccessToken = _issuer.GenerateAccessToken(newTokenData),
ExpiresIn = _configuration.AccessTokenExpirationLength,
RefreshToken = _issuer.GenerateRefreshToken(newTokenData)
});
}
public Token Authorize(IOAuthRequest request)
{
_logger.Debug("Authorizing password token request");
if (request.ContentType != ContentType.FormEncoded)
{
throw new OAuthException(ErrorCode.InvalidRequest, "Invalid content type.");
}
//Make sure consumer is valid
var consumer = _serviceLocator.ConsumerRepository.GetByClientId(request.ClientId);
if (consumer == null)
{
throw new OAuthException(ErrorCode.InvalidClient, "Client credentials are invalid");
}
if (consumer.Secret != request.ClientSecret)
{
throw new OAuthException(ErrorCode.InvalidClient, "User credentials are invalid");
}
//Make sure resource owner is valid
var resourceOwner = _serviceLocator.ResourceOwnerRepository.GetByUsername(consumer.ConsumerId, request.Username);
if (resourceOwner == null)
{
throw new OAuthException(ErrorCode.InvalidClient, "User credentials are invalid");
}
if (!_serviceLocator.PasswordHasher.CheckPassword(request.Password, resourceOwner.Password))
{
throw new OAuthException(ErrorCode.InvalidClient, "User credentials are invalid");
}
//Make sure consumer is approved by resource owner
_serviceLocator.ResourceOwnerRepository.ApproveConsumer(resourceOwner.ResourceOwnerId, consumer.ConsumerId);
var data = new TokenData
{
ConsumerId = consumer.ConsumerId,
ResourceOwnerId = resourceOwner.ResourceOwnerId,
Timestamp = DateTimeOffset.UtcNow.DateTime.Ticks
};
return(new Token
{
AccessToken = _serviceLocator.Issuer.GenerateAccessToken(data),
RefreshToken = _serviceLocator.Issuer.GenerateRefreshToken(data),
ExpiresIn = _serviceLocator.Configuration.AccessTokenExpirationLength
});
}
public ValidationResult ValidateRequest(IOAuthRequest request)
{
_logger.Debug("Validating resource request");
if (string.IsNullOrWhiteSpace(request.AccessToken))
{
return new ValidationResult {
Success = false
}
}
;
return(new ValidationResult {
Success = true
});
}
}
public Token Authorize(IOAuthRequest request)
{
_logger.Debug("Authorizing refresh token request");
if (request.ContentType != ContentType.FormEncoded)
throw new OAuthException(ErrorCode.InvalidRequest, "Invalid content type.");
//Make sure consumer is valid
var consumer = _consumerRepository.GetByClientId(request.ClientId);
if (consumer == null)
throw new OAuthException(ErrorCode.InvalidClient, "Client credentials are invalid");
if (consumer.Secret != request.ClientSecret)
throw new OAuthException(ErrorCode.InvalidClient, "User credentials are invalid");
var refreshToken = request.RefreshToken;
if (string.IsNullOrWhiteSpace(refreshToken))
throw new OAuthException(ErrorCode.InvalidRequest, "Refresh token is invalid");
var tokenData = _issuer.DecodeRefreshToken(refreshToken);
if (tokenData.ConsumerId != consumer.ConsumerId)
throw new OAuthException(ErrorCode.UnauthorizedClient, "Refresh token is invalid");
if (!_resourceOwnerRepository.IsConsumerApproved(tokenData.ResourceOwnerId, tokenData.ConsumerId))
throw new OAuthException(ErrorCode.UnauthorizedClient, "Unauthorized access");
var newTokenData = new TokenData
{
ConsumerId = consumer.ConsumerId,
ResourceOwnerId = tokenData.ResourceOwnerId,
Timestamp = DateTimeOffset.UtcNow.DateTime.Ticks
};
return new Token
{
AccessToken = _issuer.GenerateAccessToken(newTokenData),
ExpiresIn = _configuration.AccessTokenExpirationLength,
RefreshToken = _issuer.GenerateRefreshToken(newTokenData)
};
}
public Token Authorize(IOAuthRequest request)
{
_logger.Debug("Authorizing password token request");
if (request.ContentType != ContentType.FormEncoded)
throw new OAuthException(ErrorCode.InvalidRequest, "Invalid content type.");
//Make sure consumer is valid
var consumer = _serviceLocator.ConsumerRepository.GetByClientId(request.ClientId);
if (consumer == null)
throw new OAuthException(ErrorCode.InvalidClient, "Client credentials are invalid");
if (consumer.Secret != request.ClientSecret)
throw new OAuthException(ErrorCode.InvalidClient, "User credentials are invalid");
//Make sure resource owner is valid
var resourceOwner = _serviceLocator.ResourceOwnerRepository.GetByUsername(consumer.ConsumerId, request.Username);
if (resourceOwner == null)
throw new OAuthException(ErrorCode.InvalidClient, "User credentials are invalid");
if (!_serviceLocator.PasswordHasher.CheckPassword(request.Password, resourceOwner.Password))
throw new OAuthException(ErrorCode.InvalidClient, "User credentials are invalid");
//Make sure consumer is approved by resource owner
_serviceLocator.ResourceOwnerRepository.ApproveConsumer(resourceOwner.ResourceOwnerId, consumer.ConsumerId);
var data = new TokenData
{
ConsumerId = consumer.ConsumerId,
ResourceOwnerId = resourceOwner.ResourceOwnerId,
Timestamp = DateTimeOffset.UtcNow.DateTime.Ticks
};
return new Token
{
AccessToken = _serviceLocator.Issuer.GenerateAccessToken(data),
RefreshToken = _serviceLocator.Issuer.GenerateRefreshToken(data),
ExpiresIn = _serviceLocator.Configuration.AccessTokenExpirationLength
};
}
public Token Authorize(IOAuthRequest request)
{
_logger.Debug("Authorizing client credentials token request");
//Make sure consumer is valid
var consumer = _serviceLocator.ConsumerRepository.GetByClientId(request.ClientId);
if (consumer == null || !consumer.Secret.Equals(request.ClientSecret,StringComparison.OrdinalIgnoreCase))
throw new OAuthException(ErrorCode.InvalidClient, "Client credentials are invalid");
var data = new TokenData
{
ConsumerId = consumer.ConsumerId,
Timestamp = DateTimeOffset.UtcNow.DateTime.Ticks
};
return new Token
{
AccessToken = _serviceLocator.Issuer.GenerateAccessToken(data),
RefreshToken = _serviceLocator.Issuer.GenerateRefreshToken(data),
ExpiresIn = _serviceLocator.Configuration.AccessTokenExpirationLength
};
}
public ValidationResult ValidateRequest(IOAuthRequest request)
{
_logger.Debug("Validating password request");
var grantType = request.GrantType;
if (string.IsNullOrWhiteSpace(grantType))
{
return new ValidationResult {
ErrorCode = ErrorCode.InvalidRequest, ErrorDescription = "Parameter grant_type is missing"
}
}
;
if (grantType != GrantType.Password)
{
return new ValidationResult {
ErrorCode = ErrorCode.InvalidGrant, ErrorDescription = "The specified grant_type is not supported"
}
}
;
var username = request.Username;
if (string.IsNullOrWhiteSpace(username))
{
return new ValidationResult {
ErrorCode = ErrorCode.InvalidRequest, ErrorDescription = "Parameter username is missing"
}
}
;
var password = request.Password;
if (string.IsNullOrWhiteSpace(password))
{
return new ValidationResult {
ErrorCode = ErrorCode.InvalidRequest, ErrorDescription = "Parameter password is missing"
}
}
;
var clientId = request.ClientId;
if (string.IsNullOrWhiteSpace(clientId))
{
return new ValidationResult {
ErrorCode = ErrorCode.InvalidRequest, ErrorDescription = "Parameter client_id is missing"
}
}
;
var clientSecret = request.ClientSecret;
if (string.IsNullOrWhiteSpace(clientSecret))
{
return new ValidationResult {
ErrorCode = ErrorCode.InvalidRequest, ErrorDescription = "Parameter client_secret is missing"
}
}
;
if (!request.IsFormEncoded())
{
return new ValidationResult {
ErrorCode = ErrorCode.InvalidRequest, ErrorDescription = "Content-Type must be application/x-www-form-urlencoded"
}
}
;
return(new ValidationResult {
Success = true
});
}
}
}
public static void ParseRequest(this IOAuthRequest oauthRequest, HttpRequestBase request)
{
ParseRequest(oauthRequest, request, false);
}
public ValidationResult ValidateRequest(IOAuthRequest request)
{
_logger.Debug("Validating client credentials request");
if (request.Method != HttpMethod.Post)
{
return new ValidationResult
{
ErrorCode = ErrorCode.InvalidRequest, ErrorDescription = "Http POST method is required"
}
}
;
if (request.ContentType != ContentType.FormEncoded)
{
return new ValidationResult
{
ErrorCode = ErrorCode.InvalidRequest,
ErrorDescription = "Content Type must be application/x-www-form-urlencoded"
}
}
;
var grantType = request.GrantType;
if (string.IsNullOrWhiteSpace(grantType))
{
return new ValidationResult
{
ErrorCode = ErrorCode.InvalidRequest, ErrorDescription = "Parameter grant_type is missing"
}
}
;
if (grantType != GrantType.ClientCredentials)
{
return new ValidationResult
{
ErrorCode = ErrorCode.InvalidGrant,
ErrorDescription = "The specified grant_type is not supported"
}
}
;
var clientId = request.ClientId;
if (string.IsNullOrWhiteSpace(clientId))
{
return new ValidationResult
{
ErrorCode = ErrorCode.InvalidRequest, ErrorDescription = "Parameter client_id is missing"
}
}
;
var clientSecret = request.ClientSecret;
if (string.IsNullOrWhiteSpace(clientSecret))
{
return new ValidationResult
{
ErrorCode = ErrorCode.InvalidRequest,
ErrorDescription = "Parameter client_secret is missing"
}
}
;
return(new ValidationResult {
Success = true
});
}
}
}
