/// <summary> /// Initializes a new instance of the <see cref="AuthorizationServer"/> class. /// </summary> /// <param name="authorizationServer">The authorization server.</param> public AuthorizationServer(IAuthorizationServerHost authorizationServer) { Requires.NotNull(authorizationServer, "authorizationServer"); this.aggregatingClientAuthenticationModule = new AggregatingClientCredentialReader(this.clientAuthenticationModules); this.Channel = new OAuth2AuthorizationServerChannel(authorizationServer, this.aggregatingClientAuthenticationModule); this.clientAuthenticationModules.AddRange(OAuth2AuthorizationServerSection.Configuration.ClientAuthenticationModules.CreateInstances(true)); this.ScopeSatisfiedCheck = DefaultScopeSatisfiedCheck; }
/// <summary> /// Attempts to extract client identification/authentication information from a message. /// </summary> /// <param name="authorizationServerHost">The authorization server host.</param> /// <param name="requestMessage">The incoming message.</param> /// <param name="clientIdentifier">Receives the client identifier, if one was found.</param> /// <returns>The level of the extracted client information.</returns> public override ClientAuthenticationResult TryAuthenticateClient(IAuthorizationServerHost authorizationServerHost, AuthenticatedClientRequestBase requestMessage, out string clientIdentifier) { Requires.NotNull(authorizationServerHost, "authorizationServerHost"); Requires.NotNull(requestMessage, "requestMessage"); ClientAuthenticationModule authenticator = null; ClientAuthenticationResult result = ClientAuthenticationResult.NoAuthenticationRecognized; clientIdentifier = null; foreach (var candidateAuthenticator in this.authenticators) { string candidateClientIdentifier; var resultCandidate = candidateAuthenticator.TryAuthenticateClient(authorizationServerHost, requestMessage, out candidateClientIdentifier); ErrorUtilities.VerifyProtocol( result == ClientAuthenticationResult.NoAuthenticationRecognized || resultCandidate == ClientAuthenticationResult.NoAuthenticationRecognized, "Message rejected because multiple forms of client authentication ({0} and {1}) were detected, which is forbidden by the OAuth 2 Protocol Framework specification.", authenticator, candidateAuthenticator); if (resultCandidate != ClientAuthenticationResult.NoAuthenticationRecognized) { authenticator = candidateAuthenticator; result = resultCandidate; clientIdentifier = candidateClientIdentifier; } } return(result); }
/// <summary> /// Verifies a condition is true or throws an exception describing the problem. /// </summary> /// <param name="condition">The condition that evaluates to true to avoid an exception.</param> /// <param name="requestMessage">The request message.</param> /// <param name="error">A single error code from <see cref="Protocol.AccessTokenRequestErrorCodes"/>.</param> /// <param name="authenticationModule">The authentication module from which to glean the WWW-Authenticate header when applicable.</param> /// <param name="unformattedDescription">A human-readable UTF-8 encoded text providing additional information, used to assist the client developer in understanding the error that occurred.</param> /// <param name="args">The formatting arguments to generate the actual description.</param> internal static void TokenEndpointVerify(bool condition, AccessTokenRequestBase requestMessage, string error, ClientAuthenticationModule authenticationModule = null, string unformattedDescription = null, params object[] args) { if (!condition) { string description = unformattedDescription != null ? string.Format(CultureInfo.CurrentCulture, unformattedDescription, args) : null; string wwwAuthenticateHeader = null; if (authenticationModule != null) { wwwAuthenticateHeader = authenticationModule.AuthenticateHeader; } throw new TokenEndpointProtocolException(requestMessage, error, description, authenticateHeader: wwwAuthenticateHeader); } }
/// <summary> /// Initializes a new instance of the <see cref="OAuth2AuthorizationServerChannel"/> class. /// </summary> /// <param name="authorizationServer">The authorization server.</param> /// <param name="clientAuthenticationModule">The aggregating client authentication module.</param> protected internal OAuth2AuthorizationServerChannel(IAuthorizationServerHost authorizationServer, ClientAuthenticationModule clientAuthenticationModule) : base(MessageTypes, InitializeBindingElements(authorizationServer, clientAuthenticationModule)) { Requires.NotNull(authorizationServer, "authorizationServer"); this.AuthorizationServer = authorizationServer; }
/// <summary> /// Initializes the binding elements for the OAuth channel. /// </summary> /// <param name="authorizationServer">The authorization server.</param> /// <param name="clientAuthenticationModule">The aggregating client authentication module.</param> /// <returns> /// An array of binding elements used to initialize the channel. /// </returns> private static IChannelBindingElement[] InitializeBindingElements(IAuthorizationServerHost authorizationServer, ClientAuthenticationModule clientAuthenticationModule) { Requires.NotNull(authorizationServer, "authorizationServer"); Requires.NotNull(clientAuthenticationModule, "clientAuthenticationModule"); var bindingElements = new List<IChannelBindingElement>(); // The order they are provided is used for outgoing messgaes, and reversed for incoming messages. bindingElements.Add(new MessageValidationBindingElement(clientAuthenticationModule)); bindingElements.Add(new TokenCodeSerializationBindingElement()); return bindingElements.ToArray(); }
/// <summary> /// Initializes the binding elements for the OAuth channel. /// </summary> /// <param name="authorizationServer">The authorization server.</param> /// <param name="clientAuthenticationModule">The aggregating client authentication module.</param> /// <returns> /// An array of binding elements used to initialize the channel. /// </returns> private static IChannelBindingElement[] InitializeBindingElements(IAuthorizationServerHost authorizationServer, ClientAuthenticationModule clientAuthenticationModule) { Requires.NotNull(authorizationServer, "authorizationServer"); Requires.NotNull(clientAuthenticationModule, "clientAuthenticationModule"); var bindingElements = new List <IChannelBindingElement>(); // The order they are provided is used for outgoing messgaes, and reversed for incoming messages. bindingElements.Add(new MessageValidationBindingElement(clientAuthenticationModule)); bindingElements.Add(new TokenCodeSerializationBindingElement()); return(bindingElements.ToArray()); }
/// <summary> /// Initializes a new instance of the <see cref="MessageValidationBindingElement"/> class. /// </summary> /// <param name="clientAuthenticationModule">The aggregating client authentication module.</param> internal MessageValidationBindingElement(ClientAuthenticationModule clientAuthenticationModule) { Requires.NotNull(clientAuthenticationModule, "clientAuthenticationModule"); this.clientAuthenticationModule = clientAuthenticationModule; }