/// <summary> /// Requests an access token using a partially .initialized request message. /// </summary> /// <param name="request">The request message.</param> /// <param name="scopes">The scopes requested by the client.</param> /// <returns>The result of the request.</returns> private IAuthorizationState RequestAccessToken(ScopedAccessTokenRequest request, IEnumerable <string> scopes = null) { var authorizationState = new AuthorizationState(scopes); request.ClientIdentifier = this.ClientIdentifier; this.ApplyClientCredential(request); request.Scope.UnionWith(authorizationState.Scope); var response = this.Channel.Request(request); var success = response as AccessTokenSuccessResponse; var failure = response as AccessTokenFailedResponse; ErrorUtilities.VerifyProtocol(success != null || failure != null, MessagingStrings.UnexpectedMessageReceivedOfMany); if (success != null) { UpdateAuthorizationWithResponse(authorizationState, success); } else { // failure authorizationState.Delete(); } return(authorizationState); }
/// <summary> /// Prepares a request for user authorization from an authorization server. /// </summary> /// <param name="scope">The scope of authorized access requested.</param> /// <param name="returnTo">The URL the authorization server should redirect the browser (typically on this site) to when the authorization is completed. If null, the current request's URL will be used.</param> public void RequestUserAuthorization(IEnumerable <string> scope = null, Uri returnTo = null) { var authorizationState = new AuthorizationState(scope) { Callback = returnTo, }; this.PrepareRequestUserAuthorization(authorizationState).Send(); }
/// <summary> /// Prepares a request for user authorization from an authorization server. /// </summary> /// <param name="scopes">The scope of authorized access requested.</param> /// <param name="returnTo">The URL the authorization server should redirect the browser (typically on this site) to when the authorization is completed. If null, the current request's URL will be used.</param> /// <returns>The authorization request.</returns> public OutgoingWebResponse PrepareRequestUserAuthorization(IEnumerable <string> scopes = null, Uri returnTo = null) { var authorizationState = new AuthorizationState(scopes) { Callback = returnTo, }; return(this.PrepareRequestUserAuthorization(authorizationState)); }
/// <summary> /// Generates a URL that the user's browser can be directed to in order to authorize /// this client to access protected data at some resource server. /// </summary> /// <param name="scope">The scope of authorized access requested.</param> /// <param name="state">The client state that should be returned with the authorization response.</param> /// <param name="returnTo">The URL that the authorization response should be sent to via a user-agent redirect.</param> /// <returns> /// A fully-qualified URL suitable to initiate the authorization flow. /// </returns> public Uri RequestUserAuthorization(IEnumerable <string> scope = null, string state = null, Uri returnTo = null) { var authorization = new AuthorizationState(scope) { Callback = returnTo, }; return(this.RequestUserAuthorization(authorization, state: state)); }
/// <summary> /// Processes the authorization response from an authorization server, if available. /// </summary> /// <param name="request">The incoming HTTP request that may carry an authorization response.</param> /// <returns>The authorization state that contains the details of the authorization.</returns> public IAuthorizationState ProcessUserAuthorization(HttpRequestBase request = null) { if (request == null) { request = this.Channel.GetRequestFromContext(); } IMessageWithClientState response; if (this.Channel.TryReadFromRequest <IMessageWithClientState>(request, out response)) { Uri callback = MessagingUtilities.StripMessagePartsFromQueryString(request.GetPublicFacingUrl(), this.Channel.MessageDescriptions.Get(response)); IAuthorizationState authorizationState; if (this.AuthorizationTracker != null) { authorizationState = this.AuthorizationTracker.GetAuthorizationState(callback, response.ClientState); ErrorUtilities.VerifyProtocol(authorizationState != null, ClientStrings.AuthorizationResponseUnexpectedMismatch); } else { var context = this.Channel.GetHttpContext(); if (context.Session != null) { ErrorUtilities.VerifyProtocol(string.Equals(response.ClientState, context.Session.SessionID, StringComparison.Ordinal), ClientStrings.AuthorizationResponseUnexpectedMismatch); } else { } authorizationState = new AuthorizationState { Callback = callback }; } var success = response as EndUserAuthorizationSuccessAuthCodeResponse; var failure = response as EndUserAuthorizationFailedResponse; ErrorUtilities.VerifyProtocol(success != null || failure != null, MessagingStrings.UnexpectedMessageReceivedOfMany); if (success != null) { this.UpdateAuthorizationWithResponse(authorizationState, success); } else { // failure authorizationState.Delete(); } return(authorizationState); } return(null); }
/// <summary> /// Scans the incoming request for an authorization response message. /// </summary> /// <param name="actualRedirectUrl">The actual URL of the incoming HTTP request.</param> /// <param name="authorizationState">The authorization.</param> /// <returns>The granted authorization, or <c>null</c> if the incoming HTTP request did not contain an authorization server response or authorization was rejected.</returns> public IAuthorizationState ProcessUserAuthorization(Uri actualRedirectUrl, IAuthorizationState authorizationState = null) { if (authorizationState == null) { authorizationState = new AuthorizationState(); } var carrier = new HttpRequestInfo("GET", actualRedirectUrl); IDirectedProtocolMessage response = this.Channel.ReadFromRequest(carrier); if (response == null) { return(null); } return(this.ProcessUserAuthorization(authorizationState, response)); }
/// <summary> /// Gets an access token that may be used for only a subset of the scope for which a given /// refresh token is authorized. /// </summary> /// <param name="refreshToken">The refresh token.</param> /// <param name="scope">The scope subset desired in the access token.</param> /// <returns>A description of the obtained access token, and possibly a new refresh token.</returns> /// <remarks> /// If the return value includes a new refresh token, the old refresh token should be discarded and /// replaced with the new one. /// </remarks> public IAuthorizationState GetScopedAccessToken(string refreshToken, HashSet <string> scope) { Contract.Ensures(Contract.Result <IAuthorizationState>() != null); var request = new AccessTokenRefreshRequestC(this.AuthorizationServer) { ClientIdentifier = this.ClientIdentifier, RefreshToken = refreshToken, }; this.ApplyClientCredential(request); var response = this.Channel.Request <AccessTokenSuccessResponse>(request); var authorization = new AuthorizationState(); UpdateAuthorizationWithResponse(authorization, response); return(authorization); }