public AccessTokenModule(IAccessTokenEndPointService service, IErrorResponseBuilder errorResponseBuilder) : base("/oauth/access_token")
{
this.RequiresAuthentication();
Post["/"] = parameters => {
var request =
this.Bind <AccessTokenRequest>();
// Perhaps always validate that the grant type == "authorization_code" and
// return an error with unsupported_grant_type message???
// Needs to validate that the authorization code was issues to the logged in
// user and nobody else. Also need to verify the redirect_uri. Possibly verify
// that the code is still valid to use (time-to-live)
var results =
service.ValidateRequest(request, this.Context);
if (!results.IsValid)
{
return(Response.AsErrorResponse(errorResponseBuilder.Build(results.ErrorType, null), request.RedirectUri));
}
var response =
service.CreateAccessTokenResponse(request, this.Context);
// TODO: need to set "Cache-Control: no-store" and "Pragma: no-cache" headers on the response to comply with the specification
return(Response.AsJson(response));
};
}
public AccessTokenModule(IAccessTokenEndPointService service, IErrorResponseBuilder errorResponseBuilder) : base("/oauth/access_token")
{
this.RequiresAuthentication();
Post["/"] = parameters =>{
var request =
this.Bind<AccessTokenRequest>();
// Perhaps always validate that the grant type == "authorization_code" and
// return an error with unsupported_grant_type message???
// Needs to validate that the authorization code was issues to the logged in
// user and nobody else. Also need to verify the redirect_uri. Possibly verify
// that the code is still valid to use (time-to-live)
var results =
service.ValidateRequest(request, this.Context);
if (!results.IsValid)
{
return Response.AsErrorResponse(errorResponseBuilder.Build(results.ErrorType, null), request.RedirectUri);
}
var response =
service.CreateAccessTokenResponse(request, this.Context);
// TODO: need to set "Cache-Control: no-store" and "Pragma: no-cache" headers on the response to comply with the specification
return Response.AsJson(response);
};
}
