/// <summary> /// Discovers what access the client should have considering the access token in the current request. /// </summary> /// <param name="httpRequestInfo">The HTTP request info.</param> /// <param name="requiredScopes">The set of scopes required to approve this request.</param> /// <returns> /// The access token describing the authorization the client has. Never <c>null</c>. /// </returns> /// <exception cref="ProtocolFaultResponseException"> /// Thrown when the client is not authorized. This exception should be caught and the /// <see cref="ProtocolFaultResponseException.ErrorResponseMessage"/> message should be returned to the client. /// </exception> public virtual AccessToken GetAccessToken(HttpRequestBase httpRequestInfo = null, params string[] requiredScopes) { if (httpRequestInfo == null) { httpRequestInfo = this.Channel.GetRequestFromContext(); } AccessToken accessToken; AccessProtectedResourceRequest request = null; try { if (this.Channel.TryReadFromRequest <AccessProtectedResourceRequest>(httpRequestInfo, out request)) { accessToken = this.AccessTokenAnalyzer.DeserializeAccessToken(request, request.AccessToken); ErrorUtilities.VerifyHost(accessToken != null, "IAccessTokenAnalyzer.DeserializeAccessToken returned a null reslut."); if (string.IsNullOrEmpty(accessToken.UserDataAndNonce) && string.IsNullOrEmpty(accessToken.ClientIdentifier)) { ErrorUtilities.ThrowProtocol(ResourceServerStrings.InvalidAccessToken); } var requiredScopesSet = OAuthUtilities.ParseScopeSet(requiredScopes); if (!this.ScopeSatisfiedCheck.IsScopeSatisfied(requiredScope: requiredScopesSet, grantedScope: accessToken.Scope)) { var response = UnauthorizedResponse.InsufficientScope(request, requiredScopesSet); throw new ProtocolFaultResponseException(this.Channel, response); } return(accessToken); } else { var ex = new ProtocolException(ResourceServerStrings.MissingAccessToken); var response = UnauthorizedResponse.InvalidRequest(ex); throw new ProtocolFaultResponseException(this.Channel, response, innerException: ex); } } catch (ProtocolException ex) { if (ex is ProtocolFaultResponseException) { // This doesn't need to be wrapped again. throw; } var response = request != null?UnauthorizedResponse.InvalidToken(request, ex) : UnauthorizedResponse.InvalidRequest(ex); throw new ProtocolFaultResponseException(this.Channel, response, innerException: ex); } }