예제 #1
0
        /// <summary>
        /// Discovers what access the client should have considering the access token in the current request.
        /// </summary>
        /// <param name="httpRequestInfo">The HTTP request info.</param>
        /// <param name="requiredScopes">The set of scopes required to approve this request.</param>
        /// <returns>
        /// The access token describing the authorization the client has.  Never <c>null</c>.
        /// </returns>
        /// <exception cref="ProtocolFaultResponseException">
        /// Thrown when the client is not authorized.  This exception should be caught and the
        /// <see cref="ProtocolFaultResponseException.ErrorResponseMessage"/> message should be returned to the client.
        /// </exception>
        public virtual AccessToken GetAccessToken(HttpRequestBase httpRequestInfo = null, params string[] requiredScopes)
        {
            if (httpRequestInfo == null)
            {
                httpRequestInfo = this.Channel.GetRequestFromContext();
            }

            AccessToken accessToken;
            AccessProtectedResourceRequest request = null;

            try
            {
                if (this.Channel.TryReadFromRequest <AccessProtectedResourceRequest>(httpRequestInfo, out request))
                {
                    accessToken = this.AccessTokenAnalyzer.DeserializeAccessToken(request, request.AccessToken);
                    ErrorUtilities.VerifyHost(accessToken != null, "IAccessTokenAnalyzer.DeserializeAccessToken returned a null reslut.");
                    if (string.IsNullOrEmpty(accessToken.UserDataAndNonce) && string.IsNullOrEmpty(accessToken.ClientIdentifier))
                    {
                        ErrorUtilities.ThrowProtocol(ResourceServerStrings.InvalidAccessToken);
                    }

                    var requiredScopesSet = OAuthUtilities.ParseScopeSet(requiredScopes);
                    if (!this.ScopeSatisfiedCheck.IsScopeSatisfied(requiredScope: requiredScopesSet, grantedScope: accessToken.Scope))
                    {
                        var response = UnauthorizedResponse.InsufficientScope(request, requiredScopesSet);
                        throw new ProtocolFaultResponseException(this.Channel, response);
                    }

                    return(accessToken);
                }
                else
                {
                    var ex       = new ProtocolException(ResourceServerStrings.MissingAccessToken);
                    var response = UnauthorizedResponse.InvalidRequest(ex);
                    throw new ProtocolFaultResponseException(this.Channel, response, innerException: ex);
                }
            }
            catch (ProtocolException ex)
            {
                if (ex is ProtocolFaultResponseException)
                {
                    // This doesn't need to be wrapped again.
                    throw;
                }

                var response = request != null?UnauthorizedResponse.InvalidToken(request, ex) : UnauthorizedResponse.InvalidRequest(ex);

                throw new ProtocolFaultResponseException(this.Channel, response, innerException: ex);
            }
        }