private bool IsAuthorizationValid(HashSet <string> requestedScopes, string clientIdentifier, DateTime issuedUtc, string username)
{
// If db precision exceeds token time precision (which is common), the following query would
// often disregard a token that is minted immediately after the authorization record is stored in the db.
// To compensate for this, we'll increase the timestamp on the token's issue date by 1 second.
issuedUtc += TimeSpan.FromSeconds(1);
var sql = string.Format(@"SELECT CA.scope FROM ClientAuthorization CA
INNER JOIN Client C ON CA.ClientId = C.ClientId
INNER JOIN [User] U ON CA.UserId = U.UserId
WHERE C.ClientIdentifier = '{0}' AND CA.CreatedOnUtc <= '{1}' AND
(CA.ExpirationDateUtc Is null OR CA.ExpirationDateUtc >= '{2}')
AND U.OpenIDClaimedIdentifier = '{3}'", clientIdentifier, issuedUtc, DateTime.UtcNow, username);
var grantedScopeStrings = m_ClientRep.Query <string>(sql, null);
if (!grantedScopeStrings.Any())
{
// No granted authorizations prior to the issuance of this token, so it must have been revoked.
// Even if later authorizations restore this client's ability to call in, we can't allow
// access tokens issued before the re-authorization because the revoked authorization should
// effectively and permanently revoke all access and refresh tokens.
return(false);
}
var grantedScopes = new HashSet <string>(OAuthUtilities.ScopeStringComparer);
foreach (string scope in grantedScopeStrings)
{
grantedScopes.UnionWith(OAuthUtilities.SplitScopes(scope));
}
return(requestedScopes.IsSubsetOf(grantedScopes));
}
// Determine whether the given authorization is still ok
public bool IsAuthorizationValid(IAuthorizationDescription authorization)
{
// If db precision exceeds token time precision (which is common), the following query would
// often disregard a token that is minted immediately after the authorization record is stored in the db.
// To compensate for this, we'll increase the timestamp on the token's issue date by 1 second.
var grantedAuths = _authorizationRepository.FindCurrent(authorization.ClientIdentifier, authorization.User,
authorization.UtcIssued + TimeSpan.FromSeconds(1)).ToList();
if (!grantedAuths.Any())
{
// No granted authorizations prior to the issuance of this token, so it must have been revoked.
// Even if later authorizations restore this client's ability to call in, we can't allow
// access tokens issued before the re-authorization because the revoked authorization should
// effectively and permanently revoke all access and refresh tokens.
return(false);
}
// Determine the set of all scopes the user has authorized for this client
var grantedScopes = new HashSet <string>(OAuthUtilities.ScopeStringComparer);
foreach (var auth in grantedAuths)
{
grantedScopes.UnionWith(OAuthUtilities.SplitScopes(auth.Scope));
}
// See if what's requested is authorized
return(authorization.Scope.IsSubsetOf(grantedScopes));
}
private bool IsAuthorizationValid(HashSet <string> requestedScopes, string clientIdentifier, DateTime issuedUtc, string username)
{
var grantedScopeStrings = from auth in Database.DataContext.ClientAuthorizations
where
auth.Client.ClientIdentifier == clientIdentifier &&
auth.CreatedOnUtc <= issuedUtc &&
(!auth.ExpirationDateUtc.HasValue || auth.ExpirationDateUtc.Value >= DateTime.UtcNow) &&
auth.User.AuthenticationTokens.Any(token => token.ClaimedIdentifier == username)
select auth.Scope;
if (!grantedScopeStrings.Any())
{
// No granted authorizations prior to the issuance of this token, so it must have been revoked.
// Even if later authorizations restore this client's ability to call in, we can't allow
// access tokens issued before the re-authorization because the revoked authorization should
// effectively and permanently revoke all access and refresh tokens.
return(false);
}
var grantedScopes = new HashSet <string>(OAuthUtilities.ScopeStringComparer);
foreach (string scope in grantedScopeStrings)
{
grantedScopes.UnionWith(OAuthUtilities.SplitScopes(scope));
}
return(requestedScopes.IsSubsetOf(grantedScopes));
}
public ViewResult ClientCredentialsGrant(ClientCredentialsGrantViewModel model)
{
if (this.ModelState.IsValid)
{
try
{
// Create the client with which we will be connecting to the server.
var webServerClient = new WebServerClient(this.AuthorizationServerDescription, clientIdentifier: model.ClientId, clientSecret: model.ClientSecret);
// The scope that we request for the client. Note: this can also be null if we don't want to request any specific
// scope or more than one scope if we want to request an access token that is valid for several scopes
var clientScopes = OAuthUtilities.SplitScopes(model.Scope ?? string.Empty);
// Request a new client access token for the specified scopes (http://tools.ietf.org/html/draft-ietf-oauth-v2-31#section-4.4)
// This method will use the client identifier and client secret used when constructing the WebServerAgentClient instance
this.ViewBag.AccessToken = webServerClient.GetClientAccessToken(clientScopes);
}
catch (Exception ex)
{
this.ViewBag.Exception = ex;
}
}
return(this.View(model));
}
private bool IsAuthorizationValid(HashSet <string> requestedScopes, string clientIdentifier, DateTime issuedUtc, string username)
{
// If db precision exceeds token time precision (which is common), the following query would
// often disregard a token that is minted immediately after the authorization record is stored in the db.
// To compensate for this, we'll increase the timestamp on the token's issue date by 1 second.
issuedUtc += TimeSpan.FromSeconds(1);
var grantedScopeStrings = from auth in MvcApplication.DataContext.ClientAuthorizations
where
auth.Client.ClientIdentifier == clientIdentifier &&
auth.CreatedOnUtc <= issuedUtc &&
(!auth.ExpirationDateUtc.HasValue || auth.ExpirationDateUtc.Value >= DateTime.UtcNow) &&
auth.User.OpenIDClaimedIdentifier == username
select auth.Scope;
if (!grantedScopeStrings.Any())
{
// No granted authorizations prior to the issuance of this token, so it must have been revoked.
// Even if later authorizations restore this client's ability to call in, we can't allow
// access tokens issued before the re-authorization because the revoked authorization should
// effectively and permanently revoke all access and refresh tokens.
return(false);
}
var grantedScopes = new HashSet <string>(OAuthUtilities.ScopeStringComparer);
foreach (string scope in grantedScopeStrings)
{
grantedScopes.UnionWith(OAuthUtilities.SplitScopes(scope));
}
return(requestedScopes.IsSubsetOf(grantedScopes));
}
/// <summary>
/// Determines whether a given set of resource owner credentials is valid based on the authorization server's user database
/// and if so records an authorization entry such that subsequent calls to <see cref="M:DotNetOpenAuth.OAuth2.IAuthorizationServerHost.IsAuthorizationValid(DotNetOpenAuth.OAuth2.ChannelElements.IAuthorizationDescription)" /> would
/// return <c>true</c>.
/// </summary>
/// <param name="userName">Username on the account.</param>
/// <param name="password">The user's password.</param>
/// <param name="accessRequest">The access request the credentials came with.
/// This may be useful if the authorization server wishes to apply some policy based on the client that is making the request.</param>
/// <returns>
/// A value that describes the result of the authorization check.
/// </returns>
public AutomatedUserAuthorizationCheckResponse CheckAuthorizeResourceOwnerCredentialGrant(string userName, string password, IAccessTokenRequest accessRequest)
{
// Try to find a user with the specified username and password
var user = this.db.Users.FirstOrDefault(u => u.OpenIDClaimedIdentifier == userName && u.Password == password);
// If no user was found with the specified username/password combination, do not authorize the request
if (user == null)
{
return(new AutomatedUserAuthorizationCheckResponse(accessRequest, false, userName));
}
// Try to find the authorization the user has with the specified client
var userAuthorizationForClient = user.Authorizations.FirstOrDefault(a => a.Client.ClientIdentifier == accessRequest.ClientIdentifier);
// If no user authorization was found, that means that the user is not authorized for the specified client.
// As a consequence, we do not authorize the request
if (userAuthorizationForClient == null)
{
return(new AutomatedUserAuthorizationCheckResponse(accessRequest, false, userName));
}
// At this point we have verified that user credentials were valid and that the user has an authorization specified
// for the requested client. All that remains is to check if that authorization gives the user enough rights for
// the requested scopes.
var isApproved = RequestedScopeIsValid(accessRequest.Scope, OAuthUtilities.SplitScopes(userAuthorizationForClient.Scope));
return(new AutomatedUserAuthorizationCheckResponse(accessRequest, isApproved, userName));
}
public JsonResult GetValues()
{
bool isOK = false;
bool requiresAuth = false;
string redirectURL = "";
if (Session["AccessToken"] == null)
{
this.Authorization.Scope.AddRange(OAuthUtilities.SplitScopes("http://localhost:49810/api/values"));
Uri authorizationUrl = this.Client.RequestUserAuthorization(this.Authorization);
requiresAuth = true;
redirectURL = authorizationUrl.AbsoluteUri;
isOK = true;
}
else
{
requiresAuth = false;
}
return(new JsonResult()
{
Data = new {
OK = isOK,
RequiresAuth = requiresAuth,
RedirectURL = redirectURL
}
});
}
protected void Page_Load(object sender, EventArgs e)
{
try
{
if (!Request.IsSecureConnection)
{
throw new HttpException((int)HttpStatusCode.Forbidden, Resources.LocalizedText.oAuthErrNotSecure);
}
if (!IsPostBack)
{
if ((m_pendingRequest = this.authorizationServer.ReadAuthorizationRequest()) == null)
{
throw new HttpException((int)HttpStatusCode.BadRequest, Resources.LocalizedText.oAuthErrMissingRequest);
}
MFBOauth2Client client = (MFBOauth2Client)authorizationServer.AuthorizationServerServices.GetClient(m_pendingRequest.ClientIdentifier);
if (Uri.Compare(m_pendingRequest.Callback, new Uri(client.Callback), UriComponents.HostAndPort | UriComponents.PathAndQuery, UriFormat.UriEscaped, StringComparison.CurrentCultureIgnoreCase) != 0)
{
throw new HttpException((int)HttpStatusCode.BadRequest, Resources.LocalizedText.oAuthErrBadRedirectURL);
}
HashSet <string> allowedScopes = OAuthUtilities.SplitScopes(client.Scope);
if (!m_pendingRequest.Scope.IsSubsetOf(allowedScopes))
{
throw new HttpException((int)HttpStatusCode.BadRequest, Resources.LocalizedText.oAuthErrUnauthorizedScopes);
}
IEnumerable <MFBOAuthScope> requestedScopes = MFBOauthServer.ScopesFromStrings(m_pendingRequest.Scope);
// See if there are any scopes that are requested that are not allowed.
IEnumerable <string> lstScopes = MFBOauthServer.ScopeDescriptions(requestedScopes);
mvScopesRequested.SetActiveView(lstScopes.Count() == 0 ? vwNoScopes : vwRequestedScopes);
rptPermissions.DataSource = lstScopes;
rptPermissions.DataBind();
ViewState[szVSKeyPendingRequest] = m_pendingRequest;
lblClientName.Text = client.ClientName;
}
else
{
m_pendingRequest = (EndUserAuthorizationRequest)ViewState[szVSKeyPendingRequest];
}
}
catch (HttpException ex)
{
RejectWithError(ex.Message);
}
catch (MyFlightbook.MyFlightbookException ex)
{
lblErr.Text = ex.Message;
mvAuthorize.SetActiveView(vwErr);
}
}
private void oauth2BeginButton_Click(object sender, RoutedEventArgs e)
{
var authServer = new DotNetOpenAuth.OAuth2.AuthorizationServerDescription {
AuthorizationEndpoint = new Uri(this.oauth2AuthorizationUrlBox.Text),
};
if (this.oauth2TokenEndpointBox.Text.Length > 0)
{
authServer.TokenEndpoint = new Uri(this.oauth2TokenEndpointBox.Text);
}
try {
var client = new OAuth2.UserAgentClient(authServer, this.oauth2ClientIdentifierBox.Text, this.oauth2ClientSecretBox.Text);
var authorizePopup = new Authorize2(client);
authorizePopup.Authorization.Scope.AddRange(OAuthUtilities.SplitScopes(this.oauth2ScopeBox.Text));
authorizePopup.Owner = this;
bool?result = authorizePopup.ShowDialog();
if (result.HasValue && result.Value)
{
var requestUri = new UriBuilder(this.oauth2ResourceUrlBox.Text);
if (this.oauth2ResourceHttpMethodList.SelectedIndex > 0)
{
requestUri.AppendQueryArgument("access_token", authorizePopup.Authorization.AccessToken);
}
var request = (HttpWebRequest)WebRequest.Create(requestUri.Uri);
request.Method = this.oauth2ResourceHttpMethodList.SelectedIndex < 2 ? "GET" : "POST";
if (this.oauth2ResourceHttpMethodList.SelectedIndex == 0)
{
client.AuthorizeRequest(request, authorizePopup.Authorization);
}
using (var resourceResponse = request.GetResponse()) {
using (var responseStream = new StreamReader(resourceResponse.GetResponseStream())) {
this.oauth2ResultsBox.Text = responseStream.ReadToEnd();
}
}
}
else
{
return;
}
} catch (Messaging.ProtocolException ex) {
MessageBox.Show(this, ex.Message);
} catch (WebException ex) {
string responseText = string.Empty;
if (ex.Response != null)
{
using (var responseReader = new StreamReader(ex.Response.GetResponseStream())) {
responseText = responseReader.ReadToEnd();
}
}
MessageBox.Show(this, ex.Message + " " + responseText);
}
}
public static IEnumerable <MFBOAuthScope> ScopesFromString(string sz)
{
List <MFBOAuthScope> lst = new List <MFBOAuthScope>();
if (sz == null)
{
return(lst);
}
return(ScopesFromStrings(OAuthUtilities.SplitScopes(sz)));
}
public AutomatedAuthorizationCheckResponse CheckAuthorizeClientCredentialsGrant(IAccessTokenRequest accessRequest)
{
// Find the client
var client = _lstClients.Single(consumerCandidate => consumerCandidate.ClientIdentifier == accessRequest.ClientIdentifier);
// Parse the scopes the client is authorized for
var scopesClientIsAuthorizedFor = OAuthUtilities.SplitScopes(client.Scope);
// Check if the scopes that are being requested are a subset of the scopes the user is authorized for.
// If not, that means that the user has requested at least one scope it is not authorized for
var clientIsAuthorizedForRequestedScopes = accessRequest.Scope.IsSubsetOf(scopesClientIsAuthorizedFor);
// The token request is approved when the client is authorized for the requested scopes
var isApproved = clientIsAuthorizedForRequestedScopes;
return(new AutomatedAuthorizationCheckResponse(accessRequest, isApproved));
}
private void beginWcfAuthorizationButton_Click(object sender, RoutedEventArgs e)
{
var auth = new Authorize2(this.wcf);
auth.Authorization.Scope.AddRange(OAuthUtilities.SplitScopes("http://tempuri.org/IDataApi/GetName http://tempuri.org/IDataApi/GetAge http://tempuri.org/IDataApi/GetFavoriteSites"));
auth.Authorization.Callback = new Uri("http://localhost:59721/");
auth.Owner = this;
bool?result = auth.ShowDialog();
if (result.HasValue && result.Value)
{
this.wcfAccessToken = auth.Authorization;
this.wcfName.Content = this.CallService(client => client.GetName());
this.wcfAge.Content = this.CallService(client => client.GetAge());
this.wcfFavoriteSites.Content = this.CallService(client => string.Join(", ", client.GetFavoriteSites()));
}
}
private async void oauth2BeginButton_Click(object sender, RoutedEventArgs e)
{
var authServer = new DotNetOpenAuth.OAuth2.AuthorizationServerDescription {
AuthorizationEndpoint = new Uri(this.oauth2AuthorizationUrlBox.Text),
};
if (this.oauth2TokenEndpointBox.Text.Length > 0)
{
authServer.TokenEndpoint = new Uri(this.oauth2TokenEndpointBox.Text);
}
try {
var client = new OAuth2.UserAgentClient(authServer, this.oauth2ClientIdentifierBox.Text, this.oauth2ClientSecretBox.Text);
var authorizePopup = new Authorize2(client);
authorizePopup.Authorization.Scope.AddRange(OAuthUtilities.SplitScopes(this.oauth2ScopeBox.Text));
authorizePopup.Authorization.Callback = new Uri("http://www.microsoft.com/en-us/default.aspx");
authorizePopup.Owner = this;
authorizePopup.ClientAuthorizationView.RequestImplicitGrant = this.flowBox.SelectedIndex == 1;
bool?result = authorizePopup.ShowDialog();
if (result.HasValue && result.Value)
{
var request = new HttpRequestMessage(
new HttpMethod(((ComboBoxItem)this.oauth2ResourceHttpMethodList.SelectedValue).Content.ToString()),
this.oauth2ResourceUrlBox.Text);
using (var httpClient = new HttpClient(client.CreateAuthorizingHandler(authorizePopup.Authorization))) {
using (var resourceResponse = await httpClient.SendAsync(request)) {
this.oauth2ResultsBox.Text = await resourceResponse.Content.ReadAsStringAsync();
}
}
}
} catch (Messaging.ProtocolException ex) {
MessageBox.Show(this, ex.Message);
} catch (WebException ex) {
string responseText = string.Empty;
if (ex.Response != null)
{
using (var responseReader = new StreamReader(ex.Response.GetResponseStream())) {
responseText = responseReader.ReadToEnd();
}
}
MessageBox.Show(this, ex.Message + " " + responseText);
}
}
private AccessToken GetAccessToken(string accessToken)
{
using (var db = new OAuthDbContext())
{
var query = from auth in db.ClientAuthorizations
from client in db.Clients
where auth.ClientId == client.ClientId && auth.Token == accessToken
select new
{
client.ClientIdentifier,
auth.UserId,
auth.Scope,
auth.ExpirationDateUtc,
auth.CreatedOnUtc
};
var clientAuth = query.FirstOrDefault();
if (clientAuth == null)
{
throw new Exception("当前AccessToken无效,请重新认证!");
}
else if (clientAuth.ExpirationDateUtc.HasValue && clientAuth.ExpirationDateUtc < DateTime.UtcNow)
{
throw new Exception("当前AccessToken已过期!");
}
//token.UtcIssued和token.Lifetime此处可以不赋值(后续并没有用到)
var token = new AccessToken
{
ClientIdentifier = clientAuth.ClientIdentifier,
User = clientAuth.UserId
};
var scopes = OAuthUtilities.SplitScopes(clientAuth.Scope);
if (scopes.Count > 0)
{
token.Scope.AddRange(scopes);
}
return(token);
}
}
public ViewResult ResourceOwnerCredentialsGrant(ResourceOwnerCredentialsGrantViewModel model)
{
if (this.ModelState.IsValid)
{
try
{
// Create the client with which we will be connecting to the server.
var webServerClient = new WebServerClient(this.AuthorizationServerDescription, clientIdentifier: model.ClientId);
// The scope that we request for the user. Note: this can also be null if we don't want to request any specific
// scope or more than one scope if we want to request an access token that is valid for several scopes
var userScopes = OAuthUtilities.SplitScopes(model.Scope ?? string.Empty);
// Request a new user access token for the specified user and the specified scopes (http://tools.ietf.org/html/draft-ietf-oauth-v2-31#page-35)
this.ViewBag.AccessToken = webServerClient.ExchangeUserCredentialForToken(model.Username, model.Password, userScopes);
}
catch (Exception ex)
{
this.ViewBag.Exception = ex;
}
}
return(this.View(model));
}
/// <summary>
/// Determines whether a described authorization is (still) valid.
/// </summary>
/// <param name="authorization">The authorization.</param>
/// <returns>
/// <c>true</c> if the original authorization is still valid; otherwise, <c>false</c>.
/// </returns>
/// <remarks>
/// <para>When establishing that an authorization is still valid,
/// it's very important to only match on recorded authorizations that
/// meet these criteria:</para>
/// 1) The client identifier matches.
/// 2) The user account matches.
/// 3) The scope on the recorded authorization must include all scopes in the given authorization.
/// 4) The date the recorded authorization was issued must be <em>no later</em> that the date the given authorization was issued.
/// <para>One possible scenario is where the user authorized a client, later revoked authorization,
/// and even later reinstated authorization. This subsequent recorded authorization
/// would not satisfy requirement #4 in the above list. This is important because the revocation
/// the user went through should invalidate all previously issued tokens as a matter of
/// security in the event the user was revoking access in order to sever authorization on a stolen
/// account or piece of hardware in which the tokens were stored. </para>
/// </remarks>
public bool IsAuthorizationValid(IAuthorizationDescription authorization)
{
// Try to find a user with the specified username and password
var user = this.db.Users.FirstOrDefault(u => u.OpenIDClaimedIdentifier == authorization.User);
// If no user was found with the specified username/password combination, the authorization is not valid
if (user == null)
{
return(false);
}
// Try to find the authorization the user has with the specified client
var userAuthorizationForClient = user.Authorizations.FirstOrDefault(a => a.Client.ClientIdentifier == authorization.ClientIdentifier);
// If no user authorization was found, that means that the user is not authorized for the specified client.
// As a consequence, the authorization is not valid
if (userAuthorizationForClient == null)
{
return(false);
}
// We check once again if the user is authorized for the specified scopes
return(RequestedScopeIsValid(authorization.Scope, OAuthUtilities.SplitScopes(userAuthorizationForClient.Scope)));
}
/// <summary>
/// Check if the access token provided is authorized for the requested scopes.
/// </summary>
/// <returns><c>true</c>, if the access token provided is authorized for the requested scopes; otherwise, <c>false</c>.</returns>
protected virtual bool AccessTokenIsAuthorizedForRequestedScopes()
{
return(OAuthUtilities.SplitScopes(this.Scopes ?? string.Empty).IsSubsetOf(this.resourceServer.GetAccessToken().Scope));
}
/// <summary>
/// Decodes the specified value.
/// </summary>
/// <param name="value">The string value carried by the transport. Guaranteed to never be null, although it may be empty.</param>
/// <returns>
/// The deserialized form of the given string.
/// </returns>
/// <exception cref="FormatException">Thrown when the string value given cannot be decoded into the required object type.</exception>
public object Decode(string value)
{
return(OAuthUtilities.SplitScopes(value));
}
protected void Page_Load(object sender, EventArgs e)
{
try
{
if (!Request.IsSecureConnection)
{
throw new HttpException((int)HttpStatusCode.Forbidden, Resources.LocalizedText.oAuthErrNotSecure);
}
if (!IsPostBack)
{
if ((m_pendingRequest = this.authorizationServer.ReadAuthorizationRequest()) == null)
{
throw new HttpException((int)HttpStatusCode.BadRequest, Resources.LocalizedText.oAuthErrMissingRequest);
}
MFBOauth2Client client = (MFBOauth2Client)authorizationServer.AuthorizationServerServices.GetClient(m_pendingRequest.ClientIdentifier);
bool fIsValidCallback = false;
foreach (string callback in client.Callbacks)
{
if (Uri.Compare(m_pendingRequest.Callback, new Uri(callback), UriComponents.HostAndPort | UriComponents.PathAndQuery, UriFormat.SafeUnescaped, StringComparison.CurrentCultureIgnoreCase) == 0)
{
fIsValidCallback = true;
break;
}
}
if (!fIsValidCallback)
{
throw new HttpException((int)HttpStatusCode.BadRequest, String.Format(System.Globalization.CultureInfo.CurrentCulture, Resources.LocalizedText.oAuthErrBadRedirectURL, m_pendingRequest.Callback.ToString()));
}
HashSet <string> allowedScopes = OAuthUtilities.SplitScopes(client.Scope);
if (!m_pendingRequest.Scope.IsSubsetOf(allowedScopes))
{
throw new HttpException((int)HttpStatusCode.BadRequest, Resources.LocalizedText.oAuthErrUnauthorizedScopes);
}
IEnumerable <MFBOAuthScope> requestedScopes = MFBOauthServer.ScopesFromStrings(m_pendingRequest.Scope);
// See if there are any scopes that are requested that are not allowed.
IEnumerable <string> lstScopes = MFBOauthServer.ScopeDescriptions(requestedScopes);
mvScopesRequested.SetActiveView(!lstScopes.Any() ? vwNoScopes : vwRequestedScopes);
rptPermissions.DataSource = lstScopes;
rptPermissions.DataBind();
ViewState[szVSKeyPendingRequest] = m_pendingRequest;
lblClientName.Text = HttpUtility.HtmlEncode(client.ClientName);
}
else
{
m_pendingRequest = (EndUserAuthorizationRequest)ViewState[szVSKeyPendingRequest];
}
}
catch (Exception ex) when(ex is HttpException || ex is ProtocolException || ex is ProtocolFaultResponseException || ex is MyFlightbook.MyFlightbookException)
{
lblErr.Text = ex.Message;
mvAuthorize.SetActiveView(vwErr);
}
}
public override AuthorizationState ConvertToken(HttpRequest Request)
{
if (Request == null)
{
throw new ArgumentNullException("Request");
}
HttpWebRequest hr = (HttpWebRequest)HttpWebRequest.Create(new Uri(oAuth2TokenEndpoint));
hr.Method = "POST";
hr.ContentType = "application/x-www-form-urlencoded";
string szPostData = String.Format(CultureInfo.InvariantCulture, "code={0}&client_id={1}&client_secret={2}&redirect_uri={3}&grant_type=authorization_code",
Request["code"],
AppKey,
AppSecret,
RedirectUri(Request, Request.Path, szParamGDriveAuth).ToString());
byte[] rgbData = System.Text.Encoding.UTF8.GetBytes(szPostData);
hr.ContentLength = rgbData.Length;
using (Stream s = hr.GetRequestStream())
{
s.Write(rgbData, 0, rgbData.Length);
}
WebResponse response = hr.GetResponse();
using (StreamReader sr = new StreamReader(response.GetResponseStream()))
{
string result = sr.ReadToEnd();
// JSonConvert can't deserialize space-delimited scopes into a hashset, so we need to do that manually. Uggh.
Dictionary <string, string> d = JsonConvert.DeserializeObject <Dictionary <string, string> >(result);
AuthorizationState authstate = new AuthorizationState(d.ContainsKey("scope") ? OAuthUtilities.SplitScopes(d["scope"]) : null);
authstate.AccessToken = d.ContainsKey("access_token") ? d["access_token"] : string.Empty;
authstate.AccessTokenIssueDateUtc = DateTime.UtcNow;
if (d.ContainsKey("expires_in"))
{
int exp = 0;
if (int.TryParse(d["expires_in"], NumberStyles.Integer, CultureInfo.InvariantCulture, out exp))
{
authstate.AccessTokenExpirationUtc = DateTime.UtcNow.AddSeconds(exp);
}
}
authstate.RefreshToken = d.ContainsKey("refresh_token") ? d["refresh_token"] : string.Empty;
return(authstate);
}
}
