private IAuthorizationState RequestAccessTokenAsync(ScopedAccessTokenRequest request, IEnumerable <string> scopes, CancellationToken cancellationToken) { var authorizationState = new AuthorizationState(scopes); request.ClientIdentifier = this.ClientIdentifier; this.ApplyClientCredential(request); request.Scope.UnionWith(authorizationState.Scope); var response = this.Channel.RequestAsync(request, cancellationToken); var success = response as AccessTokenSuccessResponse; var failure = response as AccessTokenFailedResponse; ErrorUtilities.VerifyProtocol(success != null || failure != null, MessagingStrings.UnexpectedMessageReceivedOfMany); if (success != null) { authorizationState.Scope.Clear(); UpdateAuthorizationWithResponse(authorizationState, success); } else { Logger.OAuth.Info("Credentials rejected by the Authorization Server."); authorizationState.Delete(); } return(authorizationState); }
/// <summary> /// 用户授权请求 /// </summary> /// <param name="scopes">请求范围</param> /// <param name="returnTo">回调地址</param> /// <param name="cancellationToken"></param> /// <returns></returns> public HttpResponseMessage PrepareRequestUserAuthorizationAsync(IEnumerable <string> scopes = null, Uri returnTo = null, CancellationToken cancellationToken = default(CancellationToken)) { var authorizationState = new AuthorizationState(scopes) { Callback = returnTo }; return(this.PrepareRequestUserAuthorizationAsync(authorizationState, cancellationToken)); }
public IAuthorizationState GetScopedAccessTokenAsync(string refreshToken, HashSet <string> scope, CancellationToken cancellationToken) { var request = new AccessTokenRefreshRequestC(this.AuthorizationServer) { ClientIdentifier = this.ClientIdentifier, RefreshToken = refreshToken }; this.ApplyClientCredential(request); var response = this.Channel.RequestAsync <AccessTokenSuccessResponse>(request, cancellationToken); var authorization = new AuthorizationState(); UpdateAuthorizationWithResponse(authorization, response); return(authorization); }
public IAuthorizationState ProcessUserAuthorizationAsync(HttpRequestMessage request, CancellationToken cancellationToken = default(CancellationToken)) { var response = this.Channel.TryReadFromRequestAsync <IMessageWithClientState>(request, cancellationToken); if (response != null) { Uri callback = request.RequestUri.StripMessagePartsFromQueryString(this.Channel.MessageDescriptions.Get(response)); IAuthorizationState authorizationState; if (this.AuthorizationTracker != null) { authorizationState = this.AuthorizationTracker.GetAuthorizationState(callback, response.ClientState); ErrorUtilities.VerifyProtocol(authorizationState != null, ClientStrings.AuthorizationResponseUnexpectedMismatch); } else { var xsrfCookieValue = (from cookieHeader in request.Headers.GetCookies() from cookie in cookieHeader.Cookies where cookie.Name == XsrfCookieName select cookie.Value).FirstOrDefault(); ErrorUtilities.VerifyProtocol(xsrfCookieValue != null && string.Equals(response.ClientState, xsrfCookieValue, StringComparison.Ordinal), ClientStrings.AuthorizationResponseUnexpectedMismatch); authorizationState = new AuthorizationState { Callback = callback }; } var success = response as EndUserAuthorizationSuccessAuthCodeResponse; var failure = response as EndUserAuthorizationFailedResponse; ErrorUtilities.VerifyProtocol(success != null || failure != null, MessagingStrings.UnexpectedMessageReceivedOfMany); if (success != null) { this.UpdateAuthorizationWithResponseAsync(authorizationState, success, cancellationToken); } else { Logger.OAuth.Info("User refused to grant the requested authorization at the Authorization Server."); authorizationState.Delete(); } return(authorizationState); } return(null); }