/// <summary> /// Initializes a new instance of the <see cref="TokenEndpointProtocolException"/> class. /// </summary> /// <param name="requestMessage">The message whose processing resulted in this error.</param> /// <param name="error">A single error code from <see cref="Protocol.AccessTokenRequestErrorCodes"/>.</param> /// <param name="description">A human-readable UTF-8 encoded text providing additional information, used to assist the client developer in understanding the error that occurred.</param> /// <param name="moreInformation">A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.</param> /// <param name="authenticateHeader">The WWW-Authenticate header to add to the response.</param> public TokenEndpointProtocolException(AccessTokenRequestBase requestMessage, string error, string description = null, Uri moreInformation = null, string authenticateHeader = null) : base(string.Format(CultureInfo.CurrentCulture, ClientAuthorizationStrings.TokenEndpointErrorFormat, error, description)) { Requires.NotNull(requestMessage, "requestMessage"); Requires.NotNullOrEmpty(error, "error"); this.requestMessage = requestMessage; this.Error = error; this.Description = description; this.MoreInformation = moreInformation; this.authenticateHeader = authenticateHeader; }
/// <summary> /// Verifies a condition is true or throws an exception describing the problem. /// </summary> /// <param name="condition">The condition that evaluates to true to avoid an exception.</param> /// <param name="requestMessage">The request message.</param> /// <param name="error">A single error code from <see cref="Protocol.AccessTokenRequestErrorCodes"/>.</param> /// <param name="authenticationModule">The authentication module from which to glean the WWW-Authenticate header when applicable.</param> /// <param name="unformattedDescription">A human-readable UTF-8 encoded text providing additional information, used to assist the client developer in understanding the error that occurred.</param> /// <param name="args">The formatting arguments to generate the actual description.</param> internal static void TokenEndpointVerify(bool condition, AccessTokenRequestBase requestMessage, string error, ClientAuthenticationModule authenticationModule = null, string unformattedDescription = null, params object[] args) { if (!condition) { string description = unformattedDescription != null ? string.Format(CultureInfo.CurrentCulture, unformattedDescription, args) : null; string wwwAuthenticateHeader = null; if (authenticationModule != null) { wwwAuthenticateHeader = authenticationModule.AuthenticateHeader; } throw new TokenEndpointProtocolException(requestMessage, error, description, authenticateHeader: wwwAuthenticateHeader); } }
/// <summary> /// Initializes a new instance of the <see cref="AccessTokenFailedResponse"/> class. /// </summary> /// <param name="request">The faulty request.</param> /// <param name="invalidClientCredentialsInAuthorizationHeader">A value indicating whether this error response is in result to a request that had invalid client credentials which were supplied in the HTTP Authorization header.</param> internal AccessTokenFailedResponse(AccessTokenRequestBase request, bool invalidClientCredentialsInAuthorizationHeader) : base(request) { this.invalidClientCredentialsInAuthorizationHeader = invalidClientCredentialsInAuthorizationHeader; }
/// <summary> /// Initializes a new instance of the <see cref="AccessTokenFailedResponse"/> class. /// </summary> /// <param name="request">The faulty request.</param> internal AccessTokenFailedResponse(AccessTokenRequestBase request) : base(request) { }
/// <summary> /// Prepares the response to an access token request. /// </summary> /// <param name="request">The request for an access token.</param> /// <param name="includeRefreshToken">If set to <c>true</c>, the response will include a long-lived refresh token.</param> /// <returns>The response message to send to the client.</returns> public virtual IDirectResponseProtocolMessage PrepareAccessTokenResponse(AccessTokenRequestBase request, bool includeRefreshToken = true) { Contract.Requires<ArgumentNullException>(request != null); var tokenRequest = (IAuthorizationCarryingRequest)request; var response = new AccessTokenSuccessResponse(request) { Lifetime = this.AuthorizationServerServices.GetAccessTokenLifetime(request), HasRefreshToken = includeRefreshToken, }; response.Scope.ResetContents(tokenRequest.AuthorizationDescription.Scope); return response; }
/// <summary> /// Initializes a new instance of the <see cref="AccessTokenSuccessResponse"/> class. /// </summary> /// <param name="request">The request.</param> internal AccessTokenSuccessResponse(AccessTokenRequestBase request) : base(request) { this.Scope = new HashSet<string>(OAuthUtilities.ScopeStringComparer); this.TokenType = Protocol.AccessTokenTypes.Bearer; }
/// <summary> /// Prepares the response to an access token request. /// </summary> /// <param name="request">The request for an access token.</param> /// <param name="allowRefreshToken">If set to <c>true</c>, the response will include a long-lived refresh token.</param> /// <returns>The response message to send to the client.</returns> private AccessTokenSuccessResponse PrepareAccessTokenResponse(AccessTokenRequestBase request, bool allowRefreshToken = true) { Requires.NotNull(request, "request"); if (allowRefreshToken) { if (request is AccessTokenClientCredentialsRequest) { // Per OAuth 2.0 section 4.4.3 (draft 23), refresh tokens should never be included // in a response to an access token request that used the client credential grant type. Logger.OAuth.Debug("Suppressing refresh token in access token response because the grant type used by the client disallows it."); allowRefreshToken = false; } } var tokenRequest = (IAuthorizationCarryingRequest)request; var accessTokenRequest = (IAccessTokenRequestInternal)request; var response = new AccessTokenSuccessResponse(request) { HasRefreshToken = allowRefreshToken, }; response.Scope.ResetContents(tokenRequest.AuthorizationDescription.Scope); return response; }
/// <summary> /// Initializes a new instance of the <see cref="AccessTokenSuccessResponse"/> class. /// </summary> /// <param name="request">The request.</param> internal AccessTokenSuccessResponse(AccessTokenRequestBase request) : base(request) { this.Scope = new HashSet <string>(OAuthUtilities.ScopeStringComparer); this.TokenType = Protocol.AccessTokenTypes.Bearer; }
/// <summary> /// Prepares the response to an access token request. /// </summary> /// <param name="request">The request for an access token.</param> /// <param name="includeRefreshToken">If set to <c>true</c>, the response will include a long-lived refresh token.</param> /// <returns>The response message to send to the client.</returns> public virtual IDirectResponseProtocolMessage PrepareAccessTokenResponse(AccessTokenRequestBase request, bool includeRefreshToken = true) { Requires.NotNull(request, "request"); if (includeRefreshToken) { if (request is AccessTokenClientCredentialsRequest) { // Per OAuth 2.0 section 4.4.3 (draft 23), refresh tokens should never be included // in a response to an access token request that used the client credential grant type. Logger.OAuth.Debug("Suppressing refresh token in access token response because the grant type used by the client disallows it."); includeRefreshToken = false; } } var tokenRequest = (IAuthorizationCarryingRequest)request; var response = new AccessTokenSuccessResponse(request) { Lifetime = this.AuthorizationServerServices.GetAccessTokenLifetime(request), HasRefreshToken = includeRefreshToken, }; response.Scope.ResetContents(tokenRequest.AuthorizationDescription.Scope); return response; }
/// <summary> /// Prepares the response to an access token request. /// </summary> /// <param name="request">The request for an access token.</param> /// <param name="accessTokenEncryptingPublicKey">The crypto service provider with the public key to encrypt the access token to, such that the resource server will be able to decrypt it.</param> /// <param name="accessTokenLifetime">The access token's lifetime.</param> /// <param name="includeRefreshToken">If set to <c>true</c>, the response will include a long-lived refresh token.</param> /// <returns>The response message to send to the client.</returns> public virtual IDirectResponseProtocolMessage PrepareAccessTokenResponse(AccessTokenRequestBase request, RSACryptoServiceProvider accessTokenEncryptingPublicKey, TimeSpan? accessTokenLifetime = null, bool includeRefreshToken = true) { Contract.Requires<ArgumentNullException>(request != null); Contract.Requires<ArgumentNullException>(accessTokenEncryptingPublicKey != null); var tokenRequest = (IAuthorizationCarryingRequest)request; using (var crypto = this.AuthorizationServerServices.CreateAccessTokenSigningCryptoServiceProvider()) { var accessTokenFormatter = AccessToken.CreateFormatter(crypto, accessTokenEncryptingPublicKey); var accessToken = new AccessToken(tokenRequest.AuthorizationDescription, accessTokenLifetime); var response = new AccessTokenSuccessResponse(request) { AccessToken = accessTokenFormatter.Serialize(accessToken), Lifetime = accessToken.Lifetime, }; response.Scope.ResetContents(tokenRequest.AuthorizationDescription.Scope); if (includeRefreshToken) { var refreshTokenFormatter = RefreshToken.CreateFormatter(this.AuthorizationServerServices.CryptoKeyStore); var refreshToken = new RefreshToken(tokenRequest.AuthorizationDescription); response.RefreshToken = refreshTokenFormatter.Serialize(refreshToken); } return response; } }