public void AuthorizationCodeGrant() { var coordinator = new OAuth2Coordinator<WebServerClient>( AuthorizationServerDescription, AuthorizationServerMock, new WebServerClient(AuthorizationServerDescription), client => { var authState = new AuthorizationState { Callback = ClientCallback, }; client.PrepareRequestUserAuthorization(authState).Respond(); var result = client.ProcessUserAuthorization(); Assert.IsNotNullOrEmpty(result.AccessToken); Assert.IsNotNullOrEmpty(result.RefreshToken); }, server => { var request = server.ReadAuthorizationRequest(); server.ApproveAuthorizationRequest(request, ResourceOwnerUsername); var tokenRequest = server.ReadAccessTokenRequest(); IAccessTokenRequest accessTokenRequest = tokenRequest; Assert.IsTrue(accessTokenRequest.ClientAuthenticated); var tokenResponse = server.PrepareAccessTokenResponse(tokenRequest); server.Channel.Respond(tokenResponse); }); coordinator.Run(); }
public void CheckForValidAccessTokenTest() { int accessTokenCounter = 1; var state = new AuthorizationState(); var client = new NativeApplicationClient(new Uri("http://example.com")); var auth = new OAuth2Authenticator<NativeApplicationClient>( client, (clt) => { // Load a "cached" access token. state.AccessToken = "token" + (accessTokenCounter++); return state; }); // Check that the initial state is null. Assert.IsNull(auth.State); // Check that the state was set when .LoadAccessToken() is called. auth.LoadAccessToken(); Assert.AreEqual(state, auth.State); Assert.AreEqual("token1", auth.State.AccessToken); // Check that it wont be set again. auth.LoadAccessToken(); Assert.AreEqual("token1", auth.State.AccessToken); // Check that it is set if our state gets invalid. state.AccessToken = null; auth.LoadAccessToken(); Assert.AreEqual("token2", auth.State.AccessToken); }
public void ImplicitGrant() { var coordinatorClient = new UserAgentClient(AuthorizationServerDescription); var coordinator = new OAuth2Coordinator<UserAgentClient>( AuthorizationServerDescription, AuthorizationServerMock, coordinatorClient, client => { var authState = new AuthorizationState { Callback = ClientCallback, }; var request = client.PrepareRequestUserAuthorization(authState, implicitResponseType: true); Assert.AreEqual(EndUserAuthorizationResponseType.AccessToken, request.ResponseType); client.Channel.Respond(request); var incoming = client.Channel.ReadFromRequest(); var result = client.ProcessUserAuthorization(authState, incoming); Assert.IsNotNullOrEmpty(result.AccessToken); Assert.IsNull(result.RefreshToken); }, server => { var request = server.ReadAuthorizationRequest(); IAccessTokenRequest accessTokenRequest = (EndUserAuthorizationImplicitRequest)request; Assert.IsFalse(accessTokenRequest.ClientAuthenticated); server.ApproveAuthorizationRequest(request, ResourceOwnerUsername); }); coordinatorClient.ClientSecret = null; // implicit grant clients don't need a secret. coordinator.Run(); }
public async Task ImplicitGrant() { var coordinatorClient = new UserAgentClient(AuthorizationServerDescription); coordinatorClient.ClientCredentialApplicator = null; // implicit grant clients don't need a secret. Handle(AuthorizationServerDescription.AuthorizationEndpoint).By( async (req, ct) => { var server = new AuthorizationServer(AuthorizationServerMock); var request = await server.ReadAuthorizationRequestAsync(req, ct); Assert.That(request, Is.Not.Null); IAccessTokenRequest accessTokenRequest = (EndUserAuthorizationImplicitRequest)request; Assert.That(accessTokenRequest.ClientAuthenticated, Is.False); var response = server.PrepareApproveAuthorizationRequest(request, ResourceOwnerUsername); return await server.Channel.PrepareResponseAsync(response, ct); }); { var client = new UserAgentClient(AuthorizationServerDescription, ClientId, ClientSecret, this.HostFactories); var authState = new AuthorizationState(TestScopes) { Callback = ClientCallback, }; var request = client.PrepareRequestUserAuthorization(authState, implicitResponseType: true); Assert.That(request.ResponseType, Is.EqualTo(EndUserAuthorizationResponseType.AccessToken)); var authRequestRedirect = await client.Channel.PrepareResponseAsync(request); Uri authRequestResponse; this.HostFactories.AllowAutoRedirects = false; using (var httpClient = this.HostFactories.CreateHttpClient()) { using (var httpResponse = await httpClient.GetAsync(authRequestRedirect.Headers.Location)) { authRequestResponse = httpResponse.Headers.Location; } } var incoming = await client.Channel.ReadFromRequestAsync(new HttpRequestMessage(HttpMethod.Get, authRequestResponse), CancellationToken.None); var result = await client.ProcessUserAuthorizationAsync(authState, incoming, CancellationToken.None); Assert.That(result.AccessToken, Is.Not.Null.And.Not.Empty); Assert.That(result.RefreshToken, Is.Null); } }
/// <summary> /// Return Analytics Service object /// </summary> /// <returns>Analytics Service object</returns> public static AnalyticsService GetAnalyticsService() { var provider = new NativeApplicationClient(GoogleAuthenticationServer.Description); provider.ClientIdentifier = Settings.ClientIdentifier; provider.ClientSecret = Settings.ClientSecret; if (string.IsNullOrWhiteSpace(provider.ClientIdentifier)) { throw new Exception("Client identifier not found"); } if (string.IsNullOrWhiteSpace(provider.ClientSecret)) { throw new Exception("Client secret not found"); } string refreshToken = Settings.RefreshToken; if (string.IsNullOrWhiteSpace(refreshToken)) { throw new Exception("Refresh token not found"); } var request = HttpContext.Current.Request; var authenticator = new OAuth2Authenticator<NativeApplicationClient>(provider, (arg) => { IAuthorizationState state = new AuthorizationState(new[] { "https://www.googleapis.com/auth/analytics.readonly" }); state.Callback = new Uri(string.Format("{0}://{1}{2}/GoogleAnalytics/Callback", request.Url.Scheme, request.Url.Host, request.Url.Port == 80 ? string.Empty : ":" + request.Url.Port)); state.RefreshToken = refreshToken; var result = arg.RefreshToken(state); return state; }); return new AnalyticsService(authenticator); }
public NamedAuthorizationState(Guid guid, string name, AuthorizationState authorizationState) { Guid = guid; Name = name; AuthorizationState = authorizationState; IsHistorical = true; }
public void AuthorizationCodeGrant() { var coordinator = new OAuth2Coordinator<UserAgentClient>( AuthorizationServerDescription, AuthorizationServerMock, new UserAgentClient(AuthorizationServerDescription), client => { var authState = new AuthorizationState(TestScopes) { Callback = ClientCallback, }; var request = client.PrepareRequestUserAuthorization(authState); Assert.AreEqual(EndUserAuthorizationResponseType.AuthorizationCode, request.ResponseType); client.Channel.Respond(request); var incoming = client.Channel.ReadFromRequest(); var result = client.ProcessUserAuthorization(authState, incoming); Assert.That(result.AccessToken, Is.Not.Null.And.Not.Empty); Assert.That(result.RefreshToken, Is.Not.Null.And.Not.Empty); }, server => { var request = server.ReadAuthorizationRequest(); Assert.That(request, Is.Not.Null); server.ApproveAuthorizationRequest(request, ResourceOwnerUsername); server.HandleTokenRequest().Respond(); }); coordinator.Run(); }
public void Authorize(ref IAuthorizationState authorization, string refreshToken) { if ((authorization == null)) { authorization = new AuthorizationState { Callback = _redirectUri, RefreshToken = refreshToken }; } bool refreshFailed = false; if (AccessTokenHasToBeRefreshed(authorization)) { try { refreshFailed = !RefreshAuthorization(authorization); } catch (ProtocolException) { //The refreshtoken is not valid anymore } } if (authorization.AccessToken == null || refreshFailed) { using (var loginDialog = new LoginForm(_redirectUri)) { loginDialog.AuthorizationUri = GetAuthorizationUri(authorization); loginDialog.ShowDialog(); ProcessUserAuthorization(loginDialog.AuthorizationUri, authorization); } } }
public void DecodeRefreshToken() { var refreshTokenSource = new TaskCompletionSource<string>(); var coordinator = new OAuth2Coordinator<WebServerClient>( AuthorizationServerDescription, AuthorizationServerMock, new WebServerClient(AuthorizationServerDescription), client => { try { var authState = new AuthorizationState(TestScopes) { Callback = ClientCallback, }; client.PrepareRequestUserAuthorization(authState).Respond(); var result = client.ProcessUserAuthorization(); Assert.That(result.AccessToken, Is.Not.Null.And.Not.Empty); Assert.That(result.RefreshToken, Is.Not.Null.And.Not.Empty); refreshTokenSource.SetResult(result.RefreshToken); } catch { refreshTokenSource.TrySetCanceled(); } }, server => { var request = server.ReadAuthorizationRequest(); Assert.That(request, Is.Not.Null); server.ApproveAuthorizationRequest(request, ResourceOwnerUsername); server.HandleTokenRequest().Respond(); var authorization = server.DecodeRefreshToken(refreshTokenSource.Task.Result); Assert.That(authorization, Is.Not.Null); Assert.That(authorization.User, Is.EqualTo(ResourceOwnerUsername)); }); coordinator.Run(); }
/// <summary> /// Requests an access token using a partially .initialized request message. /// </summary> /// <param name="request">The request message.</param> /// <param name="scopes">The scopes requested by the client.</param> /// <returns>The result of the request.</returns> private IAuthorizationState RequestAccessToken(ScopedAccessTokenRequest request, IEnumerable <string> scopes = null) { Requires.NotNull(request, "request"); var authorizationState = new AuthorizationState(scopes); request.ClientIdentifier = this.ClientIdentifier; this.ApplyClientCredential(request); request.Scope.UnionWith(authorizationState.Scope); var response = this.Channel.Request(request); var success = response as AccessTokenSuccessResponse; var failure = response as AccessTokenFailedResponse; ErrorUtilities.VerifyProtocol(success != null || failure != null, MessagingStrings.UnexpectedMessageReceivedOfMany); if (success != null) { authorizationState.Scope.Clear(); // clear the scope we requested so that the response will repopulate it. UpdateAuthorizationWithResponse(authorizationState, success); } else // failure { Logger.OAuth.Info("Credentials rejected by the Authorization Server."); authorizationState.Delete(); } return(authorizationState); }
/// <summary> /// Generates a URL that the user's browser can be directed to in order to authorize /// this client to access protected data at some resource server. /// </summary> /// <param name="scope">The scope of authorized access requested.</param> /// <param name="state">The client state that should be returned with the authorization response.</param> /// <param name="returnTo">The URL that the authorization response should be sent to via a user-agent redirect.</param> /// <returns> /// A fully-qualified URL suitable to initiate the authorization flow. /// </returns> public Uri RequestUserAuthorization(IEnumerable<string> scope = null, string state = null, Uri returnTo = null) { var authorization = new AuthorizationState(scope) { Callback = returnTo, }; return this.RequestUserAuthorization(authorization); }
/// <summary> /// Scans the incoming request for an authorization response message. /// </summary> /// <param name="actualRedirectUrl">The actual URL of the incoming HTTP request.</param> /// <param name="authorizationState">The authorization.</param> /// <returns>The granted authorization, or <c>null</c> if the incoming HTTP request did not contain an authorization server response or authorization was rejected.</returns> public IAuthorizationState ProcessUserAuthorization(Uri actualRedirectUrl, IAuthorizationState authorizationState = null) { Contract.Requires<ArgumentNullException>(actualRedirectUrl != null); if (authorizationState == null) { authorizationState = new AuthorizationState(); } var carrier = new HttpRequestInfo("GET", actualRedirectUrl, actualRedirectUrl.PathAndQuery, new System.Net.WebHeaderCollection(), null); IDirectedProtocolMessage response = this.Channel.ReadFromRequest(carrier); if (response == null) { return null; } EndUserAuthorizationSuccessAccessTokenResponse accessTokenSuccess; EndUserAuthorizationSuccessAuthCodeResponse authCodeSuccess; EndUserAuthorizationFailedResponse failure; if ((accessTokenSuccess = response as EndUserAuthorizationSuccessAccessTokenResponse) != null) { UpdateAuthorizationWithResponse(authorizationState, accessTokenSuccess); } else if ((authCodeSuccess = response as EndUserAuthorizationSuccessAuthCodeResponse) != null) { this.UpdateAuthorizationWithResponse(authorizationState, authCodeSuccess); } else if ((failure = response as EndUserAuthorizationFailedResponse) != null) { authorizationState.Delete(); return null; } return authorizationState; }
/// <summary> /// Prepares a request for user authorization from an authorization server. /// </summary> /// <param name="scopes">The scope of authorized access requested.</param> /// <param name="state">The state of the client that should be sent back with the authorization response.</param> /// <param name="returnTo">The URL the authorization server should redirect the browser (typically on this site) to when the authorization is completed. If null, the current request's URL will be used.</param> /// <returns>The authorization request.</returns> public OutgoingWebResponse PrepareRequestUserAuthorization(IEnumerable<string> scopes = null, string state = null, Uri returnTo = null) { var authorizationState = new AuthorizationState(scopes) { Callback = returnTo, }; return this.PrepareRequestUserAuthorization(authorizationState, state); }
/// <summary> /// Create an HTTP Handler for client only auth. /// </summary> /// <param name="authBaseUri">The base auth URI e.g. https://auth.alitudeangel.com</param> /// <param name="clientId">Your client ID</param> /// <param name="clientSecret">Your client secret</param> /// <param name="scopes">Requested scopes</param> /// <param name="existingState">(optional) An existing state object from a previous session. May be null.</param> public static ClientHandlerInfo Create(string authBaseUri, string clientId, string clientSecret, IEnumerable<string> scopes, AuthorizationState existingState = null ) { return Create(authBaseUri, clientId, clientSecret, scopes, existingState, false, null, null); }
/// <summary> /// Prepares a request for user authorization from an authorization server. /// </summary> /// <param name="scopes">The scope of authorized access requested.</param> /// <param name="returnTo">The URL the authorization server should redirect the browser (typically on this site) to when the authorization is completed. If null, the current request's URL will be used.</param> /// <param name="cancellationToken">The cancellation token.</param> /// <returns> /// The authorization request. /// </returns> public Task <HttpResponseMessage> PrepareRequestUserAuthorizationAsync(IEnumerable <string> scopes = null, Uri returnTo = null, CancellationToken cancellationToken = default(CancellationToken)) { var authorizationState = new AuthorizationState(scopes) { Callback = returnTo, }; return(this.PrepareRequestUserAuthorizationAsync(authorizationState, cancellationToken)); }
/// <summary> /// Generates a URL that the user's browser can be directed to in order to authorize /// this client to access protected data at some resource server. /// </summary> /// <param name="scope">The scope of authorized access requested.</param> /// <param name="state">The client state that should be returned with the authorization response.</param> /// <param name="returnTo">The URL that the authorization response should be sent to via a user-agent redirect.</param> /// <param name="cancellationToken">The cancellation token.</param> /// <returns> /// A fully-qualified URL suitable to initiate the authorization flow. /// </returns> public Task <Uri> RequestUserAuthorizationAsync(IEnumerable <string> scope = null, string state = null, Uri returnTo = null, CancellationToken cancellationToken = default(CancellationToken)) { var authorization = new AuthorizationState(scope) { Callback = returnTo, }; return(this.RequestUserAuthorizationAsync(authorization, state: state, cancellationToken: cancellationToken)); }
/// <summary> /// Prepares a request for user authorization from an authorization server. /// </summary> /// <param name="scopes">The scope of authorized access requested.</param> /// <param name="returnTo">The URL the authorization server should redirect the browser (typically on this site) to when the authorization is completed. If null, the current request's URL will be used.</param> /// <returns>The authorization request.</returns> public OutgoingWebResponse PrepareRequestUserAuthorization(IEnumerable <string> scopes = null, Uri returnTo = null) { var authorizationState = new AuthorizationState(scopes) { Callback = returnTo, }; return(this.PrepareRequestUserAuthorization(authorizationState)); }
public NamedAuthorizationState(Guid guid, string name, AuthorizationState authorizationState, bool shouldRefresh, Uri url) { Guid = guid; Name = name; AuthorizationState = authorizationState; ShouldRefresh = shouldRefresh; Url = url; IsHistorical = true; }
/// <summary> /// Prepares a request for user authorization from an authorization server. /// </summary> /// <param name="scope">The scope of authorized access requested.</param> /// <param name="returnTo">The URL the authorization server should redirect the browser (typically on this site) to when the authorization is completed. If null, the current request's URL will be used.</param> public void RequestUserAuthorization(IEnumerable <string> scope = null, Uri returnTo = null) { var authorizationState = new AuthorizationState(scope) { Callback = returnTo, }; this.PrepareRequestUserAuthorization(authorizationState).Send(); }
/// <summary> /// Generates a URL that the user's browser can be directed to in order to authorize /// this client to access protected data at some resource server. /// </summary> /// <param name="scope">The scope of authorized access requested.</param> /// <param name="state">The client state that should be returned with the authorization response.</param> /// <param name="returnTo">The URL that the authorization response should be sent to via a user-agent redirect.</param> /// <returns> /// A fully-qualified URL suitable to initiate the authorization flow. /// </returns> public Uri RequestUserAuthorization(IEnumerable <string> scope = null, string state = null, Uri returnTo = null) { var authorization = new AuthorizationState(scope) { Callback = returnTo, }; return(this.RequestUserAuthorization(authorization, state: state)); }
public void DelegateTest() { var state = new AuthorizationState() { AccessToken = "Test" }; var client = new NativeApplicationClient(new Uri("http://example.com")); var auth = new OAuth2Authenticator<NativeApplicationClient>(client, (clt) => state); // Check that the state was set. auth.LoadAccessToken(); Assert.AreEqual(state, auth.State); }
/// <summary> /// Processes the authorization response from an authorization server, if available. /// </summary> /// <param name="request">The incoming HTTP request that may carry an authorization response.</param> /// <returns>The authorization state that contains the details of the authorization.</returns> public IAuthorizationState ProcessUserAuthorization(HttpRequestBase request = null) { Requires.ValidState(!string.IsNullOrEmpty(this.ClientIdentifier), Strings.RequiredPropertyNotYetPreset, "ClientIdentifier"); Requires.ValidState(this.ClientCredentialApplicator != null, Strings.RequiredPropertyNotYetPreset, "ClientCredentialApplicator"); if (request == null) { request = this.Channel.GetRequestFromContext(); } IMessageWithClientState response; if (this.Channel.TryReadFromRequest <IMessageWithClientState>(request, out response)) { Uri callback = MessagingUtilities.StripMessagePartsFromQueryString(request.GetPublicFacingUrl(), this.Channel.MessageDescriptions.Get(response)); IAuthorizationState authorizationState; if (this.AuthorizationTracker != null) { authorizationState = this.AuthorizationTracker.GetAuthorizationState(callback, response.ClientState); ErrorUtilities.VerifyProtocol(authorizationState != null, ClientStrings.AuthorizationResponseUnexpectedMismatch); } else { var context = this.Channel.GetHttpContext(); if (context.Session != null) { ErrorUtilities.VerifyProtocol(string.Equals(response.ClientState, context.Session.SessionID, StringComparison.Ordinal), ClientStrings.AuthorizationResponseUnexpectedMismatch); } else { Logger.OAuth.WarnFormat("No request context discovered, so no client state parameter could be checked to mitigate XSRF attacks."); } authorizationState = new AuthorizationState { Callback = callback }; } var success = response as EndUserAuthorizationSuccessAuthCodeResponse; var failure = response as EndUserAuthorizationFailedResponse; ErrorUtilities.VerifyProtocol(success != null || failure != null, MessagingStrings.UnexpectedMessageReceivedOfMany); if (success != null) { this.UpdateAuthorizationWithResponse(authorizationState, success); } else // failure { Logger.OAuth.Info("User refused to grant the requested authorization at the Authorization Server."); authorizationState.Delete(); } return(authorizationState); } return(null); }
public HomeController() { var a = Guid.NewGuid().ToString("N"); var authServer = new AuthorizationServerDescription() { AuthorizationEndpoint = new Uri("http://localhost:4251/OAuth/Authorize"), TokenEndpoint = new Uri("http://localhost:4251/OAuth/Token"), }; Client = new UserAgentClient(authServer, "samplewebapiconsumer", "samplesecret"); Authorization = new AuthorizationState { Callback = new Uri("http://localhost:4494/") }; }
public static GoogleAuthenticator GetAuthenticator(string authorizationCode) { var client = new NativeApplicationClient(GoogleAuthenticationServer.Description, _clientId, _clientSecret); IAuthorizationState state = new AuthorizationState() { Callback = new Uri(_redirectUri) }; state = client.ProcessUserAuthorization(authorizationCode, state); var auth = new OAuth2Authenticator<NativeApplicationClient>(client, (c) => state); auth.LoadAccessToken(); return new GoogleAuthenticator(auth); }
public async Task<ActionResult> Index() { ViewBag.AccessToken = Request.Form["AccessToken"] ?? ""; ViewBag.RefreshToken = Request.Form["RefreshToken"] ?? ""; ViewBag.Action = ""; ViewBag.ApiResponse = ""; InitializeWebServerClient(); var accessToken = Request.Form["AccessToken"]; if (string.IsNullOrEmpty(accessToken)) { var authorizationState = _webServerClient.ProcessUserAuthorization(Request); if (authorizationState != null) { ViewBag.AccessToken = authorizationState.AccessToken; ViewBag.RefreshToken = authorizationState.RefreshToken; ViewBag.Action = Request.Path; } } if (!string.IsNullOrEmpty(Request.Form.Get("submit.Authorize"))) { var userAuthorization = _webServerClient.PrepareRequestUserAuthorization(new[] { "bio", "notes" }); userAuthorization.Send(HttpContext); Response.End(); } else if (!string.IsNullOrEmpty(Request.Form.Get("submit.Refresh"))) { var state = new AuthorizationState { AccessToken = Request.Form["AccessToken"], RefreshToken = Request.Form["RefreshToken"] }; if (_webServerClient.RefreshAuthorization(state)) { ViewBag.AccessToken = state.AccessToken; ViewBag.RefreshToken = state.RefreshToken; } } else if (!string.IsNullOrEmpty(Request.Form.Get("submit.CallApi"))) { Raml.RamlApi api = new Raml.RamlApi("http://localhost:11625"); api.OAuthAccessToken = accessToken; //api.AddDefaultRequestHeader("Authorization", "Bearer " + accessToken); var response = await api.ApiMe.Get(); var body = await response.RawContent.ReadAsStringAsync(); ViewBag.ApiResponse = body; } return View(); }
public void ApplyAuthenticationToRequestTest() { var request = (HttpWebRequest)WebRequest.Create("http://example.com"); var state = new AuthorizationState() { AccessToken = "Test" }; var client = new NativeApplicationClient(new Uri("http://example.com")); var auth = new OAuth2Authenticator<NativeApplicationClient>(client, (clt) => state); // Confirm that the request header gets modified. auth.ApplyAuthenticationToRequest(request); Assert.AreEqual(1, request.Headers.Count); }
/// <summary> /// The CreateState function will generate a state that can be /// used to initialize the PlusWrapper. /// </summary> /// <param name="accessToken">An access token string from an /// OAuth2 flow.</param> /// <param name="refreshToken">A refresh token string from an /// OAuth2 flow.</param> /// <param name="issued">A DateTime object representing the time /// that the token was issued.</param> /// <param name="expires">A DateTime object indicating when the /// token expires.</param> /// <returns></returns> public static IAuthorizationState CreateState( string accessToken, string refreshToken, DateTime issued, DateTime expires) { IAuthorizationState state = new AuthorizationState(); state.AccessToken = accessToken; state.RefreshToken = refreshToken; state.AccessTokenIssueDateUtc = issued; state.AccessTokenExpirationUtc = expires; return state; }
private static IAuthorizationState GetAuthorization(NativeApplicationClient arg) { // Get the auth URL: IAuthorizationState state = new AuthorizationState(new[] { DriveService.Scopes.Drive.GetStringValue() }); state.Callback = new Uri(NativeApplicationClient.OutOfBandCallbackUrl); if (!String.IsNullOrWhiteSpace(RefreshToken)) { state.RefreshToken = RefreshToken; if (arg.RefreshToken(state)) return state; } return state; }
/// <summary> /// Requests authorization on a native client by using a predefined set of authorization flows. /// </summary> /// <param name="client">The client used for authorization.</param> /// <param name="scopes">The requested set of scopes.</param> /// <returns>The authorized state.</returns> /// <exception cref="AuthenticationException">Thrown if the request was cancelled by the user.</exception> public static IAuthorizationState RequestNativeAuthorization(NativeApplicationClient client, params string[] scopes) { IAuthorizationState state = new AuthorizationState(scopes); string authCode = RequestNativeAuthorization(client, state); if (string.IsNullOrEmpty(authCode)) { throw new AuthenticationException("The authentication request was cancelled by the user."); } return client.ProcessUserAuthorization(authCode, state); }
private static IAuthorizationState GetAuthorization(NativeApplicationClient arg) { // Get the auth URL: IAuthorizationState state = new AuthorizationState(new[] { TasksService.Scopes.Tasks.GetStringValue() }); state.Callback = new Uri(NativeApplicationClient.OutOfBandCallbackUrl); Uri authUri = arg.RequestUserAuthorization(state); // Request authorization from the user (by opening a browser window): Process.Start(authUri.ToString()); Console.Write(" Authorization Code: "); string authCode = Console.ReadLine(); Console.WriteLine(); // Retrieve the access token by using the authorization code: return arg.ProcessUserAuthorization(authCode, state); }
public HomeController() { var authServer = new AuthorizationServerDescription { AuthorizationEndpoint = new Uri(AuthorizationEndpoint), TokenEndpoint = new Uri(TokenEndpoint), }; Client = new UserAgentClient(authServer, ClientId, ClientSecret); Authorization = new AuthorizationState { Callback = new Uri(AuthorizationCallback) }; }
public ActionResult Index() { ViewBag.AccessToken = Request.Form["AccessToken"] ?? ""; ViewBag.RefreshToken = Request.Form["RefreshToken"] ?? ""; ViewBag.Action = ""; ViewBag.ApiResponse = ""; InitializeWebServerClient(); var accessToken = Request.Form["AccessToken"]; if (string.IsNullOrEmpty(accessToken)) { var authorizationState = _webServerClient.ProcessUserAuthorization(Request); if (authorizationState != null) { ViewBag.AccessToken = authorizationState.AccessToken; ViewBag.RefreshToken = authorizationState.RefreshToken; ViewBag.Action = Request.Path; } } if (!string.IsNullOrEmpty(Request.Form.Get("submit.Authorize"))) { var userAuthorization = _webServerClient.PrepareRequestUserAuthorization(new[] { "bio", "notes" }); userAuthorization.Send(HttpContext); Response.End(); } else if (!string.IsNullOrEmpty(Request.Form.Get("submit.Refresh"))) { var state = new AuthorizationState { AccessToken = Request.Form["AccessToken"], RefreshToken = Request.Form["RefreshToken"] }; if (_webServerClient.RefreshAuthorization(state)) { ViewBag.AccessToken = state.AccessToken; ViewBag.RefreshToken = state.RefreshToken; } } else if (!string.IsNullOrEmpty(Request.Form.Get("submit.CallApi"))) { var resourceServerUri = new Uri(Paths.ResourceServerBaseAddress); var client = new HttpClient(_webServerClient.CreateAuthorizingHandler(accessToken)); var body = client.GetStringAsync(new Uri(resourceServerUri, Paths.MePath)).Result; ViewBag.ApiResponse = body; } return View(); }
public static GoogleAuthenticator RefreshAuthenticator(string refreshToken) { var state = new AuthorizationState(_scopes) { RefreshToken = refreshToken }; var client = new NativeApplicationClient(GoogleAuthenticationServer.Description, _clientId, _clientSecret); bool result = client.RefreshToken(state); var auth = new OAuth2Authenticator<NativeApplicationClient>(client, (c) => state); auth.LoadAccessToken(); return new GoogleAuthenticator(auth); }
/// <summary> /// Initializes the request for authorization /// </summary> /// <returns></returns> private ActionResult InitAuth() { var state = new AuthorizationState(); var uri = Request.Url.AbsoluteUri; uri = RemoveQueryStringFromUri(uri); state.Callback = new Uri(uri); //In the scope, please add only a single element, which is the Transaction amount, else the request will be rejected. state.Scope.Add("15"); var r = client.PrepareRequestUserAuthorization(state); return r.AsActionResult(); }
public static string GetAuthorizationUrl(string emailAddress) { var provider = new NativeApplicationClient(GoogleAuthenticationServer.Description, _clientId, _clientSecret); IAuthorizationState authorizationState = new AuthorizationState(_scopes); authorizationState.Callback = new Uri(_redirectUri); UriBuilder builder = new UriBuilder(provider.RequestUserAuthorization(authorizationState)); NameValueCollection queryParameters = HttpUtility.ParseQueryString(builder.Query); queryParameters.Set("access_type", "offline"); queryParameters.Set("approval_prompt", "force"); queryParameters.Set("user_id", emailAddress); builder.Query = queryParameters.ToString(); return builder.Uri.ToString(); }
private ActionResult InitAuth() { var state = new AuthorizationState(); if (Request.Url != null) { var uri = Request.Url.AbsoluteUri; uri = RemoveQueryStringFromUri(uri); state.Callback = new Uri(uri); } state.Scope.Add("https://www.googleapis.com/auth/userinfo.profile"); state.Scope.Add("https://www.googleapis.com/auth/userinfo.email"); state.Scope.Add("https://www.googleapis.com/auth/calendar"); var outgoingWebResponse = GoogleClient.PrepareRequestUserAuthorization(state); return outgoingWebResponse.AsActionResult(); }
/// <summary> /// Processes the authorization response from an authorization server, if available. /// </summary> /// <param name="request">The incoming HTTP request that may carry an authorization response.</param> /// <param name="cancellationToken">The cancellation token.</param> /// <returns>The authorization state that contains the details of the authorization.</returns> public async Task <IAuthorizationState> ProcessUserAuthorizationAsync(HttpRequestMessage request, CancellationToken cancellationToken = default(CancellationToken)) { Requires.NotNull(request, "request"); RequiresEx.ValidState(!string.IsNullOrEmpty(this.ClientIdentifier), Strings.RequiredPropertyNotYetPreset, "ClientIdentifier"); RequiresEx.ValidState(this.ClientCredentialApplicator != null, Strings.RequiredPropertyNotYetPreset, "ClientCredentialApplicator"); var response = await this.Channel.TryReadFromRequestAsync <IMessageWithClientState>(request, cancellationToken); if (response != null) { Uri callback = request.RequestUri.StripMessagePartsFromQueryString(this.Channel.MessageDescriptions.Get(response)); IAuthorizationState authorizationState; if (this.AuthorizationTracker != null) { authorizationState = this.AuthorizationTracker.GetAuthorizationState(callback, response.ClientState); ErrorUtilities.VerifyProtocol(authorizationState != null, ClientStrings.AuthorizationResponseUnexpectedMismatch); } else { var xsrfCookieValue = (from cookieHeader in request.Headers.GetCookies() from cookie in cookieHeader.Cookies where cookie.Name == XsrfCookieName select cookie.Value).FirstOrDefault(); ErrorUtilities.VerifyProtocol(xsrfCookieValue != null && string.Equals(response.ClientState, xsrfCookieValue, StringComparison.Ordinal), ClientStrings.AuthorizationResponseUnexpectedMismatch); authorizationState = new AuthorizationState { Callback = callback }; } var success = response as EndUserAuthorizationSuccessAuthCodeResponse; var failure = response as EndUserAuthorizationFailedResponse; ErrorUtilities.VerifyProtocol(success != null || failure != null, MessagingStrings.UnexpectedMessageReceivedOfMany); if (success != null) { await this.UpdateAuthorizationWithResponseAsync(authorizationState, success, cancellationToken); } else // failure { Logger.OAuth.Info("User refused to grant the requested authorization at the Authorization Server."); authorizationState.Delete(); } return(authorizationState); } return(null); }
/// <summary> /// Uses the provided authorization code to create an authorization state. /// </summary> /// <param name="authCode">The authorization code for getting an access token.</param> /// <param name="authorizationState">The authorization. Optional.</param> /// <returns>The granted authorization, or <c>null</c> if the authorization was null or rejected.</returns> public IAuthorizationState ProcessUserAuthorization( string authCode, IAuthorizationState authorizationState) { if (authorizationState == null) { authorizationState = new AuthorizationState(null); authorizationState.Callback = new Uri(OutOfBandCallbackUrl); } // Build a generic URL containing the auth code. // This is done here as we cannot modify the DotNetOpenAuth library // and the underlying method only allows parsing an URL as a method // of retrieving the AuthorizationState. string url = "http://example.com/?code=" + authCode; return ProcessUserAuthorization(new Uri(url), authorizationState); }
/// <summary> /// Scans the incoming request for an authorization response message. /// </summary> /// <param name="actualRedirectUrl">The actual URL of the incoming HTTP request.</param> /// <param name="authorizationState">The authorization.</param> /// <param name="cancellationToken">The cancellation token.</param> /// <returns> /// The granted authorization, or <c>null</c> if the incoming HTTP request did not contain an authorization server response or authorization was rejected. /// </returns> public async Task <IAuthorizationState> ProcessUserAuthorizationAsync(Uri actualRedirectUrl, IAuthorizationState authorizationState = null, CancellationToken cancellationToken = default(CancellationToken)) { Requires.NotNull(actualRedirectUrl, "actualRedirectUrl"); if (authorizationState == null) { authorizationState = new AuthorizationState(); } var carrier = new HttpRequestMessage(HttpMethod.Get, actualRedirectUrl); IDirectedProtocolMessage response = await this.Channel.ReadFromRequestAsync(carrier, cancellationToken); if (response == null) { return(null); } return(await this.ProcessUserAuthorizationAsync(authorizationState, response, cancellationToken)); }
/// <summary> /// Scans the incoming request for an authorization response message. /// </summary> /// <param name="actualRedirectUrl">The actual URL of the incoming HTTP request.</param> /// <param name="authorizationState">The authorization.</param> /// <returns>The granted authorization, or <c>null</c> if the incoming HTTP request did not contain an authorization server response or authorization was rejected.</returns> public IAuthorizationState ProcessUserAuthorization(Uri actualRedirectUrl, IAuthorizationState authorizationState = null) { Requires.NotNull(actualRedirectUrl, "actualRedirectUrl"); if (authorizationState == null) { authorizationState = new AuthorizationState(); } var carrier = new HttpRequestInfo("GET", actualRedirectUrl); IDirectedProtocolMessage response = this.Channel.ReadFromRequest(carrier); if (response == null) { return(null); } return(this.ProcessUserAuthorization(authorizationState, response)); }
/// <summary> /// Gets an access token that may be used for only a subset of the scope for which a given /// refresh token is authorized. /// </summary> /// <param name="refreshToken">The refresh token.</param> /// <param name="scope">The scope subset desired in the access token.</param> /// <returns>A description of the obtained access token, and possibly a new refresh token.</returns> /// <remarks> /// If the return value includes a new refresh token, the old refresh token should be discarded and /// replaced with the new one. /// </remarks> public IAuthorizationState GetScopedAccessToken(string refreshToken, HashSet <string> scope) { Requires.NotNullOrEmpty(refreshToken, "refreshToken"); Requires.NotNull(scope, "scope"); var request = new AccessTokenRefreshRequestC(this.AuthorizationServer) { ClientIdentifier = this.ClientIdentifier, RefreshToken = refreshToken, }; this.ApplyClientCredential(request); var response = this.Channel.Request <AccessTokenSuccessResponse>(request); var authorization = new AuthorizationState(); UpdateAuthorizationWithResponse(authorization, response); return(authorization); }
/// <summary> /// Requests an access token using a partially .initialized request message. /// </summary> /// <param name="request">The request message.</param> /// <param name="scopes">The scopes requested by the client.</param> /// <param name="cancellationToken">The cancellation token.</param> /// <returns> /// The result of the request. /// </returns> private async Task <IAuthorizationState> RequestAccessTokenAsync(IDirectedProtocolMessage request, IEnumerable <string> scopes, CancellationToken cancellationToken) { Requires.NotNull(request, "request"); var authorizationState = new AuthorizationState(scopes); // Process client credential and scopes if supported by request message. var accessTokenRequest = request as IAccessTokenRequest; if (accessTokenRequest != null) { var authRequest = request as AuthenticatedClientRequestBase; if (authRequest != null) { authRequest.ClientIdentifier = this.ClientIdentifier; } this.ApplyClientCredential(accessTokenRequest); accessTokenRequest.Scope.UnionWith(authorizationState.Scope); } var response = await this.Channel.RequestAsync(request, cancellationToken); var success = response as AccessTokenSuccessResponse; var failure = response as AccessTokenFailedResponse; ErrorUtilities.VerifyProtocol(success != null || failure != null, MessagingStrings.UnexpectedMessageReceivedOfMany); if (success != null) { authorizationState.Scope.Clear(); // clear the scope we requested so that the response will repopulate it. UpdateAuthorizationWithResponse(authorizationState, success); } else { // failure Logger.OAuth.Info("Credentials rejected by the Authorization Server."); authorizationState.Delete(); } return(authorizationState); }