public async Task ImplicitGrant() { var coordinatorClient = new UserAgentClient(AuthorizationServerDescription); coordinatorClient.ClientCredentialApplicator = null; // implicit grant clients don't need a secret. Handle(AuthorizationServerDescription.AuthorizationEndpoint).By( async (req, ct) => { var server = new AuthorizationServer(AuthorizationServerMock); var request = await server.ReadAuthorizationRequestAsync(req, ct); Assert.That(request, Is.Not.Null); IAccessTokenRequest accessTokenRequest = (EndUserAuthorizationImplicitRequest)request; Assert.That(accessTokenRequest.ClientAuthenticated, Is.False); var response = server.PrepareApproveAuthorizationRequest(request, ResourceOwnerUsername); return await server.Channel.PrepareResponseAsync(response, ct); }); { var client = new UserAgentClient(AuthorizationServerDescription, ClientId, ClientSecret, this.HostFactories); var authState = new AuthorizationState(TestScopes) { Callback = ClientCallback, }; var request = client.PrepareRequestUserAuthorization(authState, implicitResponseType: true); Assert.That(request.ResponseType, Is.EqualTo(EndUserAuthorizationResponseType.AccessToken)); var authRequestRedirect = await client.Channel.PrepareResponseAsync(request); Uri authRequestResponse; this.HostFactories.AllowAutoRedirects = false; using (var httpClient = this.HostFactories.CreateHttpClient()) { using (var httpResponse = await httpClient.GetAsync(authRequestRedirect.Headers.Location)) { authRequestResponse = httpResponse.Headers.Location; } } var incoming = await client.Channel.ReadFromRequestAsync(new HttpRequestMessage(HttpMethod.Get, authRequestResponse), CancellationToken.None); var result = await client.ProcessUserAuthorizationAsync(authState, incoming, CancellationToken.None); Assert.That(result.AccessToken, Is.Not.Null.And.Not.Empty); Assert.That(result.RefreshToken, Is.Null); } }
public AuthorizeResult Authorize(Uri url, string username, string password) { var authServer = new AuthorizationServerDescription { AuthorizationEndpoint = null, // We are not actually using authorization, just authentication. TokenEndpoint = url }; var client = new UserAgentClient(authServer, ClientIdentifier, ClientCredentialApplicator.PostParameter(ClientSecret)); IAuthorizationState state; try { state = client.ExchangeUserCredentialForToken(username, password); } catch (Exception e) { var error = e.Message; if (e.InnerException != null) error = string.Format("{0} Inner exception: {1}", error, e.InnerException.Message); return new AuthorizeResult { Error = error }; } return new AuthorizeResult { AuthorizationState = state }; }
public void ImplicitGrant() { var coordinatorClient = new UserAgentClient(AuthorizationServerDescription); var coordinator = new OAuth2Coordinator<UserAgentClient>( AuthorizationServerDescription, AuthorizationServerMock, coordinatorClient, client => { var authState = new AuthorizationState { Callback = ClientCallback, }; var request = client.PrepareRequestUserAuthorization(authState, implicitResponseType: true); Assert.AreEqual(EndUserAuthorizationResponseType.AccessToken, request.ResponseType); client.Channel.Respond(request); var incoming = client.Channel.ReadFromRequest(); var result = client.ProcessUserAuthorization(authState, incoming); Assert.IsNotNullOrEmpty(result.AccessToken); Assert.IsNull(result.RefreshToken); }, server => { var request = server.ReadAuthorizationRequest(); IAccessTokenRequest accessTokenRequest = (EndUserAuthorizationImplicitRequest)request; Assert.IsFalse(accessTokenRequest.ClientAuthenticated); server.ApproveAuthorizationRequest(request, ResourceOwnerUsername); }); coordinatorClient.ClientSecret = null; // implicit grant clients don't need a secret. coordinator.Run(); }
public HomeController() { var authServer = new AuthorizationServerDescription() { AuthorizationEndpoint = new Uri("http://localhost:49810/OAuth/Authorise"), TokenEndpoint = new Uri("http://localhost:49810/OAuth/Token"), }; this.Client = new UserAgentClient(authServer, "samplewebapiconsumer", "samplesecret"); this.Authorization = new AuthorizationState(); this.Authorization.Callback = new Uri("http://localhost:18529/"); }
private void oauth2BeginButton_Click(object sender, RoutedEventArgs e) { var authServer = new DotNetOpenAuth.OAuth2.AuthorizationServerDescription { AuthorizationEndpoint = new Uri(this.oauth2AuthorizationUrlBox.Text), }; if (this.oauth2TokenEndpointBox.Text.Length > 0) { authServer.TokenEndpoint = new Uri(this.oauth2TokenEndpointBox.Text); } try { var client = new OAuth2.UserAgentClient(authServer, this.oauth2ClientIdentifierBox.Text, this.oauth2ClientSecretBox.Text); var authorizePopup = new Authorize2(client); authorizePopup.Authorization.Scope.AddRange(OAuthUtilities.SplitScopes(this.oauth2ScopeBox.Text)); authorizePopup.Owner = this; bool?result = authorizePopup.ShowDialog(); if (result.HasValue && result.Value) { var requestUri = new UriBuilder(this.oauth2ResourceUrlBox.Text); if (this.oauth2ResourceHttpMethodList.SelectedIndex > 0) { requestUri.AppendQueryArgument("access_token", authorizePopup.Authorization.AccessToken); } var request = (HttpWebRequest)WebRequest.Create(requestUri.Uri); request.Method = this.oauth2ResourceHttpMethodList.SelectedIndex < 2 ? "GET" : "POST"; if (this.oauth2ResourceHttpMethodList.SelectedIndex == 0) { client.AuthorizeRequest(request, authorizePopup.Authorization); } using (var resourceResponse = request.GetResponse()) { using (var responseStream = new StreamReader(resourceResponse.GetResponseStream())) { this.oauth2ResultsBox.Text = responseStream.ReadToEnd(); } } } else { return; } } catch (Messaging.ProtocolException ex) { MessageBox.Show(this, ex.Message); } catch (WebException ex) { string responseText = string.Empty; if (ex.Response != null) { using (var responseReader = new StreamReader(ex.Response.GetResponseStream())) { responseText = responseReader.ReadToEnd(); } } MessageBox.Show(this, ex.Message + " " + responseText); } }
private static void Main() { // DotNetOpenAuth only issues access tokens when the client uses an HTTPS connection. As we will most // likely run the server on our local development machine with only a self-signed SSL certificate, setting up // connection to the server will fail as the SSL certificate is considered invalid by the .NET framework. // To circumvent this, we add the line below that will consider all SSL certificates as valid, including // self-signed certificaties. Note: this should only be used for testing purposes. ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, errors) => true; // The description of the authorization server to which we will be connecting. The most important component // is the token endpoint, which is the URL at which the server listens for token requests var authorizationServerDescription = new AuthorizationServerDescription { TokenEndpoint = new Uri("https://localhost:44303/tokens"), ProtocolVersion = ProtocolVersion.V20 }; // Create the client with which we will be connecting to the server. var userAgentClient = new UserAgentClient(authorizationServerDescription, clientIdentifier: "demo-client-1", clientSecret: "demo-client-secret-1"); // The scope that we request for the client. Note: this can also be null if we don't want to request any specific // scope or more than one scope if we want to request an access token that is valid for several scopes var clientScopes = new[] { "demo-scope-client-1" }; // Request a new client access token for the specified scopes (http://tools.ietf.org/html/draft-ietf-oauth-v2-31#section-4.4) // This method will use the client identifier and client secret used when constructing the UserAgentClient instance var clientAccessToken = userAgentClient.GetClientAccessToken(clientScopes); // Output some information about the retrieved client access token Console.WriteLine("[RETRIEVED CLIENT ACCESS TOKEN]"); Console.WriteLine("Access token: {0}", clientAccessToken.AccessToken); Console.WriteLine("Expiration time: {0}", clientAccessToken.AccessTokenExpirationUtc); Console.WriteLine("Scope: {0}", OAuthUtilities.JoinScopes(clientAccessToken.Scope)); // The scope that we request for the user. Note: this can also be null if we don't want to request any specific // scope or more than one scope if we want to request an access token that is valid for several scopes var userScopes = new[] { "demo-scope-1" }; // Request a new user access token for the specified user and the specified scopes (http://tools.ietf.org/html/draft-ietf-oauth-v2-31#page-35) var userAccessToken = userAgentClient.ExchangeUserCredentialForToken("demo-user-1", "demo-user-password-1", userScopes); // Output some information about the retrieved user access token Console.WriteLine("\n[RETRIEVED USER ACCESS TOKEN]"); Console.WriteLine("Access token: {0}", userAccessToken.AccessToken); Console.WriteLine("Refresh token: {0}", userAccessToken.RefreshToken); Console.WriteLine("Expiration time: {0}", userAccessToken.AccessTokenExpirationUtc); Console.WriteLine("Scope: {0}", OAuthUtilities.JoinScopes(userAccessToken.Scope)); var refreshed = userAgentClient.RefreshAuthorization(userAccessToken); Console.WriteLine("\n[REFRESHING USER ACCESS TOKEN]"); Console.WriteLine("Access token refreshed: {0}", refreshed); Console.WriteLine("\nPress any key to exit..."); Console.ReadKey(); }
public HomeController() { var a = Guid.NewGuid().ToString("N"); var authServer = new AuthorizationServerDescription() { AuthorizationEndpoint = new Uri("http://localhost:4251/OAuth/Authorize"), TokenEndpoint = new Uri("http://localhost:4251/OAuth/Token"), }; Client = new UserAgentClient(authServer, "samplewebapiconsumer", "samplesecret"); Authorization = new AuthorizationState { Callback = new Uri("http://localhost:4494/") }; }
internal Authorize2(UserAgentClient client, IAuthorizationState authorizationState) { Contract.Requires(client != null, "client"); Contract.Requires(authorizationState != null, "authorizationState"); this.InitializeComponent(); this.client = client; this.Authorization = authorizationState; Uri authorizationUrl = this.client.RequestUserAuthorization(this.Authorization); this.webBrowser.Navigate(authorizationUrl.AbsoluteUri); // use AbsoluteUri to workaround bug in WebBrowser that calls Uri.ToString instead of Uri.AbsoluteUri leading to escaping errors. }
public async Task ErrorResponseTest() { Handle(AuthorizationServerDescription.TokenEndpoint).By( async (req, ct) => { var server = new AuthorizationServer(AuthorizationServerMock); return await server.HandleTokenRequestAsync(req, ct); }); var request = new AccessTokenAuthorizationCodeRequestC(AuthorizationServerDescription) { ClientIdentifier = ClientId, ClientSecret = ClientSecret, AuthorizationCode = "foo" }; var client = new UserAgentClient(AuthorizationServerDescription, hostFactories: this.HostFactories); var response = await client.Channel.RequestAsync<AccessTokenFailedResponse>(request, CancellationToken.None); Assert.That(response.Error, Is.Not.Null.And.Not.Empty); Assert.That(response.Error, Is.EqualTo(Protocol.AccessTokenRequestErrorCodes.InvalidRequest)); }
static async void MainAsync(string[] args) { // Ignore SSL cert errors for now ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, errors) => true; // The description of the authorization server to which we will be connecting. The most important component // is the token endpoint, which is the URL at which the server listens for token requests var authorizationServerDescription = new AuthorizationServerDescription { // Must use actual computer name as DotNetOpenAuth will throw exception if the computer name used does not match the server name TokenEndpoint = new Uri("https://localhost:44300/api/token"), ProtocolVersion = ProtocolVersion.V20 }; // Create the client with which we will be connecting to the server. var client = new UserAgentClient(authorizationServerDescription, clientIdentifier: "client1", clientSecret: "secret1"); // The scope that we request for the client. Note: this can also be null if we don't want to request any specific // scope or more than one scope if we want to request an access token that is valid for several scopes //var scope = new[] { "demo-scope-client-1" }; // Request a new client access token for the specified scopes (http://tools.ietf.org/html/rfc6749#section-4.4) // This method will use the client identifier and client secret used when constructing the UserAgentClient instance // NOTE: Must use actual computer name in client AuthorizationServerDescription as DotNetOpenAuth will throw exception if the computer name used does not match the server name var result = await client.GetClientAccessTokenAsync(); //scope // Output some information about the retrieved client access token Console.WriteLine("[RETRIEVED CLIENT ACCESS TOKEN]"); Console.WriteLine("Access token: {0}", result.AccessToken); Console.WriteLine("Expiration time: {0}", result.AccessTokenExpirationUtc); Console.WriteLine("Scope: {0}", OAuthUtilities.JoinScopes(result.Scope)); // Now try to access a resource to validate the bearer token var httpClient = new OAuthHttpClient(result.AccessToken) { // Must use actual computer name as DotNetOpenAuth will throw exception if the computer name used does not match the server na BaseAddress = new Uri("https://localhost:44300/api/values") }; Console.WriteLine(); Console.WriteLine("Calling web api…"); Console.WriteLine(); var response = httpClient.GetAsync("").Result; if (response.StatusCode==HttpStatusCode.OK) Console.WriteLine(response.Content.ReadAsStringAsync().Result); else Console.WriteLine(response); Console.ReadLine(); Console.WriteLine("\nPress any key to exit..."); Console.ReadKey(); }
public HomeController() { var authServer = new AuthorizationServerDescription { AuthorizationEndpoint = new Uri(AuthorizationEndpoint), TokenEndpoint = new Uri(TokenEndpoint), }; Client = new UserAgentClient(authServer, ClientId, ClientSecret); Authorization = new AuthorizationState { Callback = new Uri(AuthorizationCallback) }; }
/// <summary> /// Create an HTTP Handler that supports OAuth user authentication. /// </summary> /// <param name="authBaseUri">The base auth URI e.g. https://auth.alitudeangel.com</param> /// <param name="clientId">Your client ID</param> /// <param name="clientSecret">Your client secret</param> /// <param name="scopes">Requested scopes</param> /// <param name="existingState">(optional) An existing state object from a previous session. May be null.</param> /// <param name="requireUserToken">true to aquire a user token, false to get a client only token.</param> /// <param name="redirectUri">The redirect URI to use for user token auth. Must match the registered URI for your client ID.</param> /// <param name="codeProvider">Implementation to use to get an authorization code URI from an auth login URI.</param> /// <returns> /// A <see cref="ClientHandlerInfo"/> object that contains the auth state and the handler. The auth state may be persisted and passed /// back in on future runs of the application to save login state. /// </returns> public static ClientHandlerInfo Create( string authBaseUri, string clientId, string clientSecret, IEnumerable<string> scopes, AuthorizationState existingState, bool requireUserToken, string redirectUri, IAuthorizeCodeProvider codeProvider) { AuthorizationServerDescription serverDescription = GetServerDescription(authBaseUri); ClientBase client; IAuthorizationState state = existingState; if (requireUserToken) { if (codeProvider == null || string.IsNullOrEmpty(redirectUri)) { throw new ArgumentNullException(nameof(codeProvider), $"{nameof(codeProvider)} or {nameof(redirectUri)} cannot be null if {nameof(requireUserToken)} is true."); } var userClient = new UserAgentClient(serverDescription, clientId, ClientCredentialApplicator.PostParameter(clientSecret)); if (state == null) { // Open browser here var returnTo = new Uri(redirectUri); Uri uri = userClient.RequestUserAuthorization(scopes, returnTo: returnTo); Uri result = codeProvider.GetCodeUri(uri, returnTo).Result; state = new AuthorizationState {Callback = returnTo}; state.Scope.AddRange(scopes); state = userClient.ProcessUserAuthorization(result, state); } client = userClient; } else { client = new WebServerClient(serverDescription, clientId, ClientCredentialApplicator.PostParameter(clientSecret)); state = state ?? client.GetClientAccessToken(scopes); } return new ClientHandlerInfo(client.CreateAuthorizingHandler(state), state); }
private async void oauth2BeginButton_Click(object sender, RoutedEventArgs e) { var authServer = new DotNetOpenAuth.OAuth2.AuthorizationServerDescription { AuthorizationEndpoint = new Uri(this.oauth2AuthorizationUrlBox.Text), }; if (this.oauth2TokenEndpointBox.Text.Length > 0) { authServer.TokenEndpoint = new Uri(this.oauth2TokenEndpointBox.Text); } try { var client = new OAuth2.UserAgentClient(authServer, this.oauth2ClientIdentifierBox.Text, this.oauth2ClientSecretBox.Text); var authorizePopup = new Authorize2(client); authorizePopup.Authorization.Scope.AddRange(OAuthUtilities.SplitScopes(this.oauth2ScopeBox.Text)); authorizePopup.Authorization.Callback = new Uri("http://www.microsoft.com/en-us/default.aspx"); authorizePopup.Owner = this; authorizePopup.ClientAuthorizationView.RequestImplicitGrant = this.flowBox.SelectedIndex == 1; bool?result = authorizePopup.ShowDialog(); if (result.HasValue && result.Value) { var request = new HttpRequestMessage( new HttpMethod(((ComboBoxItem)this.oauth2ResourceHttpMethodList.SelectedValue).Content.ToString()), this.oauth2ResourceUrlBox.Text); using (var httpClient = new HttpClient(client.CreateAuthorizingHandler(authorizePopup.Authorization))) { using (var resourceResponse = await httpClient.SendAsync(request)) { this.oauth2ResultsBox.Text = await resourceResponse.Content.ReadAsStringAsync(); } } } } catch (Messaging.ProtocolException ex) { MessageBox.Show(this, ex.Message); } catch (WebException ex) { string responseText = string.Empty; if (ex.Response != null) { using (var responseReader = new StreamReader(ex.Response.GetResponseStream())) { responseText = responseReader.ReadToEnd(); } } MessageBox.Show(this, ex.Message + " " + responseText); } }
private IAuthorizationState GetAccessToken(string refresh) { var authorizationServer = new AuthorizationServerDescription { TokenEndpoint = new Uri(this.TokenUri), ProtocolVersion = ProtocolVersion.V20, }; var client = new UserAgentClient(authorizationServer, this.ClientId, this.ClientSecret); IAuthorizationState ostate; if (refresh == null) ostate = client.GetClientAccessToken(new[] { this.API_EndpointUri }); else { ostate = new AuthorizationState(new[] { this.API_EndpointUri }); ostate.RefreshToken = refresh; client.RefreshAuthorization(ostate); } return ostate; }
public Uri GetAuthorizationUri() { _endPoint = "https://start.exactonline.com"; _authorization = new AuthorizationState { Callback = new Uri("http://localhost:19648/home/exoauth2") }; var serverDescription = new AuthorizationServerDescription { AuthorizationEndpoint = new Uri(string.Format("{0}/api/oauth2/auth", _endPoint)), TokenEndpoint = new Uri(string.Format("{0}/api/oauth2/token", _endPoint)) }; _oAuthClient = new UserAgentClient(serverDescription, "eb93389b-9532-46ca-9b24-898a38e91c22", "jYzWXVFiE87C"); _oAuthClient.ClientCredentialApplicator = ClientCredentialApplicator.PostParameter("jYzWXVFiE87C"); return _oAuthClient.RequestUserAuthorization(_authorization); }
public string RetrieveAuthorization(UserAgentClient client, IAuthorizationState authorizationState) { if (!HttpListener.IsSupported) { throw new NotSupportedException("HttpListener is not supported by this platform."); } // Create a HttpListener for the specified url. //string url = string.Format(LoopbackCallback, GetRandomUnusedPort(), Util.ApplicationName); string url = string.Format(LoopbackCallback, GetRandomUnusedPort()); authorizationState.Callback = new Uri(url); var webserver = new HttpListener(); webserver.Prefixes.Add(url); // Retrieve the authorization url. Uri authUrl = client.RequestUserAuthorization(authorizationState); try { // Start the webserver. webserver.Start(); // Open the browser. Process.Start(authUrl.ToString() + "&access_type=offline&approval_prompt=force"); // Wait for the incoming connection, then handle the request. return HandleRequest(webserver.GetContext()); } catch (HttpListenerException ex) { throw new NotSupportedException("The HttpListener threw an exception.", ex); } finally { // Stop the server after handling the one request. webserver.Stop(); } }
public string RetrieveAuthorization(UserAgentClient client, IAuthorizationState authorizationState) { // Create the Url. authorizationState.Callback = new Uri(OutOfBandCallback); Uri url = client.RequestUserAuthorization(authorizationState); // Show the dialog. if (!Application.RenderWithVisualStyles) { Application.EnableVisualStyles(); } Application.DoEvents(); string authCode = OAuth2AuthorizationDialog.ShowDialog(url); Application.DoEvents(); if (string.IsNullOrEmpty(authCode)) { return null; // User cancelled the request. } return authCode; }
private static IAuthorizationState GetAccessToken(string refresh) { var authorizationServer = new AuthorizationServerDescription { TokenEndpoint = new Uri(TokenEndpoint), ProtocolVersion = ProtocolVersion.V20, }; // get a reference to the auth server var client = new UserAgentClient(authorizationServer, ClientId, ClientSecret); // now get a token IAuthorizationState authorizationState; if (refresh == null) { authorizationState = client.ExchangeUserCredentialForToken(TestUsername, TestPassword, new[] { ApiEndpoint }); } else { // we had previously authenticated so we can use the token rather than the credentials to get a new access token authorizationState = new AuthorizationState(new[] { ApiEndpoint }) { RefreshToken = refresh }; client.RefreshAuthorization(authorizationState); } // return result return authorizationState; }
public static Uri GetAuthorization(UserAgentClient appClient) { return appClient.RequestUserAuthorization(GetState()); }
internal Authorize2(UserAgentClient client) { Requires.NotNull(client, "client"); this.InitializeComponent(); this.clientAuthorizationView.Client = client; }
internal Authorize2(UserAgentClient client) { this.InitializeComponent(); this.clientAuthorizationView.Client = client; }
internal Authorize2(UserAgentClient client) { Contract.Requires(client != null, "client"); this.InitializeComponent(); this.clientAuthorizationView.Client = client; }
private static IAuthorizationState GetAccessToken(string refresh) { var authorizationServer = new AuthorizationServerDescription { //AuthorizationEndpoint = new Uri(AUTHORIZATION_ENDPOINT), TokenEndpoint = new Uri(TOKEN_ENDPOINT), ProtocolVersion = ProtocolVersion.V20, }; // get a reference to the auth server var client = new UserAgentClient(authorizationServer, CLIENT_ID, CLIENT_SECRET); // now get a token IAuthorizationState ostate; if (refresh == null) ostate = client.ExchangeUserCredentialForToken(TEST_USERNAME, TEST_PASSWORD, new[] { API_ENDPOINT }); else { // we had previously authenticated so we can use the token rather than the credentials to get a new access token ostate = new AuthorizationState(new[] { API_ENDPOINT }); ostate.RefreshToken = refresh; client.RefreshAuthorization(ostate); } // return result return ostate; }