/// <summary> /// Configures this handler to authorize outbound HTTP requests using an access token. The access token is only attached if at least one of /// <paramref name="authorizedUrls" /> is a base of <see cref="HttpRequestMessage.RequestUri" />. /// </summary> /// <param name="authorizedUrls">The base addresses of endpoint URLs to which the token will be attached.</param> /// <param name="scopes">The list of scopes to use when requesting an access token.</param> /// identity provider is necessary. /// <returns>This <see cref="AuthorizationMessageHandler"/>.</returns> public AuthorizationMessageHandler ConfigureHandler( IEnumerable <string> authorizedUrls, IEnumerable <string> scopes = null) { if (_authorizedUris != null) { throw new InvalidOperationException("Handler already configured."); } if (authorizedUrls == null) { throw new ArgumentNullException(nameof(authorizedUrls)); } var uris = authorizedUrls.Select(uri => new Uri(uri, UriKind.Absolute)).ToArray(); if (uris.Length == 0) { throw new ArgumentException("At least one URL must be configured.", nameof(authorizedUrls)); } _authorizedUris = uris; var scopesList = scopes?.ToArray(); if (scopesList != null) { _tokenOptions = new AccessTokenRequestOptions { Scopes = scopesList, }; } return(this); }
/// <inheritdoc /> public virtual async Task <AccessTokenResult> RequestAccessToken(AccessTokenRequestOptions options) { if (options is null) { throw new ArgumentNullException(nameof(options)); } var clientScopes = Client.Options.Scope.Split(' '); foreach (var scope in options.Scopes) { if (!clientScopes.Contains(scope)) { // unfortunately with the OS primitives and the popup windows, there is no silent // way to acquire a token with an additional scope, so we might as well tell // the application to redo the sign in with the additional scope. return(new AccessTokenResult(this, AccessTokenResultStatus.RequiresRedirect, token: null)); } } return(await RequestAccessToken()); }