/// <summary>
/// Configures this handler to authorize outbound HTTP requests using an access token. The access token is only attached if at least one of
/// <paramref name="authorizedUrls" /> is a base of <see cref="HttpRequestMessage.RequestUri" />.
/// </summary>
/// <param name="authorizedUrls">The base addresses of endpoint URLs to which the token will be attached.</param>
/// <param name="scopes">The list of scopes to use when requesting an access token.</param>
/// identity provider is necessary.
/// <returns>This <see cref="AuthorizationMessageHandler"/>.</returns>
public AuthorizationMessageHandler ConfigureHandler(
IEnumerable <string> authorizedUrls,
IEnumerable <string> scopes = null)
{
if (_authorizedUris != null)
{
throw new InvalidOperationException("Handler already configured.");
}
if (authorizedUrls == null)
{
throw new ArgumentNullException(nameof(authorizedUrls));
}
var uris = authorizedUrls.Select(uri => new Uri(uri, UriKind.Absolute)).ToArray();
if (uris.Length == 0)
{
throw new ArgumentException("At least one URL must be configured.", nameof(authorizedUrls));
}
_authorizedUris = uris;
var scopesList = scopes?.ToArray();
if (scopesList != null)
{
_tokenOptions = new AccessTokenRequestOptions
{
Scopes = scopesList,
};
}
return(this);
}
/// <inheritdoc />
public virtual async Task <AccessTokenResult> RequestAccessToken(AccessTokenRequestOptions options)
{
if (options is null)
{
throw new ArgumentNullException(nameof(options));
}
var clientScopes = Client.Options.Scope.Split(' ');
foreach (var scope in options.Scopes)
{
if (!clientScopes.Contains(scope))
{
// unfortunately with the OS primitives and the popup windows, there is no silent
// way to acquire a token with an additional scope, so we might as well tell
// the application to redo the sign in with the additional scope.
return(new AccessTokenResult(this, AccessTokenResultStatus.RequiresRedirect, token: null));
}
}
return(await RequestAccessToken());
}
