public AccessTokenModule(IAccessTokenEndPointService service, IErrorResponseBuilder errorResponseBuilder) : base("/oauth/access_token")
        {
            this.RequiresAuthentication();

            Post["/"] = parameters => {
                var request =
                    this.Bind <AccessTokenRequest>();

                // Perhaps always validate that the grant type == "authorization_code" and
                // return an error with unsupported_grant_type message???

                // Needs to validate that the authorization code was issues to the logged in
                // user and nobody else. Also need to verify the redirect_uri. Possibly verify
                // that the code is still valid to use (time-to-live)
                var results =
                    service.ValidateRequest(request, this.Context);

                if (!results.IsValid)
                {
                    return(Response.AsErrorResponse(errorResponseBuilder.Build(results.ErrorType, null), request.RedirectUri));
                }

                var response =
                    service.CreateAccessTokenResponse(request, this.Context);

                // TODO: need to set "Cache-Control: no-store" and "Pragma: no-cache" headers on the response to comply with the specification
                return(Response.AsJson(response));
            };
        }
        public AccessTokenModule(IAccessTokenEndPointService service, IErrorResponseBuilder errorResponseBuilder) : base("/oauth/access_token")
        {
            this.RequiresAuthentication();

            Post["/"] = parameters =>{

                var request =
                    this.Bind<AccessTokenRequest>();

                // Perhaps always validate that the grant type == "authorization_code" and
                // return an error with unsupported_grant_type message???

                // Needs to validate that the authorization code was issues to the logged in
                // user and nobody else. Also need to verify the redirect_uri. Possibly verify
                // that the code is still valid to use (time-to-live)
                var results =
                    service.ValidateRequest(request, this.Context);

                if (!results.IsValid)
                {
                    return Response.AsErrorResponse(errorResponseBuilder.Build(results.ErrorType, null), request.RedirectUri);
                }

                var response =
                    service.CreateAccessTokenResponse(request, this.Context);

                // TODO: need to set "Cache-Control: no-store" and "Pragma: no-cache" headers on the response to comply with the specification
                return Response.AsJson(response);
            };
        }
示例#3
0
        public TokenModule(
            ITokenEndpointService service,
            IErrorResponseBuilder errorResponseBuilder)
            : base(OAuth.Configuration.GetFullPath(x => x.TokenRoute))
        {
            _service = service;
            _errorResponseBuilder = errorResponseBuilder;

            Post["/", ctx => OAuth.IsEnabled] = _ => CreateToken();
        }
示例#4
0
        public AuthorizeModule(
            IAuthorizationEndpointService service,
            IErrorResponseBuilder errorResponseBuilder)
            : base(OAuth.Configuration.GetFullPath(x => x.AuthorizationRequestRoute))
        {
            _service = service;
            _errorResponseBuilder = errorResponseBuilder;

            this.RequiresAuthentication();

            Get["/", ctx => OAuth.IsEnabled] = _ => Index();
            Post[OAuth.Configuration.AuthorizationAllowRoute, ctx => OAuth.IsEnabled] = _ => Allow();
            Post[OAuth.Configuration.AuthorizationDenyRoute, ctx => OAuth.IsEnabled]  = _ => Deny();
        }
 public void SetErrorResponseBuilder(IErrorResponseBuilder init_errResponseBuilder)
 {
     errResponseBuilder = init_errResponseBuilder;
 }
        /// <summary>
        /// The base address and the various end-points in the module should be grabbed from an
        /// OAuthConfiguration and should provide sensible default-values that can be overriden
        /// when you enable OAuth in your application.
        /// </summary>
        public AuthorizationModule(
            IAuthorizationEndPointService service, 
            IErrorResponseBuilder errorResponseBuilder) : base(OAuth.Configuration.GetFullPath(x => x.AuthorizationRequestRoute))
        {
            this.RequiresAuthentication();

            Get["/", ctx => OAuth.IsEnabled] = parameters =>
            {
                var request =
                    this.Bind<AuthorizationRequest>();

                // Should a seperate check for AuthorizationRequest.ResponseType == "code" be performed
                // before the request is validated? According to the specification, it always has to
                // be set to "code" for authorization code grant. By checking it here, and returning
                // an error of AuthorizationErrorType.UnsupportedResponseType it could be made sure that
                // the user implementation never miss it?!

                var results =
                    service.ValidateRequest(request, this.Context);

                if (!results.IsValid)
                {
                    return Response.AsErrorResponse(errorResponseBuilder.Build(results.ErrorType, request.State), request.RedirectUrl);
                }

                // Use something more secure than the username
                this.Session[Context.CurrentUser.UserName] = request;
                
                var authorizationView =
                    service.GetAuthorizationView(request, this.Context);

                return View[authorizationView.Item1, authorizationView.Item2];
            };

            Post[OAuth.Configuration.AuthorizationAllowRoute, ctx => OAuth.IsEnabled] = parameters =>
            {

                var token =
                    service.GenerateAuthorizationToken(this.Context);

                var request =
                    this.Session[Context.CurrentUser.UserName] as AuthorizationRequest;

                if (request == null)
                {
                    return HttpStatusCode.InternalServerError;
                }

                var response =
                    new AuthorizationResponse
                    {
                        Code = token,
                        State = request.State
                    };

                // TODO: Perhaps use an UriBuilder instead?
                var url =
                    string.Concat(request.RedirectUrl, response.AsQueryString());

                return Response.AsRedirect(url);
            };

            Post[OAuth.Configuration.AuthorizationDenyRoute, ctx => OAuth.IsEnabled] = parameters =>
            {
                var request =
                    this.Session[Context.CurrentUser.UserName] as AuthorizationRequest;

                return request == null ? 
                    HttpStatusCode.InternalServerError : 
                    Response.AsErrorResponse(errorResponseBuilder.Build(ErrorType.AccessDenied, request.State), request.RedirectUrl);
            };
        }
        /// <summary>
        /// The base address and the various end-points in the module should be grabbed from an
        /// OAuthConfiguration and should provide sensible default-values that can be overriden
        /// when you enable OAuth in your application.
        /// </summary>
        public AuthorizationModule(
            IAuthorizationEndPointService service,
            IErrorResponseBuilder errorResponseBuilder) : base(OAuth.Configuration.GetFullPath(x => x.AuthorizationRequestRoute))
        {
            this.RequiresAuthentication();

            Get["/", ctx => OAuth.IsEnabled] = parameters =>
            {
                var request =
                    this.Bind <AuthorizationRequest>();

                // Should a seperate check for AuthorizationRequest.ResponseType == "code" be performed
                // before the request is validated? According to the specification, it always has to
                // be set to "code" for authorization code grant. By checking it here, and returning
                // an error of AuthorizationErrorType.UnsupportedResponseType it could be made sure that
                // the user implementation never miss it?!

                var results =
                    service.ValidateRequest(request, this.Context);

                if (!results.IsValid)
                {
                    return(Response.AsErrorResponse(errorResponseBuilder.Build(results.ErrorType, request.State), request.RedirectUrl));
                }

                // Use something more secure than the username
                this.Session[Context.CurrentUser.UserName] = request;

                var authorizationView =
                    service.GetAuthorizationView(request, this.Context);

                return(View[authorizationView.Item1, authorizationView.Item2]);
            };

            Post[OAuth.Configuration.AuthorizationAllowRoute, ctx => OAuth.IsEnabled] = parameters =>
            {
                var token =
                    service.GenerateAuthorizationToken(this.Context);

                var request =
                    this.Session[Context.CurrentUser.UserName] as AuthorizationRequest;

                if (request == null)
                {
                    return(HttpStatusCode.InternalServerError);
                }

                var response =
                    new AuthorizationResponse
                {
                    Code  = token,
                    State = request.State
                };

                // TODO: Perhaps use an UriBuilder instead?
                var url =
                    string.Concat(request.RedirectUrl, response.AsQueryString());

                return(Response.AsRedirect(url));
            };

            Post[OAuth.Configuration.AuthorizationDenyRoute, ctx => OAuth.IsEnabled] = parameters =>
            {
                var request =
                    this.Session[Context.CurrentUser.UserName] as AuthorizationRequest;

                return(request == null ?
                       HttpStatusCode.InternalServerError :
                       Response.AsErrorResponse(errorResponseBuilder.Build(ErrorType.AccessDenied, request.State), request.RedirectUrl));
            };
        }
 public void SetErrorResponseBuilder(IErrorResponseBuilder init_errResponseBuilder)
 {
     errResponseBuilder = init_errResponseBuilder;
 }