public object TokenExchangeAfterAuthentication(string username, string password, string token) { var response = new OAuthAuthenticateResponse(); // TODO surround with try/catch and present 403 or 400 if token is unknown/invalid var request_token = Rainy.RainyStandaloneServer.OAuth.RequestTokens.GetToken(token); // the verifier is important, it is proof that the user successfully authorized // the verifier is later tested by the OAuth10aInspector to macht request_token.Verifier = Guid.NewGuid().ToString(); request_token.AccessDenied = false; request_token.AccessToken = new AccessToken() { ConsumerKey = request_token.ConsumerKey, Realm = request_token.Realm, Token = Guid.NewGuid().ToString(), TokenSecret = Guid.NewGuid().ToString(), UserName = username, ExpiryDate = DateTime.Now.AddYears(99) }; RainyStandaloneServer.OAuth.RequestTokens.SaveToken(request_token); Logger.DebugFormat("created an access token for user {0}: {1}", username, token); // redirect to the provded callback var redirect_url = request_token.CallbackUrl + "?oauth_verifier=" + request_token.Verifier + "&oauth_token=" + request_token.Token; response.RedirectUrl = redirect_url; // the browser/gateway page should take the RedirectUrl and access it // note that the redirect url points to a tomboy listener, or tomdroid listener (tomdroid://...) return(response); }
public object TokenExchangeAfterAuthentication(string username, string password, string token) { var response = new OAuthAuthenticateResponse(); var rng = new RNGCryptoServiceProvider(); // TODO surround with try/catch and present 403 or 400 if token is unknown/invalid var request_token = oauthHandler.RequestTokens.GetToken(token); // the verifier is important, it is proof that the user successfully authorized // the verifier is later tested by the OAuth10aInspector to macht request_token.Verifier = rng.Create256BitLowerCaseHexKey(); request_token.AccessDenied = false; var access_token = GenerateAccessToken(username, password); request_token.AccessToken = access_token; oauthHandler.RequestTokens.SaveToken(request_token); Logger.DebugFormat("created an access token for user {0}: {1}", username, token); // redirect to the provded callback var redirect_url = request_token.CallbackUrl + "?oauth_verifier=" + request_token.Verifier + "&oauth_token=" + request_token.Token; response.RedirectUrl = redirect_url; // the browser/gateway page should take the RedirectUrl and access it // note that the redirect url points to a tomboy listener, or tomdroid listener (tomdroid://...) return(response); }