diff options
Diffstat (limited to 'src/OAuth/OAuthAuthorizationServer/Code/Client.cs')
| -rw-r--r-- | src/OAuth/OAuthAuthorizationServer/Code/Client.cs | 29 |
1 files changed, 21 insertions, 8 deletions
diff --git a/src/OAuth/OAuthAuthorizationServer/Code/Client.cs b/src/OAuth/OAuthAuthorizationServer/Code/Client.cs index 0013f27..cf5ea59 100644 --- a/src/OAuth/OAuthAuthorizationServer/Code/Client.cs +++ b/src/OAuth/OAuthAuthorizationServer/Code/Client.cs @@ -1,7 +1,7 @@ namespace OAuthAuthorizationServer.Code { using System; using System.Collections.Generic; - + using DotNetOpenAuth.Messaging; using DotNetOpenAuth.OAuth2; /// <summary> @@ -11,13 +11,6 @@ #region IConsumerDescription Members /// <summary> - /// Gets the client secret. - /// </summary> - string IClientDescription.Secret { - get { return this.ClientSecret; } - } - - /// <summary> /// Gets the callback to use when an individual authorization request /// does not include an explicit callback URI. /// </summary> @@ -36,6 +29,13 @@ } /// <summary> + /// Gets a value indicating whether a non-empty secret is registered for this client. + /// </summary> + bool IClientDescription.HasNonEmptySecret { + get { return !string.IsNullOrEmpty(this.ClientSecret); } + } + + /// <summary> /// Determines whether a callback URI included in a client's authorization request /// is among those allowed callbacks for the registered client. /// </summary> @@ -59,6 +59,19 @@ return false; } + /// <summary> + /// Checks whether the specified client secret is correct. + /// </summary> + /// <param name="secret">The secret obtained from the client.</param> + /// <returns><c>true</c> if the secret matches the one in the authorization server's record for the client; <c>false</c> otherwise.</returns> + /// <remarks> + /// All string equality checks, whether checking secrets or their hashes, + /// should be done using <see cref="MessagingUtilities.EqualsConstantTime"/> to mitigate timing attacks. + /// </remarks> + bool IClientDescription.IsValidClientSecret(string secret) { + return MessagingUtilities.EqualsConstantTime(secret, this.ClientSecret); + } + #endregion } }
\ No newline at end of file |