16 files changed, 519 insertions, 312 deletions
diff --git a/src/OAuth/OAuthAuthorizationServer/Code/OAuth2AuthorizationServer.cs b/src/OAuth/OAuthAuthorizationServer/Code/OAuth2AuthorizationServer.cs
index eb7f1f5..aa9f3e6 100644
--- a/src/OAuth/OAuthAuthorizationServer/Code/OAuth2AuthorizationServer.cs
+++ b/src/OAuth/OAuthAuthorizationServer/Code/OAuth2AuthorizationServer.cs
@@ -31,7 +31,11 @@
 
 		#region Implementation of IAuthorizationServerHost
 
-		public ICryptoKeyStore CryptoKeyStore {
+	    public AutomatedAuthorizationCheckResponse CheckAuthorizeClientCredentialsGrant(IAccessTokenRequest accessRequest) {
+	        throw new NotImplementedException();
+	    }
+
+	    public ICryptoKeyStore CryptoKeyStore {
 			get { return MvcApplication.KeyNonceStore; }
 		}
 
@@ -78,7 +82,11 @@
 			return this.IsAuthorizationValid(authorization.Scope, authorization.ClientIdentifier, authorization.UtcIssued, authorization.User);
 		}
 
-		public bool TryAuthorizeResourceOwnerCredentialGrant(string userName, string password, IAccessTokenRequest accessRequest, out string canonicalUserName) {
+	    public AutomatedUserAuthorizationCheckResponse CheckAuthorizeResourceOwnerCredentialGrant(string userName, string password, IAccessTokenRequest accessRequest) {
+	        throw new NotImplementedException();
+	    }
+
+	    public bool TryAuthorizeResourceOwnerCredentialGrant(string userName, string password, IAccessTokenRequest accessRequest, out string canonicalUserName) {
 			// This web site delegates user authentication to OpenID Providers, and as such no users have local passwords with this server.
 			throw new NotSupportedException();
 		}
diff --git a/src/OAuth/OAuthAuthorizationServer/OAuthAuthorizationServer.csproj b/src/OAuth/OAuthAuthorizationServer/OAuthAuthorizationServer.csproj
index 07f5f47..d0834df 100644
--- a/src/OAuth/OAuthAuthorizationServer/OAuthAuthorizationServer.csproj
+++ b/src/OAuth/OAuthAuthorizationServer/OAuthAuthorizationServer.csproj
@@ -44,32 +44,41 @@
     <WarningLevel>4</WarningLevel>
   </PropertyGroup>
   <ItemGroup>
-    <Reference Include="DotNetOpenAuth.Core">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.Core.4.1.0.12182\lib\net40-full\DotNetOpenAuth.Core.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.Core, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.Core.4.3.1.13153\lib\net40-full\DotNetOpenAuth.Core.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.Core.UI">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.Core.UI.4.1.0.12182\lib\net40-full\DotNetOpenAuth.Core.UI.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.Core.UI, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.Core.UI.4.3.1.13153\lib\net40-full\DotNetOpenAuth.Core.UI.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OAuth2">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.Core.0.25.0-draft1\lib\net40-full\DotNetOpenAuth.OAuth2.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OAuth2, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.Core.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OAuth2.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OAuth2.AuthorizationServer">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.AuthorizationServer.0.25.0-draft1\lib\net40-full\DotNetOpenAuth.OAuth2.AuthorizationServer.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OAuth2.AuthorizationServer, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.AuthorizationServer.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OAuth2.AuthorizationServer.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OAuth2.ClientAuthorization">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.ClientAuthorization.0.25.0-draft1\lib\net40-full\DotNetOpenAuth.OAuth2.ClientAuthorization.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OAuth2.ClientAuthorization, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.ClientAuthorization.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OAuth2.ClientAuthorization.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OpenId">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Core.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OpenId, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Core.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OpenId.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OpenId.RelyingParty">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.RelyingParty.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.RelyingParty.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OpenId.RelyingParty, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.RelyingParty.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OpenId.RelyingParty.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OpenId.RelyingParty.UI">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.RelyingParty.UI.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.RelyingParty.UI.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OpenId.RelyingParty.UI, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.RelyingParty.UI.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OpenId.RelyingParty.UI.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OpenId.UI">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Core.UI.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.UI.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OpenId.UI, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Core.UI.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OpenId.UI.dll</HintPath>
     </Reference>
     <Reference Include="log4net">
       <HintPath>..\..\..\packages\log4net.2.0.0\lib\net40-full\log4net.dll</HintPath>
@@ -79,6 +88,31 @@
     <Reference Include="System.Data" />
     <Reference Include="System.Data.Linq" />
     <Reference Include="System.Drawing" />
+    <Reference Include="System.IO">
+      <HintPath>..\..\..\packages\Microsoft.Bcl.1.1.3\lib\net40\System.IO.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Net.Http, Version=2.2.13.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\Microsoft.Net.Http.2.2.13\lib\net40\System.Net.Http.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Net.Http.Extensions, Version=2.2.13.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\Microsoft.Net.Http.2.2.13\lib\net40\System.Net.Http.Extensions.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Net.Http.Primitives, Version=2.2.13.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\Microsoft.Net.Http.2.2.13\lib\net40\System.Net.Http.Primitives.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Net.Http.WebRequest, Version=2.2.13.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\Microsoft.Net.Http.2.2.13\lib\net40\System.Net.Http.WebRequest.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Runtime">
+      <HintPath>..\..\..\packages\Microsoft.Bcl.1.1.3\lib\net40\System.Runtime.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Threading.Tasks">
+      <HintPath>..\..\..\packages\Microsoft.Bcl.1.1.3\lib\net40\System.Threading.Tasks.dll</HintPath>
+    </Reference>
     <Reference Include="System.Web.DynamicData" />
     <Reference Include="System.Web.Entity" />
     <Reference Include="System.Web.ApplicationServices" />
@@ -235,4 +269,5 @@
   </ProjectExtensions>
   <Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildProjectDirectory), EnlistmentInfo.targets))\EnlistmentInfo.targets" Condition=" '$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildProjectDirectory), EnlistmentInfo.targets))' != '' " />
   <Import Project="$(SolutionDir)\.nuget\nuget.targets" />
+  <Import Project="..\..\..\packages\Microsoft.Bcl.Build.1.0.8\tools\Microsoft.Bcl.Build.targets" />
 </Project>
 \ No newline at end of file
diff --git a/src/OAuth/OAuthAuthorizationServer/Web.config b/src/OAuth/OAuthAuthorizationServer/Web.config
index fc811c8..71b76f0 100644
--- a/src/OAuth/OAuthAuthorizationServer/Web.config
+++ b/src/OAuth/OAuthAuthorizationServer/Web.config
@@ -11,17 +11,17 @@
       <sectionGroup name="oauth2" type="DotNetOpenAuth.Configuration.OAuth2SectionGroup, DotNetOpenAuth.OAuth2">
         <section name="authorizationServer" type="DotNetOpenAuth.Configuration.OAuth2AuthorizationServerSection, DotNetOpenAuth.OAuth2.AuthorizationServer" requirePermission="false" allowLocation="true" />
       </sectionGroup>
-      <section name="messaging" type="DotNetOpenAuth.Configuration.MessagingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" />
-      <section name="reporting" type="DotNetOpenAuth.Configuration.ReportingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" />
-      <section name="openid" type="DotNetOpenAuth.Configuration.OpenIdElement, DotNetOpenAuth.OpenId" requirePermission="false" allowLocation="true" />
-    </sectionGroup>
+      
+      
+      
+    <section name="messaging" type="DotNetOpenAuth.Configuration.MessagingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" /><section name="reporting" type="DotNetOpenAuth.Configuration.ReportingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" /><section name="openid" type="DotNetOpenAuth.Configuration.OpenIdElement, DotNetOpenAuth.OpenId" requirePermission="false" allowLocation="true" /></sectionGroup>
   </configSections>
   <!-- The uri section is necessary to turn on .NET 3.5 support for IDN (international domain names),
 	     which is necessary for OpenID urls with unicode characters in the domain/host name. 
 	     It is also required to put the Uri class into RFC 3986 escaping mode, which OpenID and OAuth require. -->
   <!-- this is an optional configuration section where aspects of dotnetopenauth can be customized -->
   <dotNetOpenAuth>
-    <!-- Allow DotNetOpenAuth to publish usage statistics to library authors to improve the library. -->
+    
     <oauth2>
       <authorizationServer></authorizationServer>
     </oauth2>
@@ -31,26 +31,15 @@
         <whitelistHosts>
           <!-- since this is a sample, and will often be used with localhost -->
           <add name="localhost" />
-        </whitelistHosts>
+        <!-- Uncomment to enable communication with localhost (should generally not activate in production!) --><!--<add name="localhost" />--></whitelistHosts>
       </untrustedWebRequest>
     </messaging>
-    <reporting enabled="true" />
-    <openid>
-      <relyingParty>
-        <security requireSsl="false">
-          <!-- Uncomment the trustedProviders tag if your relying party should only accept positive assertions from a closed set of OpenID Providers. -->
-          <!--<trustedProviders rejectAssertionsFromUntrustedProviders="true">
+    
+    
+  <!-- Allow DotNetOpenAuth to publish usage statistics to library authors to improve the library. --><reporting enabled="true" /><!-- This is an optional configuration section where aspects of dotnetopenauth can be customized. --><!-- For a complete set of configuration options see http://www.dotnetopenauth.net/developers/code-snippets/configuration-options/ --><openid><relyingParty><security requireSsl="false"><!-- Uncomment the trustedProviders tag if your relying party should only accept positive assertions from a closed set of OpenID Providers. --><!--<trustedProviders rejectAssertionsFromUntrustedProviders="true">
 						<add endpoint="https://www.google.com/accounts/o8/ud" />
-					</trustedProviders>-->
-        </security>
-        <behaviors>
-          <!-- The following OPTIONAL behavior allows RPs to use SREG only, but be compatible
-					     with OPs that use Attribute Exchange (in various formats). -->
-          <add type="DotNetOpenAuth.OpenId.RelyingParty.Behaviors.AXFetchAsSregTransform, DotNetOpenAuth.OpenId.RelyingParty" />
-        </behaviors>
-      </relyingParty>
-    </openid>
-  </dotNetOpenAuth>
+					</trustedProviders>--></security><behaviors><!-- The following OPTIONAL behavior allows RPs to use SREG only, but be compatible
+					     with OPs that use Attribute Exchange (in various formats). --><add type="DotNetOpenAuth.OpenId.RelyingParty.Behaviors.AXFetchAsSregTransform, DotNetOpenAuth.OpenId.RelyingParty" /></behaviors></relyingParty></openid></dotNetOpenAuth>
   <log4net>
     <!-- Setup the root category, add the appenders and set the default level -->
     <root>
@@ -102,28 +91,30 @@
         <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
         <bindingRedirect oldVersion="1.0.0.0-2.0.0.0" newVersion="3.0.0.0" />
       </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="System.Net.Http" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-2.2.13.0" newVersion="2.2.13.0" />
+      </dependentAssembly>
     </assemblyBinding>
-    <legacyHMACWarning enabled="0" />
-  </runtime>
-  <system.net>
-    <defaultProxy enabled="true" />
-    <settings>
-      <!-- This setting causes .NET to check certificate revocation lists (CRL) 
-			     before trusting HTTPS certificates.  But this setting tends to not 
-			     be allowed in shared hosting environments. -->
-      <!--<servicePointManager checkCertificateRevocationList="true"/>-->
-    </settings>
-  </system.net>
-  <uri>
-    <!-- The uri section is necessary to turn on .NET 3.5 support for IDN (international domain names),
-		     which is necessary for OpenID urls with unicode characters in the domain/host name.
-		     It is also required to put the Uri class into RFC 3986 escaping mode, which OpenID and OAuth require. -->
-    <idn enabled="All" />
-    <iriParsing enabled="true" />
-  </uri>
+    
+  <!-- This prevents the Windows Event Log from frequently logging that HMAC1 is being used (when the other party needs it). --><legacyHMACWarning enabled="0" /><!-- When targeting ASP.NET MVC 3, this assemblyBinding makes MVC 1 and 2 references relink
+		     to MVC 3 so libraries such as DotNetOpenAuth that compile against MVC 1 will work with it.
+		<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
+			<dependentAssembly>
+				<assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
+				<bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
+			</dependentAssembly>
+		</assemblyBinding>
+		 --></runtime>
+  
+  
 
   <appSettings>
     <add key="ClientValidationEnabled" value="false" />
     <add key="UnobtrusiveJavaScriptEnabled" value="false" />
   </appSettings>
-</configuration>
-\ No newline at end of file
+<system.net><defaultProxy enabled="true" /><settings><!-- This setting causes .NET to check certificate revocation lists (CRL) 
+			     before trusting HTTPS certificates.  But this setting tends to not 
+			     be allowed in shared hosting environments. --><!--<servicePointManager checkCertificateRevocationList="true"/>--></settings></system.net><uri><!-- The uri section is necessary to turn on .NET 3.5 support for IDN (international domain names),
+		     which is necessary for OpenID urls with unicode characters in the domain/host name.
+		     It is also required to put the Uri class into RFC 3986 escaping mode, which OpenID and OAuth require. --><idn enabled="All" /><iriParsing enabled="true" /></uri></configuration>
+\ No newline at end of file
diff --git a/src/OAuth/OAuthAuthorizationServer/packages.config b/src/OAuth/OAuthAuthorizationServer/packages.config
index dea78e4..3206181 100644
--- a/src/OAuth/OAuthAuthorizationServer/packages.config
+++ b/src/OAuth/OAuthAuthorizationServer/packages.config
@@ -1,14 +1,16 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
-  <package id="CodeContracts.Unofficial" version="1.0.0.2" targetFramework="net40" />
-  <package id="DotNetOpenAuth.Core" version="4.1.0.12182" targetFramework="net40" />
-  <package id="DotNetOpenAuth.Core.UI" version="4.1.0.12182" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OAuth2.AuthorizationServer" version="0.25.0-draft1" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OAuth2.ClientAuthorization" version="0.25.0-draft1" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OAuth2.Core" version="0.25.0-draft1" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OpenId.Core" version="4.1.0.12182" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OpenId.Core.UI" version="4.1.0.12182" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OpenId.RelyingParty" version="4.1.0.12182" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OpenId.RelyingParty.UI" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.Core" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.Core.UI" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth2.AuthorizationServer" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth2.ClientAuthorization" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth2.Core" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.Core" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.Core.UI" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.RelyingParty" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.RelyingParty.UI" version="4.3.1.13153" targetFramework="net40" />
   <package id="log4net" version="2.0.0" targetFramework="net40" />
+  <package id="Microsoft.Bcl" version="1.1.3" targetFramework="net40" />
+  <package id="Microsoft.Bcl.Build" version="1.0.8" targetFramework="net40" />
+  <package id="Microsoft.Net.Http" version="2.2.13" targetFramework="net40" />
 </packages>
 \ No newline at end of file
diff --git a/src/OAuth/OAuthClient/OAuthClient.csproj b/src/OAuth/OAuthClient/OAuthClient.csproj
index ce73500..9b3890e 100644
--- a/src/OAuth/OAuthClient/OAuthClient.csproj
+++ b/src/OAuth/OAuthClient/OAuthClient.csproj
@@ -50,71 +50,93 @@
     <DefineConstants>$(DefineConstants);SAMPLESONLY</DefineConstants>
   </PropertyGroup>
   <ItemGroup>
-    <Reference Include="DotNetOpenAuth.Core, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.Core.4.1.0.12182\lib\net40-full\DotNetOpenAuth.Core.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.Core, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.Core.4.3.1.13153\lib\net40-full\DotNetOpenAuth.Core.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.Core.UI, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.Core.UI.4.1.0.12182\lib\net40-full\DotNetOpenAuth.Core.UI.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.Core.UI, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.Core.UI.4.3.1.13153\lib\net40-full\DotNetOpenAuth.Core.UI.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.InfoCard, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.InfoCard.4.1.0.12182\lib\net40-full\DotNetOpenAuth.InfoCard.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.InfoCard, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.InfoCard.4.3.1.13153\lib\net40-full\DotNetOpenAuth.InfoCard.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.InfoCard.UI, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.InfoCard.UI.4.1.0.12182\lib\net40-full\DotNetOpenAuth.InfoCard.UI.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.InfoCard.UI, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.InfoCard.UI.4.3.1.13153\lib\net40-full\DotNetOpenAuth.InfoCard.UI.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OAuth, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth.Core.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OAuth.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OAuth, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth.Core.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OAuth.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OAuth.Common, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth.Common.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OAuth.Common.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OAuth.Common, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth.Common.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OAuth.Common.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OAuth.Consumer, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth.Consumer.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OAuth.Consumer.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OAuth.Consumer, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth.Consumer.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OAuth.Consumer.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OAuth.ServiceProvider, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth.ServiceProvider.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OAuth.ServiceProvider.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OAuth.ServiceProvider, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth.ServiceProvider.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OAuth.ServiceProvider.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OAuth2, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.Core.0.25.0-draft1\lib\net40-full\DotNetOpenAuth.OAuth2.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OAuth2, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.Core.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OAuth2.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OAuth2.AuthorizationServer">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.AuthorizationServer.0.25.0-draft1\lib\net40-full\DotNetOpenAuth.OAuth2.AuthorizationServer.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OAuth2.AuthorizationServer, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.AuthorizationServer.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OAuth2.AuthorizationServer.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OAuth2.Client, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.Client.0.25.0-draft1\lib\net40-full\DotNetOpenAuth.OAuth2.Client.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OAuth2.Client, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.Client.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OAuth2.Client.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OAuth2.Client.UI, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.Client.UI.0.25.0-draft1\lib\net40-full\DotNetOpenAuth.OAuth2.Client.UI.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OAuth2.Client.UI, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.Client.UI.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OAuth2.Client.UI.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OAuth2.ClientAuthorization, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.ClientAuthorization.0.25.0-draft1\lib\net40-full\DotNetOpenAuth.OAuth2.ClientAuthorization.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OAuth2.ClientAuthorization, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.ClientAuthorization.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OAuth2.ClientAuthorization.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OAuth2.ResourceServer">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.ResourceServer.0.25.0-draft1\lib\net40-full\DotNetOpenAuth.OAuth2.ResourceServer.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OAuth2.ResourceServer, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.ResourceServer.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OAuth2.ResourceServer.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OpenId, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Core.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OpenId, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Core.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OpenId.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OpenId.Provider, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Provider.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.Provider.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OpenId.Provider, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Provider.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OpenId.Provider.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OpenId.Provider.UI, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Provider.UI.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.Provider.UI.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OpenId.Provider.UI, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Provider.UI.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OpenId.Provider.UI.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OpenId.RelyingParty, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.RelyingParty.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.RelyingParty.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OpenId.RelyingParty, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.RelyingParty.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OpenId.RelyingParty.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OpenId.RelyingParty.UI, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.RelyingParty.UI.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.RelyingParty.UI.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OpenId.RelyingParty.UI, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.RelyingParty.UI.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OpenId.RelyingParty.UI.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OpenId.UI, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Core.UI.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.UI.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OpenId.UI, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Core.UI.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OpenId.UI.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OpenIdInfoCard.UI, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenIdInfoCard.UI.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenIdInfoCard.UI.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OpenIdInfoCard.UI, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenIdInfoCard.UI.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OpenIdInfoCard.UI.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OpenIdOAuth, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenIdOAuth.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenIdOAuth.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OpenIdOAuth, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenIdOAuth.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OpenIdOAuth.dll</HintPath>
     </Reference>
     <Reference Include="log4net">
       <HintPath>..\..\..\packages\log4net.2.0.0\lib\net40-full\log4net.dll</HintPath>
@@ -125,8 +147,33 @@
     <Reference Include="System" />
     <Reference Include="System.Data" />
     <Reference Include="System.Data.DataSetExtensions" />
+    <Reference Include="System.IO">
+      <HintPath>..\..\..\packages\Microsoft.Bcl.1.1.3\lib\net40\System.IO.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Net.Http, Version=2.2.13.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\Microsoft.Net.Http.2.2.13\lib\net40\System.Net.Http.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Net.Http.Extensions, Version=2.2.13.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\Microsoft.Net.Http.2.2.13\lib\net40\System.Net.Http.Extensions.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Net.Http.Primitives, Version=2.2.13.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\Microsoft.Net.Http.2.2.13\lib\net40\System.Net.Http.Primitives.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Net.Http.WebRequest, Version=2.2.13.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\Microsoft.Net.Http.2.2.13\lib\net40\System.Net.Http.WebRequest.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Runtime">
+      <HintPath>..\..\..\packages\Microsoft.Bcl.1.1.3\lib\net40\System.Runtime.dll</HintPath>
+    </Reference>
     <Reference Include="System.Runtime.Serialization" />
     <Reference Include="System.ServiceModel" />
+    <Reference Include="System.Threading.Tasks">
+      <HintPath>..\..\..\packages\Microsoft.Bcl.1.1.3\lib\net40\System.Threading.Tasks.dll</HintPath>
+    </Reference>
     <Reference Include="System.Web.Abstractions" />
     <Reference Include="System.Drawing" />
     <Reference Include="System.Web" />
@@ -295,4 +342,5 @@
   </ProjectExtensions>
   <Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildProjectDirectory), EnlistmentInfo.targets))\EnlistmentInfo.targets" Condition=" '$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildProjectDirectory), EnlistmentInfo.targets))' != '' " />
   <Import Project="$(SolutionDir)\.nuget\nuget.targets" />
+  <Import Project="..\..\..\packages\Microsoft.Bcl.Build.1.0.8\tools\Microsoft.Bcl.Build.targets" />
 </Project>
 \ No newline at end of file
diff --git a/src/OAuth/OAuthClient/Web.config b/src/OAuth/OAuthClient/Web.config
index 1e7b8a4..7971de8 100644
--- a/src/OAuth/OAuthClient/Web.config
+++ b/src/OAuth/OAuthClient/Web.config
@@ -1,40 +1,27 @@
-<?xml version="1.0"?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
   <configSections>
     <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler" requirePermission="false" />
-    <sectionGroup name="dotNetOpenAuth" type="DotNetOpenAuth.Configuration.DotNetOpenAuthSection, DotNetOpenAuth.Core">
-			<section name="openid" type="DotNetOpenAuth.Configuration.OpenIdElement, DotNetOpenAuth.OpenId" requirePermission="false" allowLocation="true" />
-			<section name="oauth" type="DotNetOpenAuth.Configuration.OAuthElement, DotNetOpenAuth.OAuth" requirePermission="false" allowLocation="true" />
-      <section name="messaging" type="DotNetOpenAuth.Configuration.MessagingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" />
-      <section name="reporting" type="DotNetOpenAuth.Configuration.ReportingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" />
-    </sectionGroup>
-  </configSections>
+    
+  <sectionGroup name="dotNetOpenAuth" type="DotNetOpenAuth.Configuration.DotNetOpenAuthSection, DotNetOpenAuth.Core"><section name="messaging" type="DotNetOpenAuth.Configuration.MessagingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" /><section name="reporting" type="DotNetOpenAuth.Configuration.ReportingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" /><section name="openid" type="DotNetOpenAuth.Configuration.OpenIdElement, DotNetOpenAuth.OpenId" requirePermission="false" allowLocation="true" /><section name="oauth" type="DotNetOpenAuth.Configuration.OAuthElement, DotNetOpenAuth.OAuth" requirePermission="false" allowLocation="true" /></sectionGroup></configSections>
   <!-- The uri section is necessary to turn on .NET 3.5 support for IDN (international domain names),
        which is necessary for OpenID urls with unicode characters in the domain/host name. 
        It is also required to put the Uri class into RFC 3986 escaping mode, which OpenID and OAuth require. -->
-	<uri>
-		<idn enabled="All"/>
-		<iriParsing enabled="true"/>
-	</uri>
+	
 
-	<system.net>
-		<defaultProxy enabled="true" />
-		<settings>
-			<!-- This setting causes .NET to check certificate revocation lists (CRL) 
-			     before trusting HTTPS certificates.  But this setting tends to not 
-			     be allowed in shared hosting environments. -->
-			<!--<servicePointManager checkCertificateRevocationList="true"/>-->
-		</settings>
-	</system.net>
+	
 
   <!-- this is an optional configuration section where aspects of dotnetopenauth can be customized -->
   <dotNetOpenAuth>
-    <!-- Allow DotNetOpenAuth to publish usage statistics to library authors to improve the library. -->
-		<reporting enabled="true" />
+    
+		
 
     <!-- Relaxing SSL requirements is useful for simple samples, but NOT a good idea in production. -->
-		<messaging relaxSslRequirements="true" />
-  </dotNetOpenAuth>
+		<messaging relaxSslRequirements="true"><untrustedWebRequest><whitelistHosts><!-- Uncomment to enable communication with localhost (should generally not activate in production!) --><!--<add name="localhost" />--></whitelistHosts></untrustedWebRequest></messaging>
+  <!-- Allow DotNetOpenAuth to publish usage statistics to library authors to improve the library. --><reporting enabled="true" /><!-- This is an optional configuration section where aspects of dotnetopenauth can be customized. --><!-- For a complete set of configuration options see http://www.dotnetopenauth.net/developers/code-snippets/configuration-options/ --><openid><relyingParty><security requireSsl="false"><!-- Uncomment the trustedProviders tag if your relying party should only accept positive assertions from a closed set of OpenID Providers. --><!--<trustedProviders rejectAssertionsFromUntrustedProviders="true">
+						<add endpoint="https://www.google.com/accounts/o8/ud" />
+					</trustedProviders>--></security><behaviors><!-- The following OPTIONAL behavior allows RPs to use SREG only, but be compatible
+					     with OPs that use Attribute Exchange (in various formats). --><add type="DotNetOpenAuth.OpenId.RelyingParty.Behaviors.AXFetchAsSregTransform, DotNetOpenAuth.OpenId.RelyingParty" /></behaviors></relyingParty><provider></provider></openid></dotNetOpenAuth>
   <appSettings>
     <!-- Fill in your various consumer keys and secrets here to make the sample work. -->
     <!-- You must get these values by signing up with each individual service provider. -->
@@ -44,7 +31,7 @@
     <!-- Google sign-up: https://www.google.com/accounts/ManageDomains -->
     <add key="googleConsumerKey" value="anonymous" />
     <add key="googleConsumerSecret" value="anonymous" />
-    <!-- Yammer sign-up: https://www.yammer.com/client_applications/new -->
+    <!-- Yammer sign-up: https://www.yammer.com/client_applications -->
     <add key="yammerConsumerKey" value="" />
     <add key="yammerConsumerSecret" value="" />
     <!-- Facebook sign-up: http://developers.facebook.com/setup/ -->
@@ -132,4 +119,24 @@
 	<system.webServer>
 		<modules runAllManagedModulesForAllRequests="true" />
 	</system.webServer>
-</configuration>
-\ No newline at end of file
+  <runtime>
+    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
+      <dependentAssembly>
+        <assemblyIdentity name="System.Net.Http" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-2.2.13.0" newVersion="2.2.13.0" />
+      </dependentAssembly>
+    </assemblyBinding>
+  <!-- This prevents the Windows Event Log from frequently logging that HMAC1 is being used (when the other party needs it). --><legacyHMACWarning enabled="0" /><!-- When targeting ASP.NET MVC 3, this assemblyBinding makes MVC 1 and 2 references relink
+		     to MVC 3 so libraries such as DotNetOpenAuth that compile against MVC 1 will work with it.
+		<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
+			<dependentAssembly>
+				<assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
+				<bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
+			</dependentAssembly>
+		</assemblyBinding>
+		 --></runtime>
+<system.net><defaultProxy enabled="true" /><settings><!-- This setting causes .NET to check certificate revocation lists (CRL) 
+			     before trusting HTTPS certificates.  But this setting tends to not 
+			     be allowed in shared hosting environments. --><!--<servicePointManager checkCertificateRevocationList="true"/>--></settings></system.net><uri><!-- The uri section is necessary to turn on .NET 3.5 support for IDN (international domain names),
+		     which is necessary for OpenID urls with unicode characters in the domain/host name.
+		     It is also required to put the Uri class into RFC 3986 escaping mode, which OpenID and OAuth require. --><idn enabled="All" /><iriParsing enabled="true" /></uri></configuration>
diff --git a/src/OAuth/OAuthClient/packages.config b/src/OAuth/OAuthClient/packages.config
index 6754ed1..31a8896 100644
--- a/src/OAuth/OAuthClient/packages.config
+++ b/src/OAuth/OAuthClient/packages.config
@@ -1,28 +1,30 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
-  <package id="CodeContracts.Unofficial" version="1.0.0.2" targetFramework="net40" />
-  <package id="DotNetOpenAuth" version="4.1.0.12182" targetFramework="net40" />
-  <package id="DotNetOpenAuth.Core" version="4.1.0.12182" targetFramework="net40" />
-  <package id="DotNetOpenAuth.Core.UI" version="4.1.0.12182" targetFramework="net40" />
-  <package id="DotNetOpenAuth.InfoCard" version="4.1.0.12182" targetFramework="net40" />
-  <package id="DotNetOpenAuth.InfoCard.UI" version="4.1.0.12182" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OAuth.Common" version="4.1.0.12182" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OAuth.Consumer" version="4.1.0.12182" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OAuth.Core" version="4.1.0.12182" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OAuth.ServiceProvider" version="4.1.0.12182" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OAuth2.AuthorizationServer" version="0.25.0-draft1" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OAuth2.Client" version="0.25.0-draft1" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OAuth2.Client.UI" version="0.25.0-draft1" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OAuth2.ClientAuthorization" version="0.25.0-draft1" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OAuth2.Core" version="0.25.0-draft1" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OAuth2.ResourceServer" version="0.25.0-draft1" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OpenId.Core" version="4.1.0.12182" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OpenId.Core.UI" version="4.1.0.12182" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OpenId.Provider" version="4.1.0.12182" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OpenId.Provider.UI" version="4.1.0.12182" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OpenId.RelyingParty" version="4.1.0.12182" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OpenId.RelyingParty.UI" version="4.1.0.12182" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OpenIdInfoCard.UI" version="4.1.0.12182" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OpenIdOAuth" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.Core" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.Core.UI" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.InfoCard" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.InfoCard.UI" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth.Common" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth.Consumer" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth.Core" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth.ServiceProvider" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth2.AuthorizationServer" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth2.Client" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth2.Client.UI" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth2.ClientAuthorization" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth2.Core" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth2.ResourceServer" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.Core" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.Core.UI" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.Provider" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.Provider.UI" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.RelyingParty" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.RelyingParty.UI" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenIdInfoCard.UI" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenIdOAuth" version="4.3.1.13153" targetFramework="net40" />
   <package id="log4net" version="2.0.0" targetFramework="net40" />
+  <package id="Microsoft.Bcl" version="1.1.3" targetFramework="net40" />
+  <package id="Microsoft.Bcl.Build" version="1.0.8" targetFramework="net40" />
+  <package id="Microsoft.Net.Http" version="2.2.13" targetFramework="net40" />
 </packages>
 \ No newline at end of file
diff --git a/src/OAuth/OAuthConsumer/OAuthConsumer.csproj b/src/OAuth/OAuthConsumer/OAuthConsumer.csproj
index 7dc33e9..4491539 100644
--- a/src/OAuth/OAuthConsumer/OAuthConsumer.csproj
+++ b/src/OAuth/OAuthConsumer/OAuthConsumer.csproj
@@ -50,35 +50,45 @@
     <DefineConstants>$(DefineConstants);SAMPLESONLY</DefineConstants>
   </PropertyGroup>
   <ItemGroup>
-    <Reference Include="DotNetOpenAuth.Core, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.Core.4.1.0.12182\lib\net40-full\DotNetOpenAuth.Core.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.Core, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.Core.4.3.1.13153\lib\net40-full\DotNetOpenAuth.Core.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OAuth, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth.Core.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OAuth.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OAuth, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth.Core.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OAuth.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OAuth.Common, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth.Common.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OAuth.Common.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OAuth.Common, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth.Common.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OAuth.Common.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OAuth.Consumer, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth.Consumer.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OAuth.Consumer.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OAuth.Consumer, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth.Consumer.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OAuth.Consumer.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OAuth.ServiceProvider, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth.ServiceProvider.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OAuth.ServiceProvider.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OAuth.ServiceProvider, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth.ServiceProvider.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OAuth.ServiceProvider.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OAuth2, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.Core.0.25.0-draft1\lib\net40-full\DotNetOpenAuth.OAuth2.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OAuth2, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.Core.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OAuth2.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OAuth2.Client, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.Client.0.25.0-draft1\lib\net40-full\DotNetOpenAuth.OAuth2.Client.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OAuth2.Client, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.Client.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OAuth2.Client.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OAuth2.ClientAuthorization, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.ClientAuthorization.0.25.0-draft1\lib\net40-full\DotNetOpenAuth.OAuth2.ClientAuthorization.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OAuth2.ClientAuthorization, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.ClientAuthorization.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OAuth2.ClientAuthorization.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OpenId, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Core.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OpenId, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Core.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OpenId.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OpenIdOAuth, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenIdOAuth.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenIdOAuth.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OpenIdOAuth, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenIdOAuth.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OpenIdOAuth.dll</HintPath>
     </Reference>
     <Reference Include="log4net">
       <HintPath>..\..\..\packages\log4net.2.0.0\lib\net40-full\log4net.dll</HintPath>
@@ -86,9 +96,34 @@
     <Reference Include="System" />
     <Reference Include="System.Data" />
     <Reference Include="System.Data.DataSetExtensions" />
+    <Reference Include="System.IO">
+      <HintPath>..\..\..\packages\Microsoft.Bcl.1.1.3\lib\net40\System.IO.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Net.Http, Version=2.2.13.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\Microsoft.Net.Http.2.2.13\lib\net40\System.Net.Http.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Net.Http.Extensions, Version=2.2.13.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\Microsoft.Net.Http.2.2.13\lib\net40\System.Net.Http.Extensions.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Net.Http.Primitives, Version=2.2.13.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\Microsoft.Net.Http.2.2.13\lib\net40\System.Net.Http.Primitives.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Net.Http.WebRequest, Version=2.2.13.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\Microsoft.Net.Http.2.2.13\lib\net40\System.Net.Http.WebRequest.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Runtime">
+      <HintPath>..\..\..\packages\Microsoft.Bcl.1.1.3\lib\net40\System.Runtime.dll</HintPath>
+    </Reference>
     <Reference Include="System.Runtime.Serialization" />
     <Reference Include="System.ServiceModel" />
     <Reference Include="System.Drawing" />
+    <Reference Include="System.Threading.Tasks">
+      <HintPath>..\..\..\packages\Microsoft.Bcl.1.1.3\lib\net40\System.Threading.Tasks.dll</HintPath>
+    </Reference>
     <Reference Include="System.Web" />
     <Reference Include="System.Web.ApplicationServices" />
     <Reference Include="System.Web.Extensions" />
@@ -238,4 +273,5 @@
   </ProjectExtensions>
   <Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildProjectDirectory), EnlistmentInfo.targets))\EnlistmentInfo.targets" Condition=" '$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildProjectDirectory), EnlistmentInfo.targets))' != '' " />
   <Import Project="$(SolutionDir)\.nuget\nuget.targets" />
+  <Import Project="..\..\..\packages\Microsoft.Bcl.Build.1.0.8\tools\Microsoft.Bcl.Build.targets" />
 </Project>
 \ No newline at end of file
diff --git a/src/OAuth/OAuthConsumer/Web.config b/src/OAuth/OAuthConsumer/Web.config
index 09458df..d38976c 100644
--- a/src/OAuth/OAuthConsumer/Web.config
+++ b/src/OAuth/OAuthConsumer/Web.config
@@ -2,43 +2,15 @@
 <configuration>
   <configSections>
     <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler" requirePermission="false" />
-    <sectionGroup name="dotNetOpenAuth" type="DotNetOpenAuth.Configuration.DotNetOpenAuthSection, DotNetOpenAuth.Core">
-      <section name="oauth" type="DotNetOpenAuth.Configuration.OAuthElement, DotNetOpenAuth.OAuth" requirePermission="false" allowLocation="true" />
-      <section name="messaging" type="DotNetOpenAuth.Configuration.MessagingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" />
-      <section name="reporting" type="DotNetOpenAuth.Configuration.ReportingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" />
-      <section name="openid" type="DotNetOpenAuth.Configuration.OpenIdElement, DotNetOpenAuth.OpenId" requirePermission="false" allowLocation="true" />
-    </sectionGroup>
-  </configSections>
+    
+  <sectionGroup name="dotNetOpenAuth" type="DotNetOpenAuth.Configuration.DotNetOpenAuthSection, DotNetOpenAuth.Core"><section name="messaging" type="DotNetOpenAuth.Configuration.MessagingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" /><section name="reporting" type="DotNetOpenAuth.Configuration.ReportingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" /><section name="oauth" type="DotNetOpenAuth.Configuration.OAuthElement, DotNetOpenAuth.OAuth" requirePermission="false" allowLocation="true" /><section name="openid" type="DotNetOpenAuth.Configuration.OpenIdElement, DotNetOpenAuth.OpenId" requirePermission="false" allowLocation="true" /></sectionGroup></configSections>
   <!-- The uri section is necessary to turn on .NET 3.5 support for IDN (international domain names),
        which is necessary for OpenID urls with unicode characters in the domain/host name. 
        It is also required to put the Uri class into RFC 3986 escaping mode, which OpenID and OAuth require. -->
-  <uri>
-    <idn enabled="All" />
-    <iriParsing enabled="true" />
-  </uri>
-  <system.net>
-    <defaultProxy enabled="true" />
-    <settings>
-      <!-- This setting causes .NET to check certificate revocation lists (CRL) 
-			     before trusting HTTPS certificates.  But this setting tends to not 
-			     be allowed in shared hosting environments. -->
-      <!--<servicePointManager checkCertificateRevocationList="true"/>-->
-    </settings>
-  </system.net>
+  
+  
   <!-- this is an optional configuration section where aspects of dotnetopenauth can be customized -->
-  <dotNetOpenAuth>
-    <!-- Allow DotNetOpenAuth to publish usage statistics to library authors to improve the library. -->
-    <reporting enabled="true" />
-    <messaging>
-      <untrustedWebRequest>
-        <whitelistHosts>
-          <!-- Uncomment to enable communication with localhost (should generally not activate in production!) -->
-          <!--<add name="localhost" />-->
-        </whitelistHosts>
-      </untrustedWebRequest>
-    </messaging>
-    <openid></openid>
-  </dotNetOpenAuth>
+  
   <appSettings>
     <!-- Fill in your various consumer keys and secrets here to make the sample work. -->
     <!-- You must get these values by signing up with each individual service provider. -->
@@ -131,7 +103,49 @@
     <modules runAllManagedModulesForAllRequests="true" />
   </system.webServer>
   <runtime>
-    <!-- This prevents the Windows Event Log from frequently logging that HMAC1 is being used (when the other party needs it). -->
-    <legacyHMACWarning enabled="0" />
-  </runtime>
-</configuration>
-\ No newline at end of file
+    
+    
+    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
+      <dependentAssembly>
+        <assemblyIdentity name="DotNetOpenAuth.OAuth2" publicKeyToken="2780ccd10d57b246" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-4.1.0.0" newVersion="4.1.0.0" />
+      </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="DotNetOpenAuth.Core" publicKeyToken="2780ccd10d57b246" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-4.1.0.0" newVersion="4.1.0.0" />
+      </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="DotNetOpenAuth.OAuth2.ClientAuthorization" publicKeyToken="2780ccd10d57b246" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-4.1.0.0" newVersion="4.1.0.0" />
+      </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="System.Net.Http" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-2.2.13.0" newVersion="2.2.13.0" />
+      </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="DotNetOpenAuth.OAuth2.Client" publicKeyToken="2780ccd10d57b246" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-4.1.0.0" newVersion="4.1.0.0" />
+      </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="DotNetOpenAuth.OAuth.Common" publicKeyToken="2780ccd10d57b246" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-4.1.0.0" newVersion="4.1.0.0" />
+      </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="DotNetOpenAuth.OpenId" publicKeyToken="2780ccd10d57b246" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-4.1.0.0" newVersion="4.1.0.0" />
+      </dependentAssembly>
+    </assemblyBinding>
+  <!-- This prevents the Windows Event Log from frequently logging that HMAC1 is being used (when the other party needs it). --><legacyHMACWarning enabled="0" /><!-- When targeting ASP.NET MVC 3, this assemblyBinding makes MVC 1 and 2 references relink
+		     to MVC 3 so libraries such as DotNetOpenAuth that compile against MVC 1 will work with it.
+		<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
+			<dependentAssembly>
+				<assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
+				<bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
+			</dependentAssembly>
+		</assemblyBinding>
+		 --></runtime>
+<system.net><defaultProxy enabled="true" /><settings><!-- This setting causes .NET to check certificate revocation lists (CRL) 
+			     before trusting HTTPS certificates.  But this setting tends to not 
+			     be allowed in shared hosting environments. --><!--<servicePointManager checkCertificateRevocationList="true"/>--></settings></system.net><dotNetOpenAuth><messaging><untrustedWebRequest><whitelistHosts><!-- Uncomment to enable communication with localhost (should generally not activate in production!) --><!--<add name="localhost" />--></whitelistHosts></untrustedWebRequest></messaging><!-- Allow DotNetOpenAuth to publish usage statistics to library authors to improve the library. --><reporting enabled="true" /><!-- This is an optional configuration section where aspects of dotnetopenauth can be customized. --><!-- For a complete set of configuration options see http://www.dotnetopenauth.net/developers/code-snippets/configuration-options/ --><openid></openid></dotNetOpenAuth><uri><!-- The uri section is necessary to turn on .NET 3.5 support for IDN (international domain names),
+		     which is necessary for OpenID urls with unicode characters in the domain/host name.
+		     It is also required to put the Uri class into RFC 3986 escaping mode, which OpenID and OAuth require. --><idn enabled="All" /><iriParsing enabled="true" /></uri></configuration>
+\ No newline at end of file
diff --git a/src/OAuth/OAuthConsumer/packages.config b/src/OAuth/OAuthConsumer/packages.config
index 704c1fe..61fc7bf 100644
--- a/src/OAuth/OAuthConsumer/packages.config
+++ b/src/OAuth/OAuthConsumer/packages.config
@@ -1,15 +1,17 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
-  <package id="CodeContracts.Unofficial" version="1.0.0.2" targetFramework="net40" />
-  <package id="DotNetOpenAuth.Core" version="4.1.0.12182" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OAuth.Common" version="4.1.0.12182" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OAuth.Consumer" version="4.1.0.12182" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OAuth.Core" version="4.1.0.12182" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OAuth.ServiceProvider" version="4.1.0.12182" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OAuth2.Client" version="0.25.0-draft1" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OAuth2.ClientAuthorization" version="0.25.0-draft1" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OAuth2.Core" version="0.25.0-draft1" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OpenId.Core" version="4.1.0.12182" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OpenIdOAuth" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.Core" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth.Common" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth.Consumer" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth.Core" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth.ServiceProvider" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth2.Client" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth2.ClientAuthorization" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth2.Core" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.Core" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenIdOAuth" version="4.3.1.13153" targetFramework="net40" />
   <package id="log4net" version="2.0.0" targetFramework="net40" />
+  <package id="Microsoft.Bcl" version="1.1.3" targetFramework="net40" />
+  <package id="Microsoft.Bcl.Build" version="1.0.8" targetFramework="net40" />
+  <package id="Microsoft.Net.Http" version="2.2.13" targetFramework="net40" />
 </packages>
 \ No newline at end of file
diff --git a/src/OAuth/OAuthConsumerWpf/App.config b/src/OAuth/OAuthConsumerWpf/App.config
index 36085ab..1410be3 100644
--- a/src/OAuth/OAuthConsumerWpf/App.config
+++ b/src/OAuth/OAuthConsumerWpf/App.config
@@ -69,31 +69,20 @@
   <system.serviceModel>
     <bindings>
       <wsHttpBinding>
-				<binding name="WSHttpBinding_IDataApi" closeTimeout="00:01:00"
-				         openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
-				         bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
-				         maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
-				         messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
-				         allowCookies="false">
-					<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
-					              maxBytesPerRead="4096" maxNameTableCharCount="16384" />
-					<reliableSession ordered="true" inactivityTimeout="00:10:00"
-					                 enabled="false" />
+				<binding name="WSHttpBinding_IDataApi" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
+					<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
+					<reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" />
           <security mode="Message">
-						<transport clientCredentialType="Windows" proxyCredentialType="None"
-						           realm="">
+						<transport clientCredentialType="Windows" proxyCredentialType="None" realm="">
               <extendedProtectionPolicy policyEnforcement="Never" />
             </transport>
-						<message clientCredentialType="Windows" negotiateServiceCredential="true"
-						         algorithmSuite="Default" establishSecurityContext="true" />
+						<message clientCredentialType="Windows" negotiateServiceCredential="true" algorithmSuite="Default" establishSecurityContext="true" />
           </security>
         </binding>
       </wsHttpBinding>
     </bindings>
     <client>
-			<endpoint address="http://localhost:65169/DataApi.svc"
-			          binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IDataApi"
-			          contract="WcfSampleService.IDataApi" name="WSHttpBinding_IDataApi">
+			<endpoint address="http://localhost:65169/DataApi.svc" binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IDataApi" contract="WcfSampleService.IDataApi" name="WSHttpBinding_IDataApi">
         <identity>
           <dns value="localhost" />
         </identity>
@@ -103,4 +92,28 @@
   <startup>
     <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0" />
   </startup>
+  <runtime>
+    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
+      <dependentAssembly>
+        <assemblyIdentity name="System.Net.Http" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-2.2.13.0" newVersion="2.2.13.0" />
+      </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="DotNetOpenAuth.Core" publicKeyToken="2780ccd10d57b246" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-4.1.0.0" newVersion="4.1.0.0" />
+      </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="DotNetOpenAuth.OAuth" publicKeyToken="2780ccd10d57b246" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-4.1.0.0" newVersion="4.1.0.0" />
+      </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="DotNetOpenAuth.OAuth.Common" publicKeyToken="2780ccd10d57b246" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-4.1.0.0" newVersion="4.1.0.0" />
+      </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="DotNetOpenAuth.OAuth.Consumer" publicKeyToken="2780ccd10d57b246" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-4.1.0.0" newVersion="4.1.0.0" />
+      </dependentAssembly>
+    </assemblyBinding>
+  </runtime>
 </configuration>
 \ No newline at end of file
diff --git a/src/OAuth/OAuthConsumerWpf/OAuthConsumerWpf.csproj b/src/OAuth/OAuthConsumerWpf/OAuthConsumerWpf.csproj
index c318fcb..0919384 100644
--- a/src/OAuth/OAuthConsumerWpf/OAuthConsumerWpf.csproj
+++ b/src/OAuth/OAuthConsumerWpf/OAuthConsumerWpf.csproj
@@ -70,34 +70,34 @@
   </PropertyGroup>
   <ItemGroup>
     <Reference Include="DotNetOpenAuth.Core">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.Core.4.1.0.12182\lib\net40-full\DotNetOpenAuth.Core.dll</HintPath>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.Core.4.3.1.13153\lib\net40-full\DotNetOpenAuth.Core.dll</HintPath>
     </Reference>
     <Reference Include="DotNetOpenAuth.OAuth">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth.Core.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OAuth.dll</HintPath>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth.Core.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OAuth.dll</HintPath>
     </Reference>
     <Reference Include="DotNetOpenAuth.OAuth.Common">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth.Common.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OAuth.Common.dll</HintPath>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth.Common.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OAuth.Common.dll</HintPath>
     </Reference>
     <Reference Include="DotNetOpenAuth.OAuth.Consumer">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth.Consumer.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OAuth.Consumer.dll</HintPath>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth.Consumer.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OAuth.Consumer.dll</HintPath>
     </Reference>
     <Reference Include="DotNetOpenAuth.OAuth2">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.Core.0.25.0-draft1\lib\net40-full\DotNetOpenAuth.OAuth2.dll</HintPath>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.Core.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OAuth2.dll</HintPath>
     </Reference>
     <Reference Include="DotNetOpenAuth.OAuth2.AuthorizationServer">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.AuthorizationServer.0.25.0-draft1\lib\net40-full\DotNetOpenAuth.OAuth2.AuthorizationServer.dll</HintPath>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.AuthorizationServer.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OAuth2.AuthorizationServer.dll</HintPath>
     </Reference>
     <Reference Include="DotNetOpenAuth.OAuth2.Client">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.Client.0.25.0-draft1\lib\net40-full\DotNetOpenAuth.OAuth2.Client.dll</HintPath>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.Client.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OAuth2.Client.dll</HintPath>
     </Reference>
     <Reference Include="DotNetOpenAuth.OAuth2.Client.UI">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.Client.UI.0.25.0-draft1\lib\net40-full\DotNetOpenAuth.OAuth2.Client.UI.dll</HintPath>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.Client.UI.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OAuth2.Client.UI.dll</HintPath>
     </Reference>
     <Reference Include="DotNetOpenAuth.OAuth2.ClientAuthorization">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.ClientAuthorization.0.25.0-draft1\lib\net40-full\DotNetOpenAuth.OAuth2.ClientAuthorization.dll</HintPath>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.ClientAuthorization.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OAuth2.ClientAuthorization.dll</HintPath>
     </Reference>
     <Reference Include="DotNetOpenAuth.OAuth2.ResourceServer">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.ResourceServer.0.25.0-draft1\lib\net40-full\DotNetOpenAuth.OAuth2.ResourceServer.dll</HintPath>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.ResourceServer.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OAuth2.ResourceServer.dll</HintPath>
     </Reference>
     <Reference Include="log4net">
       <HintPath>..\..\..\packages\log4net.2.0.0\lib\net40-full\log4net.dll</HintPath>
@@ -110,12 +110,35 @@
     <Reference Include="System.Core">
       <RequiredTargetFramework>3.5</RequiredTargetFramework>
     </Reference>
+    <Reference Include="System.IO">
+      <HintPath>..\..\..\packages\Microsoft.Bcl.1.1.3\lib\net40\System.IO.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Net.Http, Version=2.2.13.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\Microsoft.Net.Http.2.2.13\lib\net40\System.Net.Http.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Net.Http.Extensions">
+      <HintPath>..\..\..\packages\Microsoft.Net.Http.2.2.13\lib\net40\System.Net.Http.Extensions.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Net.Http.Primitives">
+      <HintPath>..\..\..\packages\Microsoft.Net.Http.2.2.13\lib\net40\System.Net.Http.Primitives.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Net.Http.WebRequest, Version=2.2.13.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\Microsoft.Net.Http.2.2.13\lib\net40\System.Net.Http.WebRequest.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Runtime">
+      <HintPath>..\..\..\packages\Microsoft.Bcl.1.1.3\lib\net40\System.Runtime.dll</HintPath>
+    </Reference>
     <Reference Include="System.Runtime.Serialization">
       <RequiredTargetFramework>3.0</RequiredTargetFramework>
     </Reference>
     <Reference Include="System.ServiceModel">
       <RequiredTargetFramework>3.0</RequiredTargetFramework>
     </Reference>
+    <Reference Include="System.Threading.Tasks">
+      <HintPath>..\..\..\packages\Microsoft.Bcl.1.1.3\lib\net40\System.Threading.Tasks.dll</HintPath>
+    </Reference>
     <Reference Include="System.Web" />
     <Reference Include="System.Xml.Linq">
       <RequiredTargetFramework>3.5</RequiredTargetFramework>
@@ -271,4 +294,5 @@
   -->
   <Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildProjectDirectory), EnlistmentInfo.targets))\EnlistmentInfo.targets" Condition=" '$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildProjectDirectory), EnlistmentInfo.targets))' != '' " />
   <Import Project="$(SolutionDir)\.nuget\nuget.targets" />
+  <Import Project="..\..\..\packages\Microsoft.Bcl.Build.1.0.8\tools\Microsoft.Bcl.Build.targets" />
 </Project>
 \ No newline at end of file
diff --git a/src/OAuth/OAuthConsumerWpf/packages.config b/src/OAuth/OAuthConsumerWpf/packages.config
index 6c94766..45b180f 100644
--- a/src/OAuth/OAuthConsumerWpf/packages.config
+++ b/src/OAuth/OAuthConsumerWpf/packages.config
@@ -1,15 +1,17 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
-  <package id="CodeContracts.Unofficial" version="1.0.0.2" targetFramework="net40" />
-  <package id="DotNetOpenAuth.Core" version="4.1.0.12182" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OAuth.Common" version="4.1.0.12182" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OAuth.Consumer" version="4.1.0.12182" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OAuth.Core" version="4.1.0.12182" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OAuth2.AuthorizationServer" version="0.25.0-draft1" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OAuth2.Client" version="0.25.0-draft1" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OAuth2.Client.UI" version="0.25.0-draft1" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OAuth2.ClientAuthorization" version="0.25.0-draft1" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OAuth2.Core" version="0.25.0-draft1" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OAuth2.ResourceServer" version="0.25.0-draft1" targetFramework="net40" />
+  <package id="DotNetOpenAuth.Core" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth.Common" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth.Consumer" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth.Core" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth2.AuthorizationServer" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth2.Client" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth2.Client.UI" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth2.ClientAuthorization" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth2.Core" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth2.ResourceServer" version="4.3.1.13153" targetFramework="net40" />
   <package id="log4net" version="2.0.0" targetFramework="net40" />
+  <package id="Microsoft.Bcl" version="1.1.3" targetFramework="net40" />
+  <package id="Microsoft.Bcl.Build" version="1.0.8" targetFramework="net40" />
+  <package id="Microsoft.Net.Http" version="2.2.13" targetFramework="net40" />
 </packages>
 \ No newline at end of file
diff --git a/src/OAuth/OAuthResourceServer/OAuthResourceServer.csproj b/src/OAuth/OAuthResourceServer/OAuthResourceServer.csproj
index 80de421..1ed1df6 100644
--- a/src/OAuth/OAuthResourceServer/OAuthResourceServer.csproj
+++ b/src/OAuth/OAuthResourceServer/OAuthResourceServer.csproj
@@ -47,17 +47,21 @@
     <WarningLevel>4</WarningLevel>
   </PropertyGroup>
   <ItemGroup>
-    <Reference Include="DotNetOpenAuth.Core">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.Core.4.1.0.12182\lib\net40-full\DotNetOpenAuth.Core.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.Core, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.Core.4.3.1.13153\lib\net40-full\DotNetOpenAuth.Core.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OAuth.Common">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth.Common.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OAuth.Common.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OAuth.Common, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth.Common.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OAuth.Common.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OAuth2">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.Core.0.25.0-draft1\lib\net40-full\DotNetOpenAuth.OAuth2.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OAuth2, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.Core.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OAuth2.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OAuth2.ResourceServer">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.ResourceServer.0.25.0-draft1\lib\net40-full\DotNetOpenAuth.OAuth2.ResourceServer.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OAuth2.ResourceServer, Version=4.3.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.ResourceServer.4.3.1.13153\lib\net40-full\DotNetOpenAuth.OAuth2.ResourceServer.dll</HintPath>
     </Reference>
     <Reference Include="log4net">
       <HintPath>..\..\..\packages\log4net.2.0.0\lib\net40-full\log4net.dll</HintPath>
@@ -67,8 +71,31 @@
     <Reference Include="System.Data.DataSetExtensions" />
     <Reference Include="System.Data.Linq" />
     <Reference Include="System.IdentityModel" />
+    <Reference Include="System.IO">
+      <HintPath>..\..\..\packages\Microsoft.Bcl.1.1.3\lib\net40\System.IO.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Net.Http, Version=2.2.13.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\Microsoft.Net.Http.2.2.13\lib\net40\System.Net.Http.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Net.Http.Extensions">
+      <HintPath>..\..\..\packages\Microsoft.Net.Http.2.2.13\lib\net40\System.Net.Http.Extensions.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Net.Http.Primitives">
+      <HintPath>..\..\..\packages\Microsoft.Net.Http.2.2.13\lib\net40\System.Net.Http.Primitives.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Net.Http.WebRequest, Version=2.2.13.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\Microsoft.Net.Http.2.2.13\lib\net40\System.Net.Http.WebRequest.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Runtime">
+      <HintPath>..\..\..\packages\Microsoft.Bcl.1.1.3\lib\net40\System.Runtime.dll</HintPath>
+    </Reference>
     <Reference Include="System.ServiceModel" />
     <Reference Include="System.ServiceModel.Web" />
+    <Reference Include="System.Threading.Tasks">
+      <HintPath>..\..\..\packages\Microsoft.Bcl.1.1.3\lib\net40\System.Threading.Tasks.dll</HintPath>
+    </Reference>
     <Reference Include="System.Web.Abstractions" />
     <Reference Include="System.Web.ApplicationServices" />
     <Reference Include="System.Web.DynamicData" />
@@ -163,4 +190,5 @@
   -->
   <Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildProjectDirectory), EnlistmentInfo.targets))\EnlistmentInfo.targets" Condition=" '$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildProjectDirectory), EnlistmentInfo.targets))' != '' " />
   <Import Project="$(SolutionDir)\.nuget\nuget.targets" />
+  <Import Project="..\..\..\packages\Microsoft.Bcl.Build.1.0.8\tools\Microsoft.Bcl.Build.targets" />
 </Project>
 \ No newline at end of file
diff --git a/src/OAuth/OAuthResourceServer/Web.config b/src/OAuth/OAuthResourceServer/Web.config
index 74b01eb..bc9f2e8 100644
--- a/src/OAuth/OAuthResourceServer/Web.config
+++ b/src/OAuth/OAuthResourceServer/Web.config
@@ -5,9 +5,9 @@
     <sectionGroup name="dotNetOpenAuth" type="DotNetOpenAuth.Configuration.DotNetOpenAuthSection, DotNetOpenAuth.Core">
       <section name="openid" type="DotNetOpenAuth.Configuration.OpenIdElement, DotNetOpenAuth.OpenId" requirePermission="false" allowLocation="true" />
       <section name="oauth" type="DotNetOpenAuth.Configuration.OAuthElement, DotNetOpenAuth.OAuth" requirePermission="false" allowLocation="true" />
-      <section name="messaging" type="DotNetOpenAuth.Configuration.MessagingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" />
-      <section name="reporting" type="DotNetOpenAuth.Configuration.ReportingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" />
-    </sectionGroup>
+      
+      
+    <section name="messaging" type="DotNetOpenAuth.Configuration.MessagingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" /><section name="reporting" type="DotNetOpenAuth.Configuration.ReportingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" /></sectionGroup>
   </configSections>
   <!-- The uri section is necessary to turn on .NET 3.5 support for IDN (international domain names),
        which is necessary for OpenID urls with unicode characters in the domain/host name. 
@@ -16,29 +16,16 @@
     <idn enabled="All" />
     <iriParsing enabled="true" />
   </uri>
-  <system.net>
-    <defaultProxy enabled="true" />
-    <settings>
-      <!-- This setting causes .NET to check certificate revocation lists (CRL) 
-			     before trusting HTTPS certificates.  But this setting tends to not 
-			     be allowed in shared hosting environments. -->
-      <!--<servicePointManager checkCertificateRevocationList="true"/>-->
-    </settings>
-  </system.net>
+  
   <!-- this is an optional configuration section where aspects of dotnetopenauth can be customized -->
   <dotNetOpenAuth>
-    <!-- Allow DotNetOpenAuth to publish usage statistics to library authors to improve the library. -->
-    <reporting enabled="true" />
+    
+    
     <!-- Relaxing SSL requirements is useful for simple samples, but NOT a good idea in production. -->
     <messaging relaxSslRequirements="true">
-      <untrustedWebRequest>
-        <whitelistHosts>
-          <!-- Uncomment to enable communication with localhost (should generally not activate in production!) -->
-          <!--<add name="localhost" />-->
-        </whitelistHosts>
-      </untrustedWebRequest>
-    </messaging>
-  </dotNetOpenAuth>
+      
+    <untrustedWebRequest><whitelistHosts><!-- Uncomment to enable communication with localhost (should generally not activate in production!) --><!--<add name="localhost" />--></whitelistHosts></untrustedWebRequest></messaging>
+  <!-- Allow DotNetOpenAuth to publish usage statistics to library authors to improve the library. --><reporting enabled="true" /></dotNetOpenAuth>
   <appSettings />
   <connectionStrings>
     <add name="DatabaseConnectionString" connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True;User Instance=True" providerName="System.Data.SqlClient" />
@@ -112,8 +99,14 @@
   <system.webServer>
     <modules runAllManagedModulesForAllRequests="true" />
   </system.webServer>
-  <runtime>
-    <!-- This prevents the Windows Event Log from frequently logging that HMAC1 is being used (when the other party needs it). -->
-    <legacyHMACWarning enabled="0" />
-  </runtime>
-</configuration>
-\ No newline at end of file
+  
+<system.net><defaultProxy enabled="true" /><settings><!-- This setting causes .NET to check certificate revocation lists (CRL) 
+			     before trusting HTTPS certificates.  But this setting tends to not 
+			     be allowed in shared hosting environments. --><!--<servicePointManager checkCertificateRevocationList="true"/>--></settings></system.net><runtime><!-- This prevents the Windows Event Log from frequently logging that HMAC1 is being used (when the other party needs it). --><legacyHMACWarning enabled="0" />
+  <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
+   <dependentAssembly>
+    <assemblyIdentity name="System.Net.Http" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
+    <bindingRedirect oldVersion="0.0.0.0-2.2.13.0" newVersion="2.2.13.0" />
+   </dependentAssembly>
+  </assemblyBinding>
+</runtime></configuration>
+\ No newline at end of file
diff --git a/src/OAuth/OAuthResourceServer/packages.config b/src/OAuth/OAuthResourceServer/packages.config
index 4e51419..6ac5369 100644
--- a/src/OAuth/OAuthResourceServer/packages.config
+++ b/src/OAuth/OAuthResourceServer/packages.config
@@ -1,9 +1,11 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
-  <package id="CodeContracts.Unofficial" version="1.0.0.2" targetFramework="net40" />
-  <package id="DotNetOpenAuth.Core" version="4.1.0.12182" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OAuth.Common" version="4.1.0.12182" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OAuth2.Core" version="0.25.0-draft1" targetFramework="net40" />
-  <package id="DotNetOpenAuth.OAuth2.ResourceServer" version="0.25.0-draft1" targetFramework="net40" />
+  <package id="DotNetOpenAuth.Core" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth.Common" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth2.Core" version="4.3.1.13153" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth2.ResourceServer" version="4.3.1.13153" targetFramework="net40" />
   <package id="log4net" version="2.0.0" targetFramework="net40" />
+  <package id="Microsoft.Bcl" version="1.1.3" targetFramework="net40" />
+  <package id="Microsoft.Bcl.Build" version="1.0.8" targetFramework="net40" />
+  <package id="Microsoft.Net.Http" version="2.2.13" targetFramework="net40" />
 </packages>
 \ No newline at end of file