Fixes up user rejection cases.

5 files changed, 52 insertions, 48 deletions

diff --git a/samples/OAuth2ProtectedWebApi/Controllers/UserController.cs b/samples/OAuth2ProtectedWebApi/Controllers/UserController.cs
index 3e673c5..e627dc2 100644
--- a/samples/OAuth2ProtectedWebApi/Controllers/UserController.cs
+++ b/samples/OAuth2ProtectedWebApi/Controllers/UserController.cs
@@ -34,10 +34,13 @@
 			var authRequest = await authServer.ReadAuthorizationRequestAsync(new Uri(request));
 			IProtocolMessage responseMessage;
 			if (approval) {
-				responseMessage = authServer.PrepareApproveAuthorizationRequest(
+				var grantedResponse = authServer.PrepareApproveAuthorizationRequest(
 					authRequest, this.User.Identity.Name, authRequest.Scope);
+				responseMessage = grantedResponse;
 			} else {
-				responseMessage = authServer.PrepareRejectAuthorizationRequest(authRequest);
+				var rejectionResponse = authServer.PrepareRejectAuthorizationRequest(authRequest);
+				rejectionResponse.Error = Protocol.EndUserAuthorizationRequestErrorCodes.AccessDenied;
+				responseMessage = rejectionResponse;
 			}
 
 			var response = await authServer.Channel.PrepareResponseAsync(responseMessage);
diff --git a/samples/OAuth2ProtectedWebApi/Views/User/Authorize.cshtml b/samples/OAuth2ProtectedWebApi/Views/User/Authorize.cshtml
index 0664741..930788e 100644
--- a/samples/OAuth2ProtectedWebApi/Views/User/Authorize.cshtml
+++ b/samples/OAuth2ProtectedWebApi/Views/User/Authorize.cshtml
@@ -8,6 +8,7 @@
 @using (Html.BeginForm("Respond", "User", FormMethod.Post)) {
 	@AntiForgery.GetHtml()
 	@Html.Hidden("request", this.ViewData["request"])
+	<p>Are you sure you want to allow the client to access your data, with this scope: <b>@string.Join(" ", (IEnumerable<string>)ViewData["Scope"])</b></p>
 	<input type="submit" name="approval" value="true" />
 	<input type="submit" name="approval" value="false" />
 }
\ No newline at end of file
diff --git a/samples/OAuthConsumerWpf/Authorize2.xaml.cs b/samples/OAuthConsumerWpf/Authorize2.xaml.cs
index 829d323..71d76a8 100644
--- a/samples/OAuthConsumerWpf/Authorize2.xaml.cs
+++ b/samples/OAuthConsumerWpf/Authorize2.xaml.cs
@@ -36,7 +36,7 @@
 		}
 
 		private void clientAuthorizationView_Completed(object sender, ClientAuthorizationCompleteEventArgs e) {
-			this.DialogResult = e.Authorization != null;
+			this.DialogResult = e.Authorization != null && e.Authorization.AccessToken != null;
 			this.Close();
 		}
 	}
diff --git a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/EndUserAuthorizationFailedResponse.cs b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/EndUserAuthorizationFailedResponse.cs
index cb1c5d4..cb9a974 100644
--- a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/EndUserAuthorizationFailedResponse.cs
+++ b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/EndUserAuthorizationFailedResponse.cs
@@ -40,7 +40,7 @@ namespace DotNetOpenAuth.OAuth2.Messages {
 		}
 
 		/// <summary>
-		/// Gets or sets the error.
+		/// Gets or sets the error. Usually one of <see cref="Protocol.EndUserAuthorizationRequestErrorCodes"/>
 		/// </summary>
 		/// <value>
 		/// One of the values given in <see cref="Protocol.EndUserAuthorizationRequestErrorCodes"/>.
diff --git a/src/DotNetOpenAuth.OAuth2/OAuth2/Protocol.cs b/src/DotNetOpenAuth.OAuth2/OAuth2/Protocol.cs
index d780a81..93cbd93 100644
--- a/src/DotNetOpenAuth.OAuth2/OAuth2/Protocol.cs
+++ b/src/DotNetOpenAuth.OAuth2/OAuth2/Protocol.cs
@@ -22,7 +22,7 @@ namespace DotNetOpenAuth.OAuth2 {
 	/// <summary>
 	/// Protocol constants for OAuth 2.0.
 	/// </summary>
-	internal class Protocol {
+	public class Protocol {
 		/// <summary>
 		/// The HTTP authorization scheme "Bearer";
 		/// </summary>
@@ -135,7 +135,7 @@ namespace DotNetOpenAuth.OAuth2 {
 		/// <summary>
 		/// The "error_uri" string.
 		/// </summary>
-		public const string error_uri = "error_uri";
+		internal const string error_uri = "error_uri";
 
 		/// <summary>
 		/// The "error_description" string.
@@ -169,7 +169,7 @@ namespace DotNetOpenAuth.OAuth2 {
 		/// </summary>
 		/// <param name="version">The OAuth version to get.</param>
 		/// <returns>A matching <see cref="Protocol"/> instance.</returns>
-		public static Protocol Lookup(ProtocolVersion version) {
+		internal static Protocol Lookup(ProtocolVersion version) {
 			switch (version) {
 				case ProtocolVersion.V20: return Protocol.V20;
 				default: throw new ArgumentOutOfRangeException("version");
@@ -177,6 +177,47 @@ namespace DotNetOpenAuth.OAuth2 {
 		}
 
 		/// <summary>
+		/// Error codes that an authorization server can return to a client in response to a malformed or unsupported end user authorization request.
+		/// </summary>
+		public static class EndUserAuthorizationRequestErrorCodes
+		{
+			/// <summary>
+			/// The request is missing a required parameter, includes an unknown parameter or parameter value, or is otherwise malformed.
+			/// </summary>
+			public const string InvalidRequest = "invalid_request";
+
+			/// <summary>
+			/// The client is not authorized to use the requested response type.
+			/// </summary>
+			public const string UnauthorizedClient = "unauthorized_client";
+
+			/// <summary>
+			/// The end-user or authorization server denied the request.
+			/// </summary>
+			public const string AccessDenied = "access_denied";
+
+			/// <summary>
+			/// The requested response type is not supported by the authorization server.
+			/// </summary>
+			public const string UnsupportedResponseType = "unsupported_response_type";
+
+			/// <summary>
+			/// The requested scope is invalid, unknown, or malformed.
+			/// </summary>
+			public const string InvalidScope = "invalid_scope";
+
+			/// <summary>
+			/// The authorization server encountered an unexpected condition which prevented it from fulfilling the request.
+			/// </summary>
+			public const string ServerError = "server_error";
+
+			/// <summary>
+			/// The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server.
+			/// </summary>
+			public const string TemporarilyUnavailable = "temporarily_unavailable";
+		}
+
+		/// <summary>
 		/// Values for the "response_type" parameter.
 		/// </summary>
 		internal static class ResponseTypes
@@ -248,47 +289,6 @@ namespace DotNetOpenAuth.OAuth2 {
 		}
 
 		/// <summary>
-		/// Error codes that an authorization server can return to a client in response to a malformed or unsupported end user authorization request.
-		/// </summary>
-		internal static class EndUserAuthorizationRequestErrorCodes
-		{
-			/// <summary>
-			/// The request is missing a required parameter, includes an unknown parameter or parameter value, or is otherwise malformed.
-			/// </summary>
-			internal const string InvalidRequest = "invalid_request";
-
-			/// <summary>
-			/// The client is not authorized to use the requested response type.
-			/// </summary>
-			internal const string UnauthorizedClient = "unauthorized_client";
-
-			/// <summary>
-			/// The end-user or authorization server denied the request.
-			/// </summary>
-			internal const string AccessDenied = "access_denied";
-
-			/// <summary>
-			/// The requested response type is not supported by the authorization server.
-			/// </summary>
-			internal const string UnsupportedResponseType = "unsupported_response_type";
-
-			/// <summary>
-			/// The requested scope is invalid, unknown, or malformed.
-			/// </summary>
-			internal const string InvalidScope = "invalid_scope";
-
-			/// <summary>
-			/// The authorization server encountered an unexpected condition which prevented it from fulfilling the request.
-			/// </summary>
-			internal const string ServerError = "server_error";
-
-			/// <summary>
-			/// The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server.
-			/// </summary>
-			internal const string TemporarilyUnavailable = "temporarily_unavailable";
-		}
-
-		/// <summary>
 		/// Recognized access token types.
 		/// </summary>
 		internal static class AccessTokenTypes {