AccessToken is now a public class.

Resource Servers can now handle access tokens that are issued for a client's data (not a 3rd party resource owner's).
Client Identifiers are no longer included in access tokens for unauthenticated clients.

More work needed on IAccessTokenAnalyzer and the access token formatter.  We need to generalize the serialization itself so folks can use JWT, etc.
We also still need access token to have a host-defined map of claims.

Fixes #104
Fixes #102

1 files changed, 6 insertions, 7 deletions

diff --git a/projecttemplates/RelyingPartyLogic/SpecialAccessTokenAnalyzer.cs b/projecttemplates/RelyingPartyLogic/SpecialAccessTokenAnalyzer.cs
index 69788ab..e8b00b5 100644
--- a/projecttemplates/RelyingPartyLogic/SpecialAccessTokenAnalyzer.cs
+++ b/projecttemplates/RelyingPartyLogic/SpecialAccessTokenAnalyzer.cs
@@ -23,14 +23,13 @@ namespace RelyingPartyLogic {
 			: base(authorizationServerPublicSigningKey, resourceServerPrivateEncryptionKey) {
 		}
 
-		public override bool TryValidateAccessToken(DotNetOpenAuth.Messaging.IDirectedProtocolMessage message, string accessToken, out string user, out HashSet<string> scope) {
-			bool result = base.TryValidateAccessToken(message, accessToken, out user, out scope);
-			if (result) {
-				// Ensure that clients coming in this way always belong to the oauth_client role.
-				scope.Add("oauth_client");
-			}
+		public override AccessToken DeserializeAccessToken(DotNetOpenAuth.Messaging.IDirectedProtocolMessage message, string accessToken) {
+			var token = base.DeserializeAccessToken(message, accessToken);
 
-			return result;
+			// Ensure that clients coming in this way always belong to the oauth_client role.
+			token.Scope.Add("oauth_client");
+
+			return token;
 		}
 	}
 }