Changed the public API for OAuth 2.0 scope from a space-delimited string to a HashSet<string>

6 files changed, 12 insertions, 14 deletions

diff --git a/projecttemplates/MvcRelyingParty/Controllers/AccountController.cs b/projecttemplates/MvcRelyingParty/Controllers/AccountController.cs
index 8e35f37..864a38e 100644
--- a/projecttemplates/MvcRelyingParty/Controllers/AccountController.cs
+++ b/projecttemplates/MvcRelyingParty/Controllers/AccountController.cs
@@ -79,9 +79,9 @@
 			IDirectedProtocolMessage response;
 			if (isApproved) {
 				Database.LoggedInUser.ClientAuthorizations.Add(
-					new ClientAuthorization {
+					new ClientAuthorization() {
 						Client = requestingClient,
-						Scope = pendingRequest.Scope,
+						Scope = string.Join(" ", pendingRequest.Scope.ToArray()),
 						User = Database.LoggedInUser,
 						CreatedOnUtc = DateTime.UtcNow.CutToSecond(),
 					});
diff --git a/projecttemplates/MvcRelyingParty/Models/AccountAuthorizeModel.cs b/projecttemplates/MvcRelyingParty/Models/AccountAuthorizeModel.cs
index 7cedabd..97c96f0 100644
--- a/projecttemplates/MvcRelyingParty/Models/AccountAuthorizeModel.cs
+++ b/projecttemplates/MvcRelyingParty/Models/AccountAuthorizeModel.cs
@@ -7,6 +7,6 @@
 	public class AccountAuthorizeModel {
 		public string ClientApp { get; set; }
 
-		public string Scope { get; set; }
+		public HashSet<string> Scope { get; set; }
 	}
 }
diff --git a/projecttemplates/MvcRelyingParty/Views/Account/Authorize.aspx b/projecttemplates/MvcRelyingParty/Views/Account/Authorize.aspx
index 4130a45..da2676e 100644
--- a/projecttemplates/MvcRelyingParty/Views/Account/Authorize.aspx
+++ b/projecttemplates/MvcRelyingParty/Views/Account/Authorize.aspx
@@ -18,7 +18,7 @@
 	</p>
 	<p>
 		<b>Requested access: </b>
-		<%= Html.Encode(Model.Scope) %>
+		<%= Html.Encode(String.Join(" ", Model.Scope.ToArray())) %>
 	</p>
 	<p>
 		If you grant access now, you can revoke it at any time by returning to
diff --git a/projecttemplates/RelyingPartyLogic/OAuthAuthorizationServer.cs b/projecttemplates/RelyingPartyLogic/OAuthAuthorizationServer.cs
index 2b207f9..3dafa0a 100644
--- a/projecttemplates/RelyingPartyLogic/OAuthAuthorizationServer.cs
+++ b/projecttemplates/RelyingPartyLogic/OAuthAuthorizationServer.cs
@@ -145,11 +145,8 @@ namespace RelyingPartyLogic {
 			return false;
 		}
 
-		private bool IsAuthorizationValid(string requestedScope, string clientIdentifier, DateTime issuedUtc, string username)
+		private bool IsAuthorizationValid(HashSet<string> requestedScopes, string clientIdentifier, DateTime issuedUtc, string username)
 		{
-			var stringCompare = StringComparer.Ordinal;
-			var requestedScopes = OAuthUtilities.BreakUpScopes(requestedScope, stringCompare);
-
 			var grantedScopeStrings = from auth in Database.DataContext.ClientAuthorizations
 									  where
 										auth.Client.ClientIdentifier == clientIdentifier &&
@@ -165,9 +162,9 @@ namespace RelyingPartyLogic {
 				return false;
 			}
 
-			var grantedScopes = new HashSet<string>(stringCompare);
+			var grantedScopes = new HashSet<string>(OAuthUtilities.ScopeStringComparer);
 			foreach (string scope in grantedScopeStrings) {
-				grantedScopes.UnionWith(OAuthUtilities.BreakUpScopes(scope, stringCompare));
+				grantedScopes.UnionWith(OAuthUtilities.SplitScopes(scope));
 			}
 
 			return requestedScopes.IsSubsetOf(grantedScopes);
diff --git a/projecttemplates/RelyingPartyLogic/SpecialAccessTokenAnalyzer.cs b/projecttemplates/RelyingPartyLogic/SpecialAccessTokenAnalyzer.cs
index f189433..d4a7e49 100644
--- a/projecttemplates/RelyingPartyLogic/SpecialAccessTokenAnalyzer.cs
+++ b/projecttemplates/RelyingPartyLogic/SpecialAccessTokenAnalyzer.cs
@@ -23,11 +23,11 @@ namespace RelyingPartyLogic {
 			: base(authorizationServerPublicSigningKey, resourceServerPrivateEncryptionKey) {
 		}
 
-		public override bool TryValidateAccessToken(DotNetOpenAuth.Messaging.IDirectedProtocolMessage message, string accessToken, out string user, out string scope) {
+		public override bool TryValidateAccessToken(DotNetOpenAuth.Messaging.IDirectedProtocolMessage message, string accessToken, out string user, out HashSet<string> scope) {
 			bool result = base.TryValidateAccessToken(message, accessToken, out user, out scope);
 			if (result) {
 				// Ensure that clients coming in this way always belong to the oauth_client role.
-				scope += " " + "oauth_client";
+				scope.Add("oauth_client");
 			}
 
 			return result;
diff --git a/projecttemplates/WebFormsRelyingParty/Members/OAuthAuthorize.aspx.cs b/projecttemplates/WebFormsRelyingParty/Members/OAuthAuthorize.aspx.cs
index 2a95b89..05a5f52 100644
--- a/projecttemplates/WebFormsRelyingParty/Members/OAuthAuthorize.aspx.cs
+++ b/projecttemplates/WebFormsRelyingParty/Members/OAuthAuthorize.aspx.cs
@@ -16,6 +16,7 @@ namespace WebFormsRelyingParty.Members {
 	using DotNetOpenAuth.Messaging;
 	using DotNetOpenAuth.OAuth;
 	using DotNetOpenAuth.OAuth.Messages;
+	using DotNetOpenAuth.OAuth2;
 	using DotNetOpenAuth.OAuth2.Messages;
 	using RelyingPartyLogic;
 
@@ -37,7 +38,7 @@ namespace WebFormsRelyingParty.Members {
 				this.csrfCheck.Value = Code.SiteUtilities.SetCsrfCookie();
 				var requestingClient = Database.DataContext.Clients.First(c => c.ClientIdentifier == this.pendingRequest.ClientIdentifier);
 				this.consumerNameLabel.Text = HttpUtility.HtmlEncode(requestingClient.Name);
-				this.scopeLabel.Text = HttpUtility.HtmlEncode(this.pendingRequest.Scope);
+				this.scopeLabel.Text = HttpUtility.HtmlEncode(OAuthUtilities.JoinScopes(this.pendingRequest.Scope));
 
 				// Consider auto-approving if safe to do so.
 				if (((OAuthAuthorizationServer)OAuthServiceProvider.AuthorizationServer.AuthorizationServer).CanBeAutoApproved(this.pendingRequest)) {
@@ -53,7 +54,7 @@ namespace WebFormsRelyingParty.Members {
 			Database.LoggedInUser.ClientAuthorizations.Add(
 				new ClientAuthorization {
 					Client = requestingClient,
-					Scope = this.pendingRequest.Scope,
+					Scope = OAuthUtilities.JoinScopes(this.pendingRequest.Scope),
 					User = Database.LoggedInUser,
 					CreatedOnUtc = DateTime.UtcNow.CutToSecond(),
 				});