Removes trivial nonce store implementation from WebAPI sample.

1 files changed, 5 insertions, 4 deletions

diff --git a/samples/OAuth2ProtectedWebApi/Code/AuthorizationServerHost.cs b/samples/OAuth2ProtectedWebApi/Code/AuthorizationServerHost.cs
index 73c5864..3149923 100644
--- a/samples/OAuth2ProtectedWebApi/Code/AuthorizationServerHost.cs
+++ b/samples/OAuth2ProtectedWebApi/Code/AuthorizationServerHost.cs
@@ -12,14 +12,15 @@
 	public class AuthorizationServerHost : IAuthorizationServerHost {
 		private static ICryptoKeyStore cryptoKeyStore = MemoryCryptoKeyStore.Instance;
 
-		private static INonceStore nonceStore = new MemoryNonceStore();
-
 		public ICryptoKeyStore CryptoKeyStore {
 			get { return cryptoKeyStore; }
 		}
 
 		public INonceStore NonceStore {
-			get { return nonceStore; }
+			get {
+				// Implementing a nonce store is a good idea as it mitigates replay attacks.
+				return null;
+			}
 		}
 
 		public AccessTokenResult CreateAccessToken(IAccessTokenRequest accessTokenRequestMessage) {
@@ -31,7 +32,7 @@
 		}
 
 		public IClientDescription GetClient(string clientIdentifier) {
-			return new ClientDescription("zzz", new Uri("http://www.microsoft.com/en-us/default.aspx"), ClientType.Confidential);
+			return new ClientDescription("b", new Uri("http://www.microsoft.com/en-us/default.aspx"), ClientType.Confidential);
 		}
 
 		public bool IsAuthorizationValid(IAuthorizationDescription authorization) {