diff options
| author | Andrew Arnott <andrewarnott@gmail.com> | 2010-08-01 07:37:21 -0700 |
|---|---|---|
| committer | Andrew Arnott <andrewarnott@gmail.com> | 2010-08-01 08:58:43 -0700 |
| commit | 222762e7b5d664f3e86683a55be6ea84710efc69 (patch) | |
| tree | a37153096500bb86d4f8fbea4045f3cce93dfbc7 /samples/OAuthAuthorizationServer/Controllers/OAuthController.cs | |
| parent | e7743dd039bab3788e682833368ca5a376b22354 (diff) | |
| download | DotNetOpenAuth-222762e7b5d664f3e86683a55be6ea84710efc69.zip DotNetOpenAuth-222762e7b5d664f3e86683a55be6ea84710efc69.tar.gz DotNetOpenAuth-222762e7b5d664f3e86683a55be6ea84710efc69.tar.bz2 | |
Some user-notification enhancements to the OAuth 2 samples.
Diffstat (limited to 'samples/OAuthAuthorizationServer/Controllers/OAuthController.cs')
| -rw-r--r-- | samples/OAuthAuthorizationServer/Controllers/OAuthController.cs | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/samples/OAuthAuthorizationServer/Controllers/OAuthController.cs b/samples/OAuthAuthorizationServer/Controllers/OAuthController.cs index 98fac04..0eb7c83 100644 --- a/samples/OAuthAuthorizationServer/Controllers/OAuthController.cs +++ b/samples/OAuthAuthorizationServer/Controllers/OAuthController.cs @@ -40,7 +40,18 @@ public ActionResult Token() { var request = this.authorizationServer.ReadAccessTokenRequest(); if (request != null) { - var response = this.authorizationServer.PrepareAccessTokenResponse(request, ResourceServerEncryptionPublicKey); + // Just for the sake of the sample, we use a short-lived token. This can be useful to mitigate the security risks + // of access tokens that are used over standard HTTP. + // But this is just the lifetime of the access token. The client can still renew it using their refresh token until + // the authorization itself expires. + TimeSpan accessTokenLifetime = TimeSpan.FromMinutes(2); + + // Also take into account the remaining life of the authorization and artificially shorten the access token's lifetime + // to account for that if necessary. + // TODO: code here + + // Prepare the refresh and access tokens. + var response = this.authorizationServer.PrepareAccessTokenResponse(request, ResourceServerEncryptionPublicKey, accessTokenLifetime); return this.authorizationServer.Channel.PrepareResponse(response).AsActionResult(); } @@ -80,6 +91,9 @@ IDirectedProtocolMessage response; if (isApproved) { + // The authorization we file in our database lasts until the user explicitly revokes it. + // You can cause the authorization to expire by setting the ExpirationDateUTC + // property in the below created ClientAuthorization. var client = MvcApplication.DataContext.Clients.First(c => c.ClientIdentifier == pendingRequest.ClientIdentifier); client.ClientAuthorizations.Add( new ClientAuthorization { |