Split the OAuthServiceProvider sample into two samples: OAuthAuthorizationServer and OAuthResourceServer.

Renamed OAuthConsumer to OAuthClient.

1 files changed, 102 insertions, 0 deletions

diff --git a/samples/OAuthAuthorizationServer/Controllers/OAuthController.cs b/samples/OAuthAuthorizationServer/Controllers/OAuthController.cs
new file mode 100644
index 0000000..1c1aeb5
--- /dev/null
+++ b/samples/OAuthAuthorizationServer/Controllers/OAuthController.cs
@@ -0,0 +1,102 @@
+namespace OAuthAuthorizationServer.Controllers {
+	using System;
+	using System.Collections.Generic;
+	using System.Linq;
+	using System.Net;
+	using System.Security.Cryptography;
+	using System.Web;
+	using System.Web.Mvc;
+
+	using DotNetOpenAuth.Messaging;
+	using DotNetOpenAuth.OAuth2;
+
+	using OAuthAuthorizationServer.Code;
+	using OAuthAuthorizationServer.Models;
+
+	public class OAuthController : Controller {
+		private readonly AuthorizationServer authorizationServer = new AuthorizationServer(new OAuth2AuthorizationServer());
+
+#if SAMPLESONLY
+		/// <summary>
+		/// This is the FOR SAMPLE ONLY hard-coded public key of the complementary OAuthResourceServer sample.
+		/// </summary>
+		/// <remarks>
+		/// In a real app, the authorization server would need to determine which resource server the access token needs to be encoded for
+		/// based on the authorization request.  It would then need to look up the public key for that resource server and use that in 
+		/// preparing the access token for the client to use against that resource server.
+		/// </remarks>
+		private static readonly RSAParameters ResourceServerEncryptionPublicKey = new RSAParameters {
+			Exponent = new byte[] { 1, 0, 1 },
+			Modulus = new byte[] { 166, 175, 117, 169, 211, 251, 45, 215, 55, 53, 202, 65, 153, 155, 92, 219, 235, 243, 61, 170, 101, 250, 221, 214, 239, 175, 238, 175, 239, 20, 144, 72, 227, 221, 4, 219, 32, 225, 101, 96, 18, 33, 117, 176, 110, 123, 109, 23, 29, 85, 93, 50, 129, 163, 113, 57, 122, 212, 141, 145, 17, 31, 67, 165, 181, 91, 117, 23, 138, 251, 198, 132, 188, 213, 10, 157, 116, 229, 48, 168, 8, 127, 28, 156, 239, 124, 117, 36, 232, 100, 222, 23, 52, 186, 239, 5, 63, 207, 185, 16, 137, 73, 137, 147, 252, 71, 9, 239, 113, 27, 88, 255, 91, 56, 192, 142, 210, 21, 34, 81, 204, 239, 57, 60, 140, 249, 15, 101 },
+		};
+#else
+		[Obsolete("You must use a real key for a real app.", true)]
+		private static readonly RSAParameters ResourceServerEncryptionPublicKey = new RSAParameters();
+#endif
+
+		/// <summary>
+		/// The OAuth 2.0 token endpoint.
+		/// </summary>
+		public ActionResult Token() {
+			var request = this.authorizationServer.ReadAccessTokenRequest();
+			if (request != null) {
+				var response = this.authorizationServer.PrepareAccessTokenResponse(request, ResourceServerEncryptionPublicKey);
+				return this.authorizationServer.Channel.PrepareResponse(response).AsActionResult();
+			}
+
+			throw new HttpException((int)HttpStatusCode.BadRequest, "Missing OAuth 2.0 request message.");
+		}
+
+		[Authorize, AcceptVerbs(HttpVerbs.Get | HttpVerbs.Post)]
+		public ActionResult Authorize() {
+			var pendingRequest = this.authorizationServer.ReadAuthorizationRequest();
+			if (pendingRequest == null) {
+				throw new HttpException((int)HttpStatusCode.BadRequest, "Missing authorization request.");
+			}
+
+			var requestingClient = MvcApplication.DataContext.Clients.First(c => c.ClientIdentifier == pendingRequest.ClientIdentifier);
+
+			// Consider auto-approving if safe to do so.
+			if (((OAuth2AuthorizationServer)this.authorizationServer.AuthorizationServerServices).CanBeAutoApproved(pendingRequest)) {
+				var approval = this.authorizationServer.PrepareApproveAuthorizationRequest(pendingRequest, HttpContext.User.Identity.Name);
+				return this.authorizationServer.Channel.PrepareResponse(approval).AsActionResult();
+			}
+
+			var model = new AccountAuthorizeModel {
+				ClientApp = requestingClient.Name,
+				Scope = pendingRequest.Scope,
+				AuthorizationRequest = pendingRequest,
+			};
+
+			return View(model);
+		}
+
+		[Authorize, HttpPost, ValidateAntiForgeryToken]
+		public ActionResult AuthorizeResponse(bool isApproved) {
+			var getRequest = new HttpRequestInfo("GET", this.Request.Url, this.Request.RawUrl, new WebHeaderCollection(), null);
+			var pendingRequest = authorizationServer.ReadAuthorizationRequest(getRequest);
+			if (pendingRequest == null) {
+				throw new HttpException((int)HttpStatusCode.BadRequest, "Missing authorization request.");
+			}
+
+			IDirectedProtocolMessage response;
+			if (isApproved) {
+				var client = MvcApplication.DataContext.Clients.First(c => c.ClientIdentifier == pendingRequest.ClientIdentifier);
+				client.ClientAuthorizations.Add(
+					new ClientAuthorization {
+						Scope = OAuthUtilities.JoinScopes(pendingRequest.Scope),
+						User = MvcApplication.LoggedInUser,
+						CreatedOnUtc = DateTime.UtcNow,
+					});
+
+				// In this simple sample, the user either agrees to the entire scope requested by the client or none of it.  
+				// But in a real app, you could grant a reduced scope of access to the client by passing a scope parameter to this method.
+				response = authorizationServer.PrepareApproveAuthorizationRequest(pendingRequest, User.Identity.Name);
+			} else {
+				response = authorizationServer.PrepareRejectAuthorizationRequest(pendingRequest);
+			}
+
+			return authorizationServer.Channel.PrepareResponse(response).AsActionResult();
+		}
+	}
+}