OAuth 2.0 web flow now works, client, auth server, and resource server, in the sample!

Yay.
author: Andrew Arnott <andrewarnott@gmail.com> 2010-06-02 22:39:46 -0700
committer: Andrew Arnott <andrewarnott@gmail.com> 2010-06-02 22:39:46 -0700
commit: ccbec1badf616062cf9cb102ae4a0b2d835610b0 (patch)
tree: 11037cf8c3edbbd444bdccfc2efe6dad82027bd6 /samples/OAuthServiceProvider/Code
parent: 9db9a3768ce97f565ff01ca355be295d9775c4ef (diff)
download: DotNetOpenAuth-ccbec1badf616062cf9cb102ae4a0b2d835610b0.zip
DotNetOpenAuth-ccbec1badf616062cf9cb102ae4a0b2d835610b0.tar.gz
DotNetOpenAuth-ccbec1badf616062cf9cb102ae4a0b2d835610b0.tar.bz2
2 files changed, 42 insertions, 13 deletions
diff --git a/samples/OAuthServiceProvider/Code/OAuth2AuthorizationServer.cs b/samples/OAuthServiceProvider/Code/OAuth2AuthorizationServer.cs
index ed70a15..75778f5 100644
--- a/samples/OAuthServiceProvider/Code/OAuth2AuthorizationServer.cs
+++ b/samples/OAuthServiceProvider/Code/OAuth2AuthorizationServer.cs
@@ -13,7 +13,7 @@
 	internal class OAuth2AuthorizationServer : IAuthorizationServer {
 		private static readonly byte[] secret;
 
-		private static readonly RSAParameters asymmetricKey;
+		internal static readonly RSAParameters asymmetricKey;
 
 		private readonly INonceStore nonceStore = new DatabaseNonceStore();
 
diff --git a/samples/OAuthServiceProvider/Code/OAuthAuthorizationManager.cs b/samples/OAuthServiceProvider/Code/OAuthAuthorizationManager.cs
index b12e85a..a48288a 100644
--- a/samples/OAuthServiceProvider/Code/OAuthAuthorizationManager.cs
+++ b/samples/OAuthServiceProvider/Code/OAuthAuthorizationManager.cs
@@ -9,6 +9,8 @@
 	using System.ServiceModel.Security;
 	using DotNetOpenAuth;
 	using DotNetOpenAuth.OAuth;
+	using DotNetOpenAuth.OAuthWrap;
+	using DotNetOpenAuth.OAuth.ChannelElements;
 
 	/// <summary>
 	/// A WCF extension to authenticate incoming messages using OAuth.
@@ -24,13 +26,10 @@
 
 			HttpRequestMessageProperty httpDetails = operationContext.RequestContext.RequestMessage.Properties[HttpRequestMessageProperty.Name] as HttpRequestMessageProperty;
 			Uri requestUri = operationContext.RequestContext.RequestMessage.Properties["OriginalHttpRequestUri"] as Uri;
-			ServiceProvider sp = Constants.CreateServiceProvider();
-			try {
-				var auth = sp.ReadProtectedResourceAuthorization(httpDetails, requestUri);
-				if (auth != null) {
-					var accessToken = Global.DataContext.OAuthTokens.Single(token => token.Token == auth.AccessToken);
 
-					var principal = sp.CreatePrincipal(auth);
+			try {
+				var principal = VerifyOAuth2(httpDetails, requestUri);
+				if (principal != null) {
 					var policy = new OAuthPrincipalAuthorizationPolicy(principal);
 					var policies = new List<IAuthorizationPolicy> {
 						policy,
@@ -46,14 +45,13 @@
 					}
 
 					securityContext.AuthorizationContext.Properties["Identities"] = new List<IIdentity> {
-					principal.Identity,
-				};
+						principal.Identity,
+					};
 
 					// Only allow this method call if the access token scope permits it.
-					string[] scopes = accessToken.Scope.Split('|');
-					if (scopes.Contains(operationContext.IncomingMessageHeaders.Action)) {
-						return true;
-					}
+					return principal.IsInRole(operationContext.IncomingMessageHeaders.Action);
+				} else {
+					return false;
 				}
 			} catch (ProtocolException ex) {
 				Global.Logger.Error("Error processing OAuth messages.", ex);
@@ -61,5 +59,36 @@
 
 			return false;
 		}
+
+		private OAuthPrincipal VerifyOAuth1(HttpRequestMessageProperty httpDetails, Uri requestUri) {
+			ServiceProvider sp = Constants.CreateServiceProvider();
+			var auth = sp.ReadProtectedResourceAuthorization(httpDetails, requestUri);
+			if (auth != null) {
+				var accessToken = Global.DataContext.OAuthTokens.Single(token => token.Token == auth.AccessToken);
+				var principal = sp.CreatePrincipal(auth);
+				return principal;
+			}
+
+			return null;
+		}
+
+		private OAuthPrincipal VerifyOAuth2(HttpRequestMessageProperty httpDetails, Uri requestUri) {
+			// for this sample where the auth server and resource server are the same site,
+			// we use the same public/private key.
+			var resourceServer = new ResourceServer(
+				new StandardAccessTokenAnalyzer(
+					OAuth2AuthorizationServer.asymmetricKey,
+					OAuth2AuthorizationServer.asymmetricKey));
+
+			string username, scope;
+			var error = resourceServer.VerifyAccess(new DotNetOpenAuth.Messaging.HttpRequestInfo(httpDetails, requestUri), out username, out scope);
+			if (error == null) {
+				string[] scopes = scope.Split(new char[] { ' ' });
+				var principal = new OAuthPrincipal(username, scopes);
+				return principal;
+			} else {
+				return null;
+			}
+		}
 	}
 }
 \ No newline at end of file
author	Andrew Arnott <andrewarnott@gmail.com>	2010-06-02 22:39:46 -0700
committer	Andrew Arnott <andrewarnott@gmail.com>	2010-06-02 22:39:46 -0700
commit	ccbec1badf616062cf9cb102ae4a0b2d835610b0 (patch)
tree	11037cf8c3edbbd444bdccfc2efe6dad82027bd6 /samples/OAuthServiceProvider/Code
parent	9db9a3768ce97f565ff01ca355be295d9775c4ef (diff)
download	DotNetOpenAuth-ccbec1badf616062cf9cb102ae4a0b2d835610b0.zip DotNetOpenAuth-ccbec1badf616062cf9cb102ae4a0b2d835610b0.tar.gz DotNetOpenAuth-ccbec1badf616062cf9cb102ae4a0b2d835610b0.tar.bz2