diff options
| author | Andrew Arnott <andrewarnott@gmail.com> | 2012-03-18 09:16:12 -0700 |
|---|---|---|
| committer | Andrew Arnott <andrewarnott@gmail.com> | 2012-03-18 09:16:12 -0700 |
| commit | 4c55a4fd9b245779d52cb1bf983fa219fee8370e (patch) | |
| tree | e6833d2190a914f31eaac98be5b071fffc9e1c67 /src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/AccessRequestBindingElement.cs | |
| parent | 813aa291f25a1216e0e1f9ee998d21c00c798ba3 (diff) | |
| download | DotNetOpenAuth-4c55a4fd9b245779d52cb1bf983fa219fee8370e.zip DotNetOpenAuth-4c55a4fd9b245779d52cb1bf983fa219fee8370e.tar.gz DotNetOpenAuth-4c55a4fd9b245779d52cb1bf983fa219fee8370e.tar.bz2 | |
A little binding element cleanup.
Diffstat (limited to 'src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/AccessRequestBindingElement.cs')
| -rw-r--r-- | src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/AccessRequestBindingElement.cs | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/AccessRequestBindingElement.cs b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/AccessRequestBindingElement.cs index 0533527..639e4f5 100644 --- a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/AccessRequestBindingElement.cs +++ b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/AccessRequestBindingElement.cs @@ -18,7 +18,7 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { using DotNetOpenAuth.OAuth2.Messages; /// <summary> - /// Decodes authorization codes, refresh tokens and access tokens on incoming messages. + /// Decodes authorization codes and refresh tokens on incoming messages. /// </summary> /// <remarks> /// This binding element also ensures that the code/token coming in is issued to @@ -109,6 +109,15 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { [SuppressMessage("Microsoft.Naming", "CA2204:Literals should be spelled correctly", MessageId = "authorizationexpired", Justification = "Protocol requirement")] [SuppressMessage("Microsoft.Globalization", "CA1303:Do not pass literals as localized parameters", MessageId = "DotNetOpenAuth.Messaging.ErrorUtilities.VerifyProtocol(System.Boolean,System.String,System.Object[])", Justification = "Protocol requirement")] public override MessageProtections? ProcessIncomingMessage(IProtocolMessage message) { + var authenticatedClientRequest = message as AuthenticatedClientRequestBase; + if (authenticatedClientRequest != null) { + // Check that the client secret is correct. + var client = this.AuthorizationServer.GetClientOrThrow(authenticatedClientRequest.ClientIdentifier); + string secret = client.Secret; + ErrorUtilities.VerifyProtocol(!string.IsNullOrEmpty(secret), Protocol.unauthorized_client); // an empty secret is not allowed for client authenticated calls. + ErrorUtilities.VerifyProtocol(MessagingUtilities.EqualsConstantTime(secret, authenticatedClientRequest.ClientSecret), Protocol.incorrect_client_credentials); + } + var tokenRequest = message as IAuthorizationCarryingRequest; if (tokenRequest != null) { try { @@ -158,12 +167,6 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { // Make sure the client sending us this token is the client we issued the token to. ErrorUtilities.VerifyProtocol(string.Equals(accessRequest.ClientIdentifier, tokenRequest.AuthorizationDescription.ClientIdentifier, StringComparison.Ordinal), Protocol.incorrect_client_credentials); - // Check that the client secret is correct. - var client = this.AuthorizationServer.GetClientOrThrow(accessRequest.ClientIdentifier); - string secret = client.Secret; - ErrorUtilities.VerifyProtocol(!string.IsNullOrEmpty(secret), Protocol.unauthorized_client); // an empty secret is not allowed for client authenticated calls. - ErrorUtilities.VerifyProtocol(MessagingUtilities.EqualsConstantTime(secret, accessRequest.ClientSecret), Protocol.incorrect_client_credentials); - var scopedAccessRequest = accessRequest as ScopedAccessTokenRequest; if (scopedAccessRequest != null) { // Make sure the scope the client is requesting does not exceed the scope in the grant. |