summaryrefslogtreecommitdiffstats
path: root/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements
diff options
context:
space:
mode:
authorAndrew Arnott <andrewarnott@gmail.com>2012-05-29 18:00:36 -0700
committerAndrew Arnott <andrewarnott@gmail.com>2012-05-29 18:00:36 -0700
commit1c0bac40d9f9a8daf01e9b762d7aaceb94aa670a (patch)
tree668ce6724fa1101c300cfb0960c2e1e895d0edbf /src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements
parent7f61a61f4e9073af1f62f15f08e8f0893bffee5e (diff)
downloadDotNetOpenAuth-1c0bac40d9f9a8daf01e9b762d7aaceb94aa670a.zip
DotNetOpenAuth-1c0bac40d9f9a8daf01e9b762d7aaceb94aa670a.tar.gz
DotNetOpenAuth-1c0bac40d9f9a8daf01e9b762d7aaceb94aa670a.tar.bz2
Special handling for client credential grant type
Access token requests that carry client credential grants are now specially handled and signal to the authorization server that an authorization record should be created. More work toward #138
Diffstat (limited to 'src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements')
-rw-r--r--src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs13
1 files changed, 13 insertions, 0 deletions
diff --git a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs
index e6ca2f3..80b843a 100644
--- a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs
+++ b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs
@@ -138,6 +138,19 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements {
}
applied = true;
+ } else if (clientCredentialOnly != null) {
+ try {
+ if (!this.AuthorizationServer.TryAuthorizeClientCredentialsGrant(clientCredentialOnly)) {
+ Logger.OAuth.ErrorFormat(
+ "Client credentials grant access request for client \"{0}\" rejected by authorization server host.",
+ clientCredentialOnly.ClientIdentifier);
+ throw new TokenEndpointProtocolException(accessTokenRequest, Protocol.AccessTokenRequestErrorCodes.UnauthorizedClient);
+ }
+ } catch (NotSupportedException) {
+ throw new TokenEndpointProtocolException(accessTokenRequest, Protocol.AccessTokenRequestErrorCodes.UnsupportedGrantType);
+ } catch (NotImplementedException) {
+ throw new TokenEndpointProtocolException(accessTokenRequest, Protocol.AccessTokenRequestErrorCodes.UnsupportedGrantType);
+ }
} else {
// Check that authorization requests come with an acceptable callback URI.
var authorizationRequest = message as EndUserAuthorizationRequest;