Special handling for client credential grant type

Access token requests that carry client credential grants are now
specially handled and signal to the authorization server that an
authorization record should be created.

More work toward #138

1 files changed, 13 insertions, 0 deletions

diff --git a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs
index e6ca2f3..80b843a 100644
--- a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs
+++ b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs
@@ -138,6 +138,19 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements {
 				}
 
 				applied = true;
+			} else if (clientCredentialOnly != null) {
+				try {
+					if (!this.AuthorizationServer.TryAuthorizeClientCredentialsGrant(clientCredentialOnly)) {
+						Logger.OAuth.ErrorFormat(
+							"Client credentials grant access request for client \"{0}\" rejected by authorization server host.",
+							clientCredentialOnly.ClientIdentifier);
+						throw new TokenEndpointProtocolException(accessTokenRequest, Protocol.AccessTokenRequestErrorCodes.UnauthorizedClient);
+					}
+				} catch (NotSupportedException) {
+					throw new TokenEndpointProtocolException(accessTokenRequest, Protocol.AccessTokenRequestErrorCodes.UnsupportedGrantType);
+				} catch (NotImplementedException) {
+					throw new TokenEndpointProtocolException(accessTokenRequest, Protocol.AccessTokenRequestErrorCodes.UnsupportedGrantType);
+				}
 			} else {
 				// Check that authorization requests come with an acceptable callback URI.
 				var authorizationRequest = message as EndUserAuthorizationRequest;