Authorization servers can override the granted scopes for all grant types.

This change adds the ability for authorization servers to override the granted scopes of client credential and resource owner password grant types. Fixes #225
author: Andrew Arnott <andrewarnott@gmail.com> 2012-10-30 22:00:35 -0700
committer: Andrew Arnott <andrewarnott@gmail.com> 2012-10-30 22:00:35 -0700
commit: fa0da3ffda98965e984d81564debd8bd4ee26961 (patch)
tree: b8774d6114a6c62cb808cd989946ff6da1f9a8da /src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/IAuthorizationServerHost.cs
parent: 07c0de18759d4e290435986ad7efd8cc114439b4 (diff)
download: DotNetOpenAuth-fa0da3ffda98965e984d81564debd8bd4ee26961.zip
DotNetOpenAuth-fa0da3ffda98965e984d81564debd8bd4ee26961.tar.gz
DotNetOpenAuth-fa0da3ffda98965e984d81564debd8bd4ee26961.tar.bz2
1 files changed, 16 insertions, 30 deletions
diff --git a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/IAuthorizationServerHost.cs b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/IAuthorizationServerHost.cs
index b75cb29..b9b5725 100644
--- a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/IAuthorizationServerHost.cs
+++ b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/IAuthorizationServerHost.cs
@@ -91,17 +91,11 @@ namespace DotNetOpenAuth.OAuth2 {
 		/// The access request the credentials came with.
 		/// This may be useful if the authorization server wishes to apply some policy based on the client that is making the request.
 		/// </param>
-		/// <param name="canonicalUserName">
-		/// Receives the canonical username (normalized for the resource server) of the user, for valid credentials;
-		/// Or <c>null</c> if the return value is false.
-		/// </param>
-		/// <returns>
-		///   <c>true</c> if the given credentials are valid and the authorization granted; otherwise, <c>false</c>.
-		/// </returns>
+		/// <returns>A value that describes the result of the authorization check.</returns>
 		/// <exception cref="NotSupportedException">
 		/// May be thrown if the authorization server does not support the resource owner password credential grant type.
 		/// </exception>
-		bool TryAuthorizeResourceOwnerCredentialGrant(string userName, string password, IAccessTokenRequest accessRequest, out string canonicalUserName);
+		AutomatedUserAuthorizationCheckResponse CheckAuthorizeResourceOwnerCredentialGrant(string userName, string password, IAccessTokenRequest accessRequest);
 
 		/// <summary>
 		/// Determines whether an access token request given a client credential grant should be authorized
@@ -112,17 +106,15 @@ namespace DotNetOpenAuth.OAuth2 {
 		/// The access request the credentials came with.
 		/// This may be useful if the authorization server wishes to apply some policy based on the client that is making the request.
 		/// </param>
-		/// <returns>
-		///   <c>true</c> if the given credentials are valid and the authorization granted; otherwise, <c>false</c>.
-		/// </returns>
+		/// <returns>A value that describes the result of the authorization check.</returns>
 		/// <exception cref="NotSupportedException">
 		/// May be thrown if the authorization server does not support the client credential grant type.
 		/// </exception>
-		bool TryAuthorizeClientCredentialsGrant(IAccessTokenRequest accessRequest);
+		AutomatedAuthorizationCheckResponse CheckAuthorizeClientCredentialsGrant(IAccessTokenRequest accessRequest);
 	}
 
 	/// <summary>
-	/// Code Contract for the <see cref="IAuthorizationServerHost"/> interface.
+	/// Code Contract for the <see cref="IAuthorizationServerHost" /> interface.
 	/// </summary>
 	[ContractClassFor(typeof(IAuthorizationServerHost))]
 	internal abstract class IAuthorizationServerHostContract : IAuthorizationServerHost {
@@ -203,40 +195,34 @@ namespace DotNetOpenAuth.OAuth2 {
 		/// The access request the credentials came with.
 		/// This may be useful if the authorization server wishes to apply some policy based on the client that is making the request.
 		/// </param>
-		/// <param name="canonicalUserName">
-		/// Receives the canonical username (normalized for the resource server) of the user, for valid credentials;
-		/// Or <c>null</c> if the return value is false.
-		/// </param>
 		/// <returns>
-		///   <c>true</c> if the given credentials are valid and the authorization granted; otherwise, <c>false</c>.
+		/// A value that describes the result of the authorization check.
 		/// </returns>
 		/// <exception cref="NotSupportedException">
 		/// May be thrown if the authorization server does not support the resource owner password credential grant type.
 		/// </exception>
-		bool IAuthorizationServerHost.TryAuthorizeResourceOwnerCredentialGrant(string userName, string password, IAccessTokenRequest accessRequest, out string canonicalUserName) {
+		AutomatedUserAuthorizationCheckResponse IAuthorizationServerHost.CheckAuthorizeResourceOwnerCredentialGrant(string userName, string password, IAccessTokenRequest accessRequest) {
 			Contract.Requires(!string.IsNullOrEmpty(userName));
 			Contract.Requires(password != null);
 			Contract.Requires(accessRequest != null);
-			Contract.Ensures(!Contract.Result<bool>() || !string.IsNullOrEmpty(Contract.ValueAtReturn<string>(out canonicalUserName)));
+			Contract.Ensures(Contract.Result<AutomatedUserAuthorizationCheckResponse>() != null);
 			throw new NotImplementedException();
 		}
 
 		/// <summary>
 		/// Determines whether an access token request given a client credential grant should be authorized
-		/// and if so records an authorization entry such that subsequent calls to <see cref="IAuthorizationServerHost.IsAuthorizationValid"/> would
+		/// and if so records an authorization entry such that subsequent calls to <see cref="IAuthorizationServerHost.IsAuthorizationValid" /> would
 		/// return <c>true</c>.
 		/// </summary>
-		/// <param name="accessRequest">
-		/// The access request the credentials came with.
-		/// This may be useful if the authorization server wishes to apply some policy based on the client that is making the request.
-		/// </param>
+		/// <param name="accessRequest">The access request the credentials came with.
+		/// This may be useful if the authorization server wishes to apply some policy based on the client that is making the request.</param>
 		/// <returns>
-		///   <c>true</c> if the given credentials are valid and the authorization granted; otherwise, <c>false</c>.
+		/// A value that describes the result of the authorization check.
 		/// </returns>
-		/// <exception cref="NotSupportedException">
-		/// May be thrown if the authorization server does not support the client credential grant type.
-		/// </exception>
-		bool IAuthorizationServerHost.TryAuthorizeClientCredentialsGrant(IAccessTokenRequest accessRequest) {
+		/// <exception cref="NotSupportedException">May be thrown if the authorization server does not support the client credential grant type.</exception>
+		AutomatedAuthorizationCheckResponse IAuthorizationServerHost.CheckAuthorizeClientCredentialsGrant(IAccessTokenRequest accessRequest) {
+			Contract.Requires(accessRequest != null);
+			Contract.Ensures(Contract.Result<AutomatedAuthorizationCheckResponse>() != null);
 			throw new NotImplementedException();
 		}
author	Andrew Arnott <andrewarnott@gmail.com>	2012-10-30 22:00:35 -0700
committer	Andrew Arnott <andrewarnott@gmail.com>	2012-10-30 22:00:35 -0700
commit	fa0da3ffda98965e984d81564debd8bd4ee26961 (patch)
tree	b8774d6114a6c62cb808cd989946ff6da1f9a8da /src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/IAuthorizationServerHost.cs
parent	07c0de18759d4e290435986ad7efd8cc114439b4 (diff)
download	DotNetOpenAuth-fa0da3ffda98965e984d81564debd8bd4ee26961.zip DotNetOpenAuth-fa0da3ffda98965e984d81564debd8bd4ee26961.tar.gz DotNetOpenAuth-fa0da3ffda98965e984d81564debd8bd4ee26961.tar.bz2