CreateAccessToken reveals username to host

IAuthorizationServerHost.CreateAccessToken now has access to authoring
usernames.

Fixes #219

1 files changed, 17 insertions, 0 deletions

diff --git a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/EndUserAuthorizationImplicitRequest.cs b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/EndUserAuthorizationImplicitRequest.cs
index 8932cd3..6f7ba7d 100644
--- a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/EndUserAuthorizationImplicitRequest.cs
+++ b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/EndUserAuthorizationImplicitRequest.cs
@@ -48,6 +48,23 @@ namespace DotNetOpenAuth.OAuth2.Messages {
 		IAccessTokenResult IAccessTokenRequestInternal.AccessTokenResult { get; set; }
 
 		/// <summary>
+		/// Gets the username of the authorizing user, when applicable.
+		/// </summary>
+		/// <value>
+		/// A non-empty string; or <c>null</c> when no user has authorized this access token.
+		/// </value>
+		string IAccessTokenRequest.UserName {
+			get {
+				IAccessTokenRequestInternal request = this;
+				if (request.AccessTokenResult != null && request.AccessTokenResult.AccessToken != null) {
+					return request.AccessTokenResult.AccessToken.User;
+				}
+
+				return null;
+			}
+		}
+
+		/// <summary>
 		/// Gets a value indicating whether the client requesting the access token has authenticated itself.
 		/// </summary>
 		/// <value>