Adds extensibility points for authenticating OAuth 2 clients at the client and authorization server ends.

Fixes #105
Related to #75

3 files changed, 61 insertions, 6 deletions

diff --git a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/AccessTokenFailedResponse.cs b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/AccessTokenFailedResponse.cs
index 8c4b1c3..4aaf928 100644
--- a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/AccessTokenFailedResponse.cs
+++ b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/AccessTokenFailedResponse.cs
@@ -25,6 +25,11 @@ namespace DotNetOpenAuth.OAuth2.Messages {
 		private readonly bool invalidClientCredentialsInAuthorizationHeader;
 
 		/// <summary>
+		/// The headers to include in the response.
+		/// </summary>
+		private readonly WebHeaderCollection headers = new WebHeaderCollection();
+
+		/// <summary>
 		/// Initializes a new instance of the <see cref="AccessTokenFailedResponse"/> class.
 		/// </summary>
 		/// <param name="request">The faulty request.</param>
@@ -63,8 +68,8 @@ namespace DotNetOpenAuth.OAuth2.Messages {
 		/// Gets the HTTP headers to add to the response.
 		/// </summary>
 		/// <value>May be an empty collection, but must not be <c>null</c>.</value>
-		WebHeaderCollection IHttpDirectResponse.Headers {
-			get { return new WebHeaderCollection(); }
+		public WebHeaderCollection Headers {
+			get { return this.headers; }
 		}
 
 		#endregion
diff --git a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/AuthenticatedClientRequestBase.cs b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/AuthenticatedClientRequestBase.cs
index bc4d0ca..4631d83 100644
--- a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/AuthenticatedClientRequestBase.cs
+++ b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/AuthenticatedClientRequestBase.cs
@@ -6,13 +6,18 @@
 
 namespace DotNetOpenAuth.OAuth2.Messages {
 	using System;
-
+	using System.Net;
 	using DotNetOpenAuth.Messaging;
 
 	/// <summary>
 	/// A direct message from the client to the authorization server that includes the client's credentials.
 	/// </summary>
-	public abstract class AuthenticatedClientRequestBase : MessageBase {
+	public abstract class AuthenticatedClientRequestBase : MessageBase, IHttpDirectRequest {
+		/// <summary>
+		/// The backing for the <see cref="Headers"/> property.
+		/// </summary>
+		private readonly WebHeaderCollection headers = new WebHeaderCollection();
+
 		/// <summary>
 		/// Initializes a new instance of the <see cref="AuthenticatedClientRequestBase"/> class.
 		/// </summary>
@@ -26,7 +31,10 @@ namespace DotNetOpenAuth.OAuth2.Messages {
 		/// Gets the client identifier previously obtained from the Authorization Server.
 		/// </summary>
 		/// <value>The client identifier.</value>
-		[MessagePart(Protocol.client_id, IsRequired = true)]
+		/// <remarks>
+		/// Not required, because the client id may be communicate through alternate means like HTTP Basic authentication (the OAuth 2 spec allows a lot of freedom here).
+		/// </remarks>
+		[MessagePart(Protocol.client_id, IsRequired = false)]
 		public string ClientIdentifier { get; internal set; }
 
 		/// <summary>
@@ -38,5 +46,13 @@ namespace DotNetOpenAuth.OAuth2.Messages {
 		/// </remarks>
 		[MessagePart(Protocol.client_secret, IsRequired = false)]
 		public string ClientSecret { get; internal set; }
+
+		/// <summary>
+		/// Gets the HTTP headers of the request.
+		/// </summary>
+		/// <value>May be an empty collection, but must not be <c>null</c>.</value>
+		public WebHeaderCollection Headers {
+			get { return this.headers; }
+		}
 	}
 }
\ No newline at end of file
diff --git a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/TokenEndpointProtocolException.cs b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/TokenEndpointProtocolException.cs
index 308bfe2..e86c27e 100644
--- a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/TokenEndpointProtocolException.cs
+++ b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/TokenEndpointProtocolException.cs
@@ -12,24 +12,40 @@ namespace DotNetOpenAuth.OAuth2 {
 	using System.Text;
 
 	using DotNetOpenAuth.Messaging;
+	using DotNetOpenAuth.OAuth2.Messages;
 
 	/// <summary>
 	/// Describes an error generated by an Authorization Server's token endpoint.
 	/// </summary>
 	public class TokenEndpointProtocolException : ProtocolException {
 		/// <summary>
+		/// The message being processed that caused this exception to be thrown.
+		/// </summary>
+		private readonly AccessTokenRequestBase requestMessage;
+
+		/// <summary>
+		/// The WWW-Authenticate header to add to the response message.
+		/// </summary>
+		private readonly string authenticateHeader;
+
+		/// <summary>
 		/// Initializes a new instance of the <see cref="TokenEndpointProtocolException"/> class.
 		/// </summary>
+		/// <param name="requestMessage">The message whose processing resulted in this error.</param>
 		/// <param name="error">A single error code from <see cref="Protocol.AccessTokenRequestErrorCodes"/>.</param>
 		/// <param name="description">A human-readable UTF-8 encoded text providing additional information, used to assist the client developer in understanding the error that occurred.</param>
 		/// <param name="moreInformation">A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.</param>
-		public TokenEndpointProtocolException(string error, string description = null, Uri moreInformation = null)
+		/// <param name="authenticateHeader">The WWW-Authenticate header to add to the response.</param>
+		public TokenEndpointProtocolException(AccessTokenRequestBase requestMessage, string error, string description = null, Uri moreInformation = null, string authenticateHeader = null)
 			: base(string.Format(CultureInfo.CurrentCulture, ClientAuthorizationStrings.TokenEndpointErrorFormat, error, description)) {
+			Requires.NotNull(requestMessage, "requestMessage");
 			Requires.NotNullOrEmpty(error, "error");
 
+			this.requestMessage = requestMessage;
 			this.Error = error;
 			this.Description = description;
 			this.MoreInformation = moreInformation;
+			this.authenticateHeader = authenticateHeader;
 		}
 
 		/// <summary>
@@ -55,5 +71,23 @@ namespace DotNetOpenAuth.OAuth2 {
 		/// Gets a URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
 		/// </summary>
 		public Uri MoreInformation { get; private set; }
+
+		/// <summary>
+		/// Gets the response message to send to the client.
+		/// </summary>
+		/// <returns>A message.</returns>
+		public IDirectResponseProtocolMessage GetResponse() {
+			var response = this.requestMessage != null
+				? new AccessTokenFailedResponse(this.requestMessage, this.authenticateHeader != null)
+				: new AccessTokenFailedResponse();
+			response.Error = this.Error;
+			response.ErrorDescription = this.Description;
+			response.ErrorUri = this.MoreInformation;
+			if (this.authenticateHeader != null) {
+				response.Headers.Add(HttpRequestHeaders.WwwAuthenticate, this.authenticateHeader);
+			}
+
+			return response;
+		}
 	}
 }