Fixes exception thrown on missing access token

The resource server was throwing an ArgumentException when an HTTP
Authorization header appeared with a value of "Bearer " but no access
token. We now throw a ProtocolException that can produce the appropriate
error to the client.

Fixes #230

1 files changed, 1 insertions, 0 deletions

diff --git a/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/StandardAccessTokenAnalyzer.cs b/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/StandardAccessTokenAnalyzer.cs
index 54d86ff..bd28821 100644
--- a/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/StandardAccessTokenAnalyzer.cs
+++ b/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/StandardAccessTokenAnalyzer.cs
@@ -49,6 +49,7 @@ namespace DotNetOpenAuth.OAuth2 {
 		/// <returns>The deserialized, validated token.</returns>
 		/// <exception cref="ProtocolException">Thrown if the access token is expired, invalid, or from an untrusted authorization server.</exception>
 		public virtual AccessToken DeserializeAccessToken(IDirectedProtocolMessage message, string accessToken) {
+			ErrorUtilities.VerifyProtocol(!string.IsNullOrEmpty(accessToken), ResourceServerStrings.MissingAccessToken);
 			var accessTokenFormatter = AccessToken.CreateFormatter(this.AuthorizationServerPublicSigningKey, this.ResourceServerPrivateEncryptionKey);
 			var token = new AccessToken();
 			accessTokenFormatter.Deserialize(token, message, accessToken, Protocol.access_token);