Authorization Server hosts now instantiate their own AccessTokens rather than just parameters.

AccessTokens are now serialized via a virtual method on that instance.
Fixes #38, I think.

1 files changed, 45 insertions, 24 deletions

diff --git a/src/DotNetOpenAuth.OAuth2/OAuth2/AccessToken.cs b/src/DotNetOpenAuth.OAuth2/OAuth2/AccessToken.cs
index 3a12faa..5890d93 100644
--- a/src/DotNetOpenAuth.OAuth2/OAuth2/AccessToken.cs
+++ b/src/DotNetOpenAuth.OAuth2/OAuth2/AccessToken.cs
@@ -24,22 +24,55 @@ namespace DotNetOpenAuth.OAuth2 {
 		}
 
 		/// <summary>
-		/// Initializes a new instance of the <see cref="AccessToken"/> class.
+		/// Gets or sets the lifetime of the access token.
+		/// </summary>
+		/// <value>The lifetime.</value>
+		[MessagePart(Encoder = typeof(TimespanSecondsEncoder))]
+		public TimeSpan? Lifetime { get; set; }
+
+		/// <summary>
+		/// Gets the type of this instance.
+		/// </summary>
+		/// <value>The type of the bag.</value>
+		/// <remarks>
+		/// This ensures that one token cannot be misused as another kind of token.
+		/// </remarks>
+		protected override Type BagType {
+			get {
+				// different roles (authorization server vs. Client) may derive from AccessToken, but they are all interoperable.
+				return typeof(AccessToken);
+			}
+		}
+
+		/// <summary>
+		/// Creates a formatter capable of serializing/deserializing an access token.
+		/// </summary>
+		/// <param name="signingKey">The crypto service provider with the authorization server's private key used to asymmetrically sign the access token.</param>
+		/// <param name="encryptingKey">The crypto service provider with the resource server's public key used to encrypt the access token.</param>
+		/// <returns>An access token serializer.</returns>
+		internal static IDataBagFormatter<AccessToken> CreateFormatter(RSACryptoServiceProvider signingKey, RSACryptoServiceProvider encryptingKey) {
+			Contract.Requires(signingKey != null || !signingKey.PublicOnly);
+			Contract.Requires(encryptingKey != null);
+			Contract.Ensures(Contract.Result<IDataBagFormatter<AccessToken>>() != null);
+
+			return new UriStyleMessageFormatter<AccessToken>(signingKey, encryptingKey);
+		}
+
+		/// <summary>
+		/// Initializes this instance of the <see cref="AccessToken"/> class.
 		/// </summary>
-		/// <param name="authorization">The authorization to be described by the access token.</param>
-		/// <param name="lifetime">The lifetime of the access token.</param>
-		internal AccessToken(IAuthorizationDescription authorization, TimeSpan? lifetime) {
+		/// <param name="authorization">The authorization to apply to this access token.</param>
+		internal void ApplyAuthorization(IAuthorizationDescription authorization) {
 			Requires.NotNull(authorization, "authorization");
 
 			this.ClientIdentifier = authorization.ClientIdentifier;
 			this.UtcCreationDate = authorization.UtcIssued;
 			this.User = authorization.User;
 			this.Scope.ResetContents(authorization.Scope);
-			this.Lifetime = lifetime;
 		}
 
 		/// <summary>
-		/// Initializes a new instance of the <see cref="AccessToken"/> class.
+		/// Initializes this instance of the <see cref="AccessToken"/> class.
 		/// </summary>
 		/// <param name="scopes">The scopes.</param>
 		/// <param name="username">The username of the account that authorized this token.</param>
@@ -49,7 +82,7 @@ namespace DotNetOpenAuth.OAuth2 {
 		/// is invoked in the case where the client is <em>not</em> authenticated, and therefore no
 		/// trust in the client_id is appropriate.
 		/// </remarks>
-		internal AccessToken(IEnumerable<string> scopes, string username, TimeSpan? lifetime) {
+		internal void ApplyAuthorization(IEnumerable<string> scopes, string username, TimeSpan? lifetime) {
 			this.Scope.ResetContents(scopes);
 			this.User = username;
 			this.Lifetime = lifetime;
@@ -57,24 +90,12 @@ namespace DotNetOpenAuth.OAuth2 {
 		}
 
 		/// <summary>
-		/// Gets or sets the lifetime of the access token.
-		/// </summary>
-		/// <value>The lifetime.</value>
-		[MessagePart(Encoder = typeof(TimespanSecondsEncoder))]
-		public TimeSpan? Lifetime { get; set; }
-
-		/// <summary>
-		/// Creates a formatter capable of serializing/deserializing an access token.
+		/// Serializes this instance to a simple string for transmission to the client.
 		/// </summary>
-		/// <param name="signingKey">The crypto service provider with the authorization server's private key used to asymmetrically sign the access token.</param>
-		/// <param name="encryptingKey">The crypto service provider with the resource server's public key used to encrypt the access token.</param>
-		/// <returns>An access token serializer.</returns>
-		internal static IDataBagFormatter<AccessToken> CreateFormatter(RSACryptoServiceProvider signingKey, RSACryptoServiceProvider encryptingKey) {
-			Contract.Requires(signingKey != null || !signingKey.PublicOnly);
-			Contract.Requires(encryptingKey != null);
-			Contract.Ensures(Contract.Result<IDataBagFormatter<AccessToken>>() != null);
-
-			return new UriStyleMessageFormatter<AccessToken>(signingKey, encryptingKey);
+		/// <returns>A non-empty string.</returns>
+		protected internal virtual string Serialize() {
+			Contract.Ensures(!string.IsNullOrEmpty(Contract.Result<string>()));
+			throw new NotSupportedException();
 		}
 
 		/// <summary>