diff options
| author | Andrew Arnott <andrewarnott@gmail.com> | 2012-02-16 08:47:49 -0800 |
|---|---|---|
| committer | Andrew Arnott <andrewarnott@gmail.com> | 2012-02-16 08:47:49 -0800 |
| commit | 9869f80aa333eeab6e7d19bf116c3d4c4788e8ba (patch) | |
| tree | b779795d17ddbeaaef59790345b49809f162c47c /src/DotNetOpenAuth.OAuth2 | |
| parent | f1837d5eb51cb3ed948d72048e5827332e506a71 (diff) | |
| download | DotNetOpenAuth-9869f80aa333eeab6e7d19bf116c3d4c4788e8ba.zip DotNetOpenAuth-9869f80aa333eeab6e7d19bf116c3d4c4788e8ba.tar.gz DotNetOpenAuth-9869f80aa333eeab6e7d19bf116c3d4c4788e8ba.tar.bz2 | |
Suppressed refresh tokens when client credentials are used to comply with OAuth 2.0 section 4.4.3.
Diffstat (limited to 'src/DotNetOpenAuth.OAuth2')
3 files changed, 25 insertions, 0 deletions
diff --git a/src/DotNetOpenAuth.OAuth2/OAuth2/Messages/AccessTokenSuccessResponse.cs b/src/DotNetOpenAuth.OAuth2/OAuth2/Messages/AccessTokenSuccessResponse.cs index c5c93b5..534929b 100644 --- a/src/DotNetOpenAuth.OAuth2/OAuth2/Messages/AccessTokenSuccessResponse.cs +++ b/src/DotNetOpenAuth.OAuth2/OAuth2/Messages/AccessTokenSuccessResponse.cs @@ -95,5 +95,18 @@ namespace DotNetOpenAuth.OAuth2.Messages { /// Gets or sets a value indicating whether a refresh token is or should be included in the response. /// </summary> internal bool HasRefreshToken { get; set; } + + /// <summary> + /// Checks the message state for conformity to the protocol specification + /// and throws an exception if the message is invalid. + /// </summary> + /// <exception cref="ProtocolException">Thrown if the message is invalid.</exception> + protected override void EnsureValidMessage() { + base.EnsureValidMessage(); + + // Per OAuth 2.0 section 4.4.3 (draft 23), refresh tokens should never be included + // in a response to an access token request that used the client credential grant type. + ErrorUtilities.VerifyProtocol(!this.HasRefreshToken || !(this.OriginatingRequest is AccessTokenClientCredentialsRequest), OAuthStrings.RefreshTokenInappropriateForRequestType, this.OriginatingRequest.GetType().Name); + } } } diff --git a/src/DotNetOpenAuth.OAuth2/OAuth2/OAuthStrings.Designer.cs b/src/DotNetOpenAuth.OAuth2/OAuth2/OAuthStrings.Designer.cs index dcd6139..2167b5f 100644 --- a/src/DotNetOpenAuth.OAuth2/OAuth2/OAuthStrings.Designer.cs +++ b/src/DotNetOpenAuth.OAuth2/OAuth2/OAuthStrings.Designer.cs @@ -160,6 +160,15 @@ namespace DotNetOpenAuth.OAuth2 { } /// <summary> + /// Looks up a localized string similar to The request message type {0} should not be responded to with a refresh token.. + /// </summary> + internal static string RefreshTokenInappropriateForRequestType { + get { + return ResourceManager.GetString("RefreshTokenInappropriateForRequestType", resourceCulture); + } + } + + /// <summary> /// Looks up a localized string similar to Individual scopes may not contain spaces.. /// </summary> internal static string ScopesMayNotContainSpaces { diff --git a/src/DotNetOpenAuth.OAuth2/OAuth2/OAuthStrings.resx b/src/DotNetOpenAuth.OAuth2/OAuth2/OAuthStrings.resx index 9f920e7..6fad914 100644 --- a/src/DotNetOpenAuth.OAuth2/OAuth2/OAuthStrings.resx +++ b/src/DotNetOpenAuth.OAuth2/OAuth2/OAuthStrings.resx @@ -150,6 +150,9 @@ <data name="NoGrantNoRefreshToken" xml:space="preserve"> <value>Refresh tokens should not be granted without the request including an access grant.</value> </data> + <data name="RefreshTokenInappropriateForRequestType" xml:space="preserve"> + <value>The request message type {0} should not be responded to with a refresh token.</value> + </data> <data name="ScopesMayNotContainSpaces" xml:space="preserve"> <value>Individual scopes may not contain spaces.</value> </data> |