Work toward an OAuth 2.0 Web Server flow auth server.

7 files changed, 89 insertions, 31 deletions

diff --git a/src/DotNetOpenAuth/OAuthWrap/AuthorizationServerBase.cs b/src/DotNetOpenAuth/OAuthWrap/AuthorizationServerBase.cs
index cfbd80f..396ff87 100644
--- a/src/DotNetOpenAuth/OAuthWrap/AuthorizationServerBase.cs
+++ b/src/DotNetOpenAuth/OAuthWrap/AuthorizationServerBase.cs
@@ -31,7 +31,7 @@ namespace DotNetOpenAuth.OAuthWrap {
 			try {
 				return this.AuthorizationServer.GetClient(clientIdentifier);
 			} catch (KeyNotFoundException ex) {
-				throw ErrorUtilities.Wrap(ex, DotNetOpenAuth.OAuth.OAuthStrings.ConsumerOrTokenSecretNotFound);
+				throw ErrorUtilities.Wrap(ex, OAuth.OAuthStrings.ConsumerOrTokenSecretNotFound);
 			}
 		}
 	}
diff --git a/src/DotNetOpenAuth/OAuthWrap/IAuthorizationServer.cs b/src/DotNetOpenAuth/OAuthWrap/IAuthorizationServer.cs
index ba328b1..5be4c55 100644
--- a/src/DotNetOpenAuth/OAuthWrap/IAuthorizationServer.cs
+++ b/src/DotNetOpenAuth/OAuthWrap/IAuthorizationServer.cs
@@ -4,11 +4,10 @@
 // </copyright>
 //-----------------------------------------------------------------------
 
-using System.Diagnostics.Contracts;
-
 namespace DotNetOpenAuth.OAuthWrap {
 	using System;
 	using System.Collections.Generic;
+	using System.Diagnostics.Contracts;
 	using System.Linq;
 	using System.Text;
 	using DotNetOpenAuth.OAuth.ChannelElements;
@@ -24,6 +23,7 @@ namespace DotNetOpenAuth.OAuthWrap {
 		}
 
 		IConsumerDescription IAuthorizationServer.GetClient(string clientIdentifier) {
+			Contract.Requires<ArgumentException>(!String.IsNullOrEmpty(clientIdentifier));
 			Contract.Ensures(Contract.Result<IConsumerDescription>() != null);
 			throw new NotImplementedException();
 		}
diff --git a/src/DotNetOpenAuth/OAuthWrap/Messages/UnauthorizedResponse.cs b/src/DotNetOpenAuth/OAuthWrap/Messages/UnauthorizedResponse.cs
index ad6d851..77befee 100644
--- a/src/DotNetOpenAuth/OAuthWrap/Messages/UnauthorizedResponse.cs
+++ b/src/DotNetOpenAuth/OAuthWrap/Messages/UnauthorizedResponse.cs
@@ -64,5 +64,17 @@ namespace DotNetOpenAuth.OAuthWrap.Messages {
 
 		[MessagePart("realm")]
 		internal string Realm { get; set; }
+
+		[MessagePart("scope")]
+		internal string Scope { get; set; }
+
+		[MessagePart("algorithms")]
+		internal string Algorithms { get; set; }
+
+		[MessagePart("user-uri")]
+		internal Uri UserEndpoint { get; set; }
+
+		[MessagePart("token-uri")]
+		internal Uri TokenEndpoint { get; set; }
 	}
 }
diff --git a/src/DotNetOpenAuth/OAuthWrap/Messages/WebServer/WebAppFailedResponse.cs b/src/DotNetOpenAuth/OAuthWrap/Messages/WebServer/WebAppFailedResponse.cs
index be00f52..e29da23 100644
--- a/src/DotNetOpenAuth/OAuthWrap/Messages/WebServer/WebAppFailedResponse.cs
+++ b/src/DotNetOpenAuth/OAuthWrap/Messages/WebServer/WebAppFailedResponse.cs
@@ -33,6 +33,18 @@ namespace DotNetOpenAuth.OAuthWrap.Messages {
 		}
 
 		/// <summary>
+		/// Initializes a new instance of the <see cref="WebAppFailedResponse"/> class.
+		/// </summary>
+		/// <param name="clientCallback">The client callback.</param>
+		/// <param name="request">The request.</param>
+		internal WebAppFailedResponse(Uri clientCallback, WebAppRequest request)
+			: this(clientCallback, ((IMessage)request).Version) {
+			Contract.Requires<ArgumentNullException>(clientCallback != null, "clientCallback");
+			Contract.Requires<ArgumentNullException>(request != null, "request");
+			((IMessageWithClientState)this).ClientState = ((IMessageWithClientState)request).ClientState;
+		}
+
+		/// <summary>
 		/// Gets or sets the state of the client that was supplied to the Authorization Server.
 		/// </summary>
 		/// <value>
diff --git a/src/DotNetOpenAuth/OAuthWrap/Messages/WebServer/WebAppRequest.cs b/src/DotNetOpenAuth/OAuthWrap/Messages/WebServer/WebAppRequest.cs
index 790d229..8f94bbb 100644
--- a/src/DotNetOpenAuth/OAuthWrap/Messages/WebServer/WebAppRequest.cs
+++ b/src/DotNetOpenAuth/OAuthWrap/Messages/WebServer/WebAppRequest.cs
@@ -8,19 +8,21 @@ namespace DotNetOpenAuth.OAuthWrap.Messages {
 	using System;
 	using System.Diagnostics.Contracts;
 	using DotNetOpenAuth.Messaging;
-	using DotNetOpenAuth.OAuthWrap.ChannelElements;
 
 	/// <summary>
 	/// A message sent by a web application Client to the AuthorizationServer
 	/// via the user agent to obtain authorization from the user and prepare
 	/// to issue an access token to the Consumer if permission is granted.
 	/// </summary>
+	[Serializable]
 	public class WebAppRequest : MessageBase, IMessageWithClientState {
 		/// <summary>
 		/// The type of message.
 		/// </summary>
 		[MessagePart(Protocol.type, IsRequired = true)]
+#pragma warning disable 169
 		private const string Type = "web_server";
+#pragma warning restore 169
 
 		/// <summary>
 		/// Initializes a new instance of the <see cref="WebAppRequest"/> class.
@@ -55,23 +57,39 @@ namespace DotNetOpenAuth.OAuthWrap.Messages {
 		/// REQUIRED. The client identifier as described in Section 3.4  (Client Credentials). 
 		/// </remarks>
 		[MessagePart(Protocol.state, IsRequired = false, AllowEmpty = true)]
-		public string ClientState { get; set; }
+		string IMessageWithClientState.ClientState { get; set; }
+
+		/// <summary>
+		/// Gets or sets the scope of access being requested.
+		/// </summary>
+		/// <value>The scope of the access request expressed as a list of space-delimited strings. The value of the scope parameter is defined by the authorization server. If the value contains multiple space-delimited strings, their order does not matter, and each string adds an additional access range to the requested scope.</value>
+		[MessagePart(Protocol.scope, IsRequired = false, AllowEmpty = true)]
+		public string Scope { get; set; }
 
 		/// <summary>
 		/// Gets or sets a value indicating whether the authorization server is
-		/// required to redirect the browser back to the client immediately.
+		/// allowed to interact with the user before responding to the client's request.
 		/// </summary>
-		/// <remarks>
-		/// OPTIONAL. The parameter value must be set to true or false. If set to true, the authorization server MUST NOT prompt the end-user to authenticate or approve access. Instead, the authorization server attempts to establish the end-user's identity via other means (e.g. browser cookies) and checks if the end-user has previously approved an identical access request by the same client and if that access grant is still active. If the authorization server does not support an immediate check or if it is unable to establish the end-user's identity or approval status, it MUST deny the request without prompting the end-user. Defaults to false  if omitted. 
-		/// </remarks>
-		[MessagePart(Protocol.immediate, IsRequired = false, AllowEmpty = false)]
-		public bool? Immediate { get; set; }
+		public bool IsUserInteractionAllowed {
+			get { return !this.Immediate.HasValue || !this.Immediate.Value; }
+			set { this.Immediate = value ? (bool?)null : true; }
+		}
 
 		/// <summary>
 		/// Gets or sets the identifier by which this client is known to the Authorization Server.
 		/// </summary>
 		[MessagePart(Protocol.client_id, IsRequired = true, AllowEmpty = false)]
-		internal string ClientIdentifier { get; set; }
+		public string ClientIdentifier { get; set; }
+
+		/// <summary>
+		/// Gets or sets a value indicating whether the authorization server is
+		/// required to redirect the browser back to the client immediately.
+		/// </summary>
+		/// <remarks>
+		/// OPTIONAL. The parameter value must be set to true or false. If set to true, the authorization server MUST NOT prompt the end-user to authenticate or approve access. Instead, the authorization server attempts to establish the end-user's identity via other means (e.g. browser cookies) and checks if the end-user has previously approved an identical access request by the same client and if that access grant is still active. If the authorization server does not support an immediate check or if it is unable to establish the end-user's identity or approval status, it MUST deny the request without prompting the end-user. Defaults to false  if omitted. 
+		/// </remarks>
+		[MessagePart(Protocol.immediate, IsRequired = false, AllowEmpty = false)]
+		internal bool? Immediate { get; set; }
 
 		/// <summary>
 		/// Gets or sets the callback URL.
diff --git a/src/DotNetOpenAuth/OAuthWrap/Messages/WebServer/WebAppSuccessResponse.cs b/src/DotNetOpenAuth/OAuthWrap/Messages/WebServer/WebAppSuccessResponse.cs
index abc99bb..e93acca 100644
--- a/src/DotNetOpenAuth/OAuthWrap/Messages/WebServer/WebAppSuccessResponse.cs
+++ b/src/DotNetOpenAuth/OAuthWrap/Messages/WebServer/WebAppSuccessResponse.cs
@@ -27,6 +27,18 @@ namespace DotNetOpenAuth.OAuthWrap.Messages {
 		}
 
 		/// <summary>
+		/// Initializes a new instance of the <see cref="WebAppSuccessResponse"/> class.
+		/// </summary>
+		/// <param name="clientCallback">The client callback.</param>
+		/// <param name="request">The request.</param>
+		internal WebAppSuccessResponse(Uri clientCallback, WebAppRequest request)
+			: this(clientCallback, ((IMessage)request).Version) {
+			Contract.Requires<ArgumentNullException>(clientCallback != null, "clientCallback");
+			Contract.Requires<ArgumentNullException>(request != null, "request");
+			((IMessageWithClientState)this).ClientState = ((IMessageWithClientState)request).ClientState;
+		}
+
+		/// <summary>
 		/// Gets or sets some state as provided by the client in the authorization request.
 		/// </summary>
 		/// <value>An opaque value defined by the client.</value>
@@ -34,7 +46,7 @@ namespace DotNetOpenAuth.OAuthWrap.Messages {
 		/// REQUIRED if the Client sent the value in the <see cref="WebAppRequest"/>.
 		/// </remarks>
 		[MessagePart(Protocol.state, IsRequired = false, AllowEmpty = true)]
-		public string ClientState { get; set; }
+		string IMessageWithClientState.ClientState { get; set; }
 
 		/// <summary>
 		/// Gets or sets the verification code.
diff --git a/src/DotNetOpenAuth/OAuthWrap/WebAppAuthorizationServer.cs b/src/DotNetOpenAuth/OAuthWrap/WebAppAuthorizationServer.cs
index 79b9682..ddff08a 100644
--- a/src/DotNetOpenAuth/OAuthWrap/WebAppAuthorizationServer.cs
+++ b/src/DotNetOpenAuth/OAuthWrap/WebAppAuthorizationServer.cs
@@ -50,44 +50,48 @@ namespace DotNetOpenAuth.OAuthWrap {
 			return message;
 		}
 
-		public OutgoingWebResponse ApproveAuthorizationRequest(WebAppRequest authorizationRequest) {
+		public void ApproveAuthorizationRequest(WebAppRequest authorizationRequest, Uri callback = null) {
 			Contract.Requires<ArgumentNullException>(authorizationRequest != null, "authorizationRequest");
 			Contract.Ensures(Contract.Result<OutgoingWebResponse>() != null);
 
-			return ApproveAuthorizationRequest(authorizationRequest, this.GetCallback(authorizationRequest));
+			var response = this.PrepareApproveAuthorizationRequest(authorizationRequest, callback);
+			this.Channel.Send(response);
 		}
 
-		public OutgoingWebResponse ApproveAuthorizationRequest(WebAppRequest authorizationRequest, Uri callback) {
+		public void RejectAuthorizationRequest(WebAppRequest authorizationRequest, Uri callback = null) {
 			Contract.Requires<ArgumentNullException>(authorizationRequest != null, "authorizationRequest");
-			Contract.Requires<ArgumentNullException>(callback != null, "callback");
 			Contract.Ensures(Contract.Result<OutgoingWebResponse>() != null);
 
-			var client = GetClient(authorizationRequest.ClientIdentifier);
-			var response = new WebAppSuccessResponse(callback, ((IMessage)authorizationRequest).Version) {
-				ClientState = authorizationRequest.ClientState,
-				VerificationCode = OAuth.ServiceProvider.CreateVerificationCode(client.VerificationCodeFormat, client.VerificationCodeLength),
-			};
-
-			return this.Channel.PrepareResponse(response);
+			var response = this.PrepareRejectAuthorizationRequest(authorizationRequest, callback);
+			this.Channel.Send(response);
 		}
 
-		public OutgoingWebResponse RejectAuthorizationRequest(WebAppRequest authorizationRequest, bool a=false) {
+		internal WebAppFailedResponse PrepareRejectAuthorizationRequest(WebAppRequest authorizationRequest, Uri callback = null) {
 			Contract.Requires<ArgumentNullException>(authorizationRequest != null, "authorizationRequest");
 			Contract.Ensures(Contract.Result<OutgoingWebResponse>() != null);
 
-			return this.RejectAuthorizationRequest(authorizationRequest, GetCallback(authorizationRequest));
+			if (callback == null) {
+				callback = this.GetCallback(authorizationRequest);
+			}
+
+			var response = new WebAppFailedResponse(callback, authorizationRequest);
+			return response;
 		}
 
-		public OutgoingWebResponse RejectAuthorizationRequest(WebAppRequest authorizationRequest, Uri callback) {
+		internal WebAppSuccessResponse PrepareApproveAuthorizationRequest(WebAppRequest authorizationRequest, Uri callback = null) {
 			Contract.Requires<ArgumentNullException>(authorizationRequest != null, "authorizationRequest");
-			Contract.Requires<ArgumentNullException>(callback != null, "callback");
 			Contract.Ensures(Contract.Result<OutgoingWebResponse>() != null);
 
-			var response = new WebAppFailedResponse(callback, ((IMessage)authorizationRequest).Version) {
-				ClientState = authorizationRequest.ClientState,
+			if (callback == null) {
+				callback = this.GetCallback(authorizationRequest);
+			}
+
+			var client = GetClient(authorizationRequest.ClientIdentifier);
+			var response = new WebAppSuccessResponse(callback, authorizationRequest) {
+				VerificationCode = OAuth.ServiceProvider.CreateVerificationCode(client.VerificationCodeFormat, client.VerificationCodeLength),
 			};
 
-			return this.Channel.PrepareResponse(response);
+			return response;
 		}
 
 		protected Uri GetCallback(WebAppRequest authorizationRequest) {