Auth server apps can now determine the lifetime of their own access tokens.

8 files changed, 52 insertions, 55 deletions

diff --git a/src/DotNetOpenAuth/OAuthWrap/AuthorizationServerBase.cs b/src/DotNetOpenAuth/OAuthWrap/AuthorizationServerBase.cs
index f6f2041..84a0b9a 100644
--- a/src/DotNetOpenAuth/OAuthWrap/AuthorizationServerBase.cs
+++ b/src/DotNetOpenAuth/OAuthWrap/AuthorizationServerBase.cs
@@ -9,24 +9,51 @@ namespace DotNetOpenAuth.OAuthWrap {
 	using System.Collections.Generic;
 	using System.Diagnostics.Contracts;
 	using System.Linq;
+	using System.Security.Cryptography;
 	using System.Text;
 	using ChannelElements;
 	using DotNetOpenAuth.Messaging;
+	using DotNetOpenAuth.OAuthWrap.Messages;
 	using OAuth.ChannelElements;
 
 	public abstract class AuthorizationServerBase {
 		protected AuthorizationServerBase(IAuthorizationServer authorizationServer) {
 			Contract.Requires<ArgumentNullException>(authorizationServer != null, "authorizationServer");
-			this.AuthorizationServer = authorizationServer;
-			this.Channel = new OAuthWrapAuthorizationServerChannel(authorizationServer);
+			this.OAuthChannel = new OAuthWrapAuthorizationServerChannel(authorizationServer);
 		}
 
-		public Channel Channel { get; set; }
+		public Channel Channel {
+			get { return this.OAuthChannel; }
+		}
 
-		internal OAuthWrapAuthorizationServerChannel OAuthChannel {
-			get { return (OAuthWrapAuthorizationServerChannel)this.Channel; }
+		public IAuthorizationServer AuthorizationServer {
+			get { return this.OAuthChannel.AuthorizationServer; }
 		}
 
-		public IAuthorizationServer AuthorizationServer { get; set; }
+		internal OAuthWrapAuthorizationServerChannel OAuthChannel { get; private set; }
+
+		public virtual IDirectResponseProtocolMessage PrepareAccessTokenResponse(IAccessTokenRequest request, RSAParameters accessTokenEncryptingPublicKey, TimeSpan? accessTokenLifetime = null, bool includeRefreshToken = true) {
+			Contract.Requires<ArgumentNullException>(request != null, "request");
+
+			var tokenRequest = (ITokenCarryingRequest)request;
+			var accessToken = new AccessToken(
+				this.AuthorizationServer.AccessTokenSigningPrivateKey,
+				accessTokenEncryptingPublicKey,
+				tokenRequest.AuthorizationDescription,
+				accessTokenLifetime);
+
+			var response = new AccessTokenSuccessResponse(request) {
+				Scope = tokenRequest.AuthorizationDescription.Scope,
+				AccessToken = accessToken.Encode(),
+				Lifetime = accessToken.Lifetime,
+			};
+
+			if (includeRefreshToken) {
+				var refreshToken = new RefreshToken(this.AuthorizationServer.Secret, tokenRequest.AuthorizationDescription);
+				response.RefreshToken = refreshToken.Encode();
+			}
+
+			return response;
+		}
 	}
 }
diff --git a/src/DotNetOpenAuth/OAuthWrap/ChannelElements/AccessRequestBindingElement.cs b/src/DotNetOpenAuth/OAuthWrap/ChannelElements/AccessRequestBindingElement.cs
index a59e087..a461a86 100644
--- a/src/DotNetOpenAuth/OAuthWrap/ChannelElements/AccessRequestBindingElement.cs
+++ b/src/DotNetOpenAuth/OAuthWrap/ChannelElements/AccessRequestBindingElement.cs
@@ -55,10 +55,10 @@
 					throw ErrorUtilities.Wrap(ex, Protocol.authorization_expired);
 				}
 
-				var accessRequest = message as IAccessTokenRequest;
+				var accessRequest = tokenRequest as IAccessTokenRequest;
 				if (accessRequest != null) {
 					// Make sure the client sending us this token is the client we issued the token to.
-					ErrorUtilities.VerifyProtocol(string.Equals(accessRequest.ClientIdentifier, accessRequest.AuthorizationDescription.ClientIdentifier, StringComparison.Ordinal), Protocol.incorrect_client_credentials);
+					ErrorUtilities.VerifyProtocol(string.Equals(accessRequest.ClientIdentifier, tokenRequest.AuthorizationDescription.ClientIdentifier, StringComparison.Ordinal), Protocol.incorrect_client_credentials);
 
 					// Check that the client secret is correct.
 					var client = this.AuthorizationServer.GetClientOrThrow(accessRequest.ClientIdentifier);
diff --git a/src/DotNetOpenAuth/OAuthWrap/ChannelElements/IAccessTokenRequest.cs b/src/DotNetOpenAuth/OAuthWrap/ChannelElements/IAccessTokenRequest.cs
index 426a87f..a32bddf 100644
--- a/src/DotNetOpenAuth/OAuthWrap/ChannelElements/IAccessTokenRequest.cs
+++ b/src/DotNetOpenAuth/OAuthWrap/ChannelElements/IAccessTokenRequest.cs
@@ -20,7 +20,7 @@ namespace DotNetOpenAuth.OAuthWrap.ChannelElements {
 		IAuthorizationDescription AuthorizationDescription { get; set; }
 	}
 
-	internal interface IAccessTokenRequest : ITokenCarryingRequest {
+	public interface IAccessTokenRequest : IDirectedProtocolMessage {
 		string ClientIdentifier { get; }
 
 		string ClientSecret { get; }
diff --git a/src/DotNetOpenAuth/OAuthWrap/ChannelElements/OAuthWrapAuthorizationServerChannel.cs b/src/DotNetOpenAuth/OAuthWrap/ChannelElements/OAuthWrapAuthorizationServerChannel.cs
index 9bf95b7..1537357 100644
--- a/src/DotNetOpenAuth/OAuthWrap/ChannelElements/OAuthWrapAuthorizationServerChannel.cs
+++ b/src/DotNetOpenAuth/OAuthWrap/ChannelElements/OAuthWrapAuthorizationServerChannel.cs
@@ -65,30 +65,7 @@ using System.Security.Cryptography;
 		/// Gets or sets the authorization server.
 		/// </summary>
 		/// <value>The authorization server.  Will be null for channels serving clients.</value>
-		public IAuthorizationServer AuthorizationServer { get; set; }
-
-		public virtual AccessTokenSuccessResponse PrepareAccessToken(IAccessTokenRequest request, RSAParameters accessTokenEncryptingPublicKey, TimeSpan? accessTokenLifetime = null, bool includeRefreshToken = true) {
-			Contract.Requires<ArgumentNullException>(request != null, "request");
-
-			var accessToken = new AccessToken(
-				this.AuthorizationServer.AccessTokenSigningPrivateKey,
-				accessTokenEncryptingPublicKey,
-				request.AuthorizationDescription,
-				accessTokenLifetime);
-
-			var response = new AccessTokenSuccessResponse(request) {
-				Scope = request.AuthorizationDescription.Scope,
-				AccessToken = accessToken.Encode(),
-				Lifetime = accessToken.Lifetime,
-			};
-
-			if (includeRefreshToken) {
-				var refreshToken = new RefreshToken(this.AuthorizationServer.Secret, request.AuthorizationDescription);
-				response.RefreshToken = refreshToken.Encode();
-			}
-
-			return response;
-		}
+		public IAuthorizationServer AuthorizationServer { get; private set; }
 
 		/// <summary>
 		/// Prepares an HTTP request that carries a given message.
diff --git a/src/DotNetOpenAuth/OAuthWrap/ChannelElements/WebAppVerificationCodeBindingElement.cs b/src/DotNetOpenAuth/OAuthWrap/ChannelElements/WebAppVerificationCodeBindingElement.cs
index b81a9ad..11f028a 100644
--- a/src/DotNetOpenAuth/OAuthWrap/ChannelElements/WebAppVerificationCodeBindingElement.cs
+++ b/src/DotNetOpenAuth/OAuthWrap/ChannelElements/WebAppVerificationCodeBindingElement.cs
@@ -81,8 +81,8 @@ namespace DotNetOpenAuth.OAuthWrap.ChannelElements {
 		public override MessageProtections? ProcessIncomingMessage(IProtocolMessage message) {
 			var request = message as WebAppAccessTokenRequest;
 			if (request != null) {
-				IAccessTokenRequest accessRequest = request;
-				((VerificationCode)accessRequest.AuthorizationDescription).VerifyCallback(request.Callback);
+				ITokenCarryingRequest tokenRequest = request;
+				((VerificationCode)tokenRequest.AuthorizationDescription).VerifyCallback(request.Callback);
 
 				return MessageProtections.None;
 			}
diff --git a/src/DotNetOpenAuth/OAuthWrap/Messages/RefreshAccessTokenRequest.cs b/src/DotNetOpenAuth/OAuthWrap/Messages/RefreshAccessTokenRequest.cs
index b318df7..ca8c6dc 100644
--- a/src/DotNetOpenAuth/OAuthWrap/Messages/RefreshAccessTokenRequest.cs
+++ b/src/DotNetOpenAuth/OAuthWrap/Messages/RefreshAccessTokenRequest.cs
@@ -14,7 +14,7 @@ namespace DotNetOpenAuth.OAuthWrap.Messages {
 	/// A request from the client to the token endpoint for a new access token
 	/// in exchange for a refresh token that the client has previously obtained.
 	/// </summary>
-	internal class RefreshAccessTokenRequest : MessageBase, IAccessTokenRequest, IOAuthDirectResponseFormat {
+	internal class RefreshAccessTokenRequest : MessageBase, IAccessTokenRequest, ITokenCarryingRequest, IOAuthDirectResponseFormat {
 		/// <summary>
 		/// The type of message.
 		/// </summary>
diff --git a/src/DotNetOpenAuth/OAuthWrap/Messages/WebServer/WebAppAccessTokenRequest.cs b/src/DotNetOpenAuth/OAuthWrap/Messages/WebServer/WebAppAccessTokenRequest.cs
index 78cd5e0..727b21f 100644
--- a/src/DotNetOpenAuth/OAuthWrap/Messages/WebServer/WebAppAccessTokenRequest.cs
+++ b/src/DotNetOpenAuth/OAuthWrap/Messages/WebServer/WebAppAccessTokenRequest.cs
@@ -19,7 +19,7 @@ namespace DotNetOpenAuth.OAuthWrap.Messages {
 	/// <remarks>
 	/// Used by the Web App (and Rich App?) profiles.
 	/// </remarks>
-	internal class WebAppAccessTokenRequest : MessageBase, IAccessTokenRequest, IOAuthDirectResponseFormat {
+	internal class WebAppAccessTokenRequest : MessageBase, IAccessTokenRequest, ITokenCarryingRequest, IOAuthDirectResponseFormat {
 		/// <summary>
 		/// The type of message.
 		/// </summary>
diff --git a/src/DotNetOpenAuth/OAuthWrap/WebAppAuthorizationServer.cs b/src/DotNetOpenAuth/OAuthWrap/WebAppAuthorizationServer.cs
index dff59c7..6fe36ef 100644
--- a/src/DotNetOpenAuth/OAuthWrap/WebAppAuthorizationServer.cs
+++ b/src/DotNetOpenAuth/OAuthWrap/WebAppAuthorizationServer.cs
@@ -71,7 +71,7 @@ namespace DotNetOpenAuth.OAuthWrap {
 			{
 				// This convenience method only encrypts access tokens assuming that this auth server
 				// doubles as the resource server.
-				response = PrepareAccessTokenResponse(request, this.AuthorizationServer.AccessTokenSigningPrivateKey);
+				response = this.PrepareAccessTokenResponse(request, this.AuthorizationServer.AccessTokenSigningPrivateKey);
 				return true;
 			}
 
@@ -79,6 +79,16 @@ namespace DotNetOpenAuth.OAuthWrap {
 			return false;
 		}
 
+		public IAccessTokenRequest ReadAccessTokenRequest(HttpRequestInfo requestInfo = null) {
+			if (requestInfo == null) {
+				requestInfo = this.Channel.GetRequestFromContext();
+			}
+
+			IAccessTokenRequest request;
+			this.Channel.TryReadFromRequest(requestInfo, out request);
+			return request;
+		}
+
 		internal WebAppFailedResponse PrepareRejectAuthorizationRequest(WebAppRequest authorizationRequest, Uri callback = null) {
 			Contract.Requires<ArgumentNullException>(authorizationRequest != null, "authorizationRequest");
 			Contract.Ensures(Contract.Result<WebAppFailedResponse>() != null);
@@ -104,23 +114,6 @@ namespace DotNetOpenAuth.OAuthWrap {
 			return response;
 		}
 
-		internal IAccessTokenRequest ReadAccessTokenRequest(HttpRequestInfo requestInfo = null) {
-			if (requestInfo == null) {
-				requestInfo = this.Channel.GetRequestFromContext();
-			}
-
-			IAccessTokenRequest request;
-			this.Channel.TryReadFromRequest(requestInfo, out request);
-			return request;
-		}
-
-		internal AccessTokenSuccessResponse PrepareAccessTokenResponse(IAccessTokenRequest request, RSAParameters resourceServerPublicKey) {
-			Contract.Requires<ArgumentNullException>(request != null, "request");
-			Contract.Ensures(Contract.Result<AccessTokenSuccessResponse>() != null);
-
-			return this.OAuthChannel.PrepareAccessToken(request, resourceServerPublicKey);
-		}
-
 		protected Uri GetCallback(WebAppRequest authorizationRequest) {
 			Contract.Requires<ArgumentNullException>(authorizationRequest != null, "authorizationRequest");
 			Contract.Ensures(Contract.Result<Uri>() != null);