diff options
3 files changed, 20 insertions, 10 deletions
diff --git a/samples/OAuthServiceProvider/Code/OAuth2AuthorizationServer.cs b/samples/OAuthServiceProvider/Code/OAuth2AuthorizationServer.cs index 15d791e..70474f2 100644 --- a/samples/OAuthServiceProvider/Code/OAuth2AuthorizationServer.cs +++ b/samples/OAuthServiceProvider/Code/OAuth2AuthorizationServer.cs @@ -1,16 +1,26 @@ -using DotNetOpenAuth.Messaging.Bindings; -using DotNetOpenAuth.OAuth.ChannelElements; - -namespace OAuthServiceProvider.Code { +namespace OAuthServiceProvider.Code { using System; using System.Collections.Generic; using System.Linq; + using System.Security.Cryptography; using System.Web; + using DotNetOpenAuth.Messaging; + using DotNetOpenAuth.Messaging.Bindings; + using DotNetOpenAuth.OAuth.ChannelElements; using DotNetOpenAuth.OAuthWrap; internal class OAuth2AuthorizationServer : IAuthorizationServer { - private static readonly byte[] secret = new byte[] { 0x33, 0x55 }; // TODO: make this cryptographically strong and unique per app. + private static readonly byte[] secret; + private readonly INonceStore nonceStore = new DatabaseNonceStore(); + + static OAuth2AuthorizationServer() + { + RandomNumberGenerator crypto = new RNGCryptoServiceProvider(); + secret = new byte[16]; + crypto.GetBytes(secret); + } + #region Implementation of IAuthorizationServer public byte[] Secret { diff --git a/samples/OAuthServiceProvider/Members/Authorize2.aspx.cs b/samples/OAuthServiceProvider/Members/Authorize2.aspx.cs index 0bf2fcc..9e33573 100644 --- a/samples/OAuthServiceProvider/Members/Authorize2.aspx.cs +++ b/samples/OAuthServiceProvider/Members/Authorize2.aspx.cs @@ -43,7 +43,7 @@ this.AuthorizationSecret = null; // clear one time use secret this.multiView.SetActiveView(this.AuthGranted); - Global.AuthorizationServer.ApproveAuthorizationRequest(Global.PendingOAuth2Authorization); + Global.AuthorizationServer.ApproveAuthorizationRequest(Global.PendingOAuth2Authorization, User.Identity.Name); } protected void denyAccessButton_Click(object sender, EventArgs e) { diff --git a/src/DotNetOpenAuth/OAuthWrap/ChannelElements/VerificationCode.cs b/src/DotNetOpenAuth/OAuthWrap/ChannelElements/VerificationCode.cs index e99a685..cc7f764 100644 --- a/src/DotNetOpenAuth/OAuthWrap/ChannelElements/VerificationCode.cs +++ b/src/DotNetOpenAuth/OAuthWrap/ChannelElements/VerificationCode.cs @@ -74,10 +74,10 @@ namespace DotNetOpenAuth.OAuthWrap.ChannelElements { // Encrypt the authorizing username so as to not expose unintended private user data // to the client or any eavesdropping third party. if (this.User != null) { - // TODO: code here + this.User = MessagingUtilities.Encrypt(this.User, this.Channel.AuthorizationServer.Secret); } - this.Signature = CalculateSignature(); + this.Signature = this.CalculateSignature(); } /// <summary> @@ -90,7 +90,7 @@ namespace DotNetOpenAuth.OAuthWrap.ChannelElements { // Decrypt the authorizing username. if (this.User != null) { - // TODO: code here + this.User = MessagingUtilities.Decrypt(this.User, this.Channel.AuthorizationServer.Secret); } } @@ -100,7 +100,7 @@ namespace DotNetOpenAuth.OAuthWrap.ChannelElements { Contract.Ensures(Contract.Result<VerificationCode>() != null); // Construct a new instance of this type. - VerificationCode self = new VerificationCode(channel); + var self = new VerificationCode(channel); var fields = channel.MessageDescriptions.GetAccessor(self); // Deserialize into this newly created instance. |