summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--projecttemplates/RelyingPartyLogic/OAuthAuthorizationServer.cs6
-rw-r--r--samples/OAuthAuthorizationServer/Code/OAuth2AuthorizationServer.cs2
-rw-r--r--src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs5
-rw-r--r--src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/IAuthorizationServerHost.cs13
-rw-r--r--src/DotNetOpenAuth.Test/OAuth2/OAuth2TestBase.cs3
5 files changed, 23 insertions, 6 deletions
diff --git a/projecttemplates/RelyingPartyLogic/OAuthAuthorizationServer.cs b/projecttemplates/RelyingPartyLogic/OAuthAuthorizationServer.cs
index 0e4721f..66b90e0 100644
--- a/projecttemplates/RelyingPartyLogic/OAuthAuthorizationServer.cs
+++ b/projecttemplates/RelyingPartyLogic/OAuthAuthorizationServer.cs
@@ -123,11 +123,15 @@ namespace RelyingPartyLogic {
/// The access request the credentials came with.
/// This may be useful if the authorization server wishes to apply some policy based on the client that is making the request.
/// </param>
+ /// <param name="canonicalUserName">
+ /// Receives the canonical username (normalized for the resource server) of the user, for valid credentials;
+ /// Or <c>null</c> if the return value is false.
+ /// </param>
/// <returns>
/// <c>true</c> if the given credentials are valid; otherwise, <c>false</c>.
/// </returns>
/// <exception cref="NotSupportedException">May be thrown if the authorization server does not support the resource owner password credential grant type.</exception>
- public bool IsResourceOwnerCredentialValid(string userName, string password, IAccessTokenRequest accessRequest) {
+ public bool IsResourceOwnerCredentialValid(string userName, string password, IAccessTokenRequest accessRequest, out string canonicalUserName) {
// This web site delegates user authentication to OpenID Providers, and as such no users have local passwords with this server.
throw new NotSupportedException();
}
diff --git a/samples/OAuthAuthorizationServer/Code/OAuth2AuthorizationServer.cs b/samples/OAuthAuthorizationServer/Code/OAuth2AuthorizationServer.cs
index f377dc7..0ea702d 100644
--- a/samples/OAuthAuthorizationServer/Code/OAuth2AuthorizationServer.cs
+++ b/samples/OAuthAuthorizationServer/Code/OAuth2AuthorizationServer.cs
@@ -77,7 +77,7 @@
return this.IsAuthorizationValid(authorization.Scope, authorization.ClientIdentifier, authorization.UtcIssued, authorization.User);
}
- public bool IsResourceOwnerCredentialValid(string userName, string password, IAccessTokenRequest accessRequest) {
+ public bool IsResourceOwnerCredentialValid(string userName, string password, IAccessTokenRequest accessRequest, out string canonicalUserName) {
// This web site delegates user authentication to OpenID Providers, and as such no users have local passwords with this server.
throw new NotSupportedException();
}
diff --git a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs
index 10d1463..7361fb9 100644
--- a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs
+++ b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs
@@ -95,8 +95,11 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements {
var resourceOwnerPasswordCarrier = message as AccessTokenResourceOwnerPasswordCredentialsRequest;
if (resourceOwnerPasswordCarrier != null) {
try {
- if (this.AuthorizationServer.IsResourceOwnerCredentialValid(resourceOwnerPasswordCarrier.UserName, resourceOwnerPasswordCarrier.Password, resourceOwnerPasswordCarrier)) {
+ string canonicalUserName;
+ if (this.AuthorizationServer.IsResourceOwnerCredentialValid(resourceOwnerPasswordCarrier.UserName, resourceOwnerPasswordCarrier.Password, resourceOwnerPasswordCarrier, out canonicalUserName)) {
+ ErrorUtilities.VerifyHost(!string.IsNullOrEmpty(canonicalUserName), "IsResourceOwnerCredentialValid did not initialize out parameter.");
resourceOwnerPasswordCarrier.CredentialsValidated = true;
+ resourceOwnerPasswordCarrier.UserName = canonicalUserName;
} else {
Logger.OAuth.ErrorFormat(
"Resource owner password credential for user \"{0}\" rejected by authorization server host.",
diff --git a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/IAuthorizationServerHost.cs b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/IAuthorizationServerHost.cs
index 70165c0..c31ec81 100644
--- a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/IAuthorizationServerHost.cs
+++ b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/IAuthorizationServerHost.cs
@@ -88,11 +88,15 @@ namespace DotNetOpenAuth.OAuth2 {
/// The access request the credentials came with.
/// This may be useful if the authorization server wishes to apply some policy based on the client that is making the request.
/// </param>
+ /// <param name="canonicalUserName">
+ /// Receives the canonical username (normalized for the resource server) of the user, for valid credentials;
+ /// Or <c>null</c> if the return value is false.
+ /// </param>
/// <returns>
/// <c>true</c> if the given credentials are valid; otherwise, <c>false</c>.
/// </returns>
/// <exception cref="NotSupportedException">May be thrown if the authorization server does not support the resource owner password credential grant type.</exception>
- bool IsResourceOwnerCredentialValid(string userName, string password, IAccessTokenRequest accessRequest);
+ bool IsResourceOwnerCredentialValid(string userName, string password, IAccessTokenRequest accessRequest, out string canonicalUserName);
}
/// <summary>
@@ -175,14 +179,19 @@ namespace DotNetOpenAuth.OAuth2 {
/// The access request the credentials came with.
/// This may be useful if the authorization server wishes to apply some policy based on the client that is making the request.
/// </param>
+ /// <param name="canonicalUserName">
+ /// Receives the canonical username (normalized for the resource server) of the user, for valid credentials;
+ /// Or <c>null</c> if the return value is false.
+ /// </param>
/// <returns>
/// <c>true</c> if the given credentials are valid; otherwise, <c>false</c>.
/// </returns>
/// <exception cref="NotSupportedException">May be thrown if the authorization server does not support the resource owner password credential grant type.</exception>
- bool IAuthorizationServerHost.IsResourceOwnerCredentialValid(string userName, string password, IAccessTokenRequest accessRequest) {
+ bool IAuthorizationServerHost.IsResourceOwnerCredentialValid(string userName, string password, IAccessTokenRequest accessRequest, out string canonicalUserName) {
Contract.Requires(!string.IsNullOrEmpty(userName));
Contract.Requires(password != null);
Contract.Requires(accessRequest != null);
+ Contract.Ensures(!Contract.Result<bool>() || !string.IsNullOrEmpty(Contract.ValueAtReturn<string>(out canonicalUserName)));
throw new NotImplementedException();
}
diff --git a/src/DotNetOpenAuth.Test/OAuth2/OAuth2TestBase.cs b/src/DotNetOpenAuth.Test/OAuth2/OAuth2TestBase.cs
index 8f2ddec..e6fd81e 100644
--- a/src/DotNetOpenAuth.Test/OAuth2/OAuth2TestBase.cs
+++ b/src/DotNetOpenAuth.Test/OAuth2/OAuth2TestBase.cs
@@ -53,7 +53,8 @@ namespace DotNetOpenAuth.Test.OAuth2 {
d =>
d.ClientIdentifier == ClientId && d.User == ResourceOwnerUsername &&
MessagingUtilities.AreEquivalent(d.Scope, TestScopes)))).Returns(true);
- authHostMock.Setup(m => m.IsResourceOwnerCredentialValid(ResourceOwnerUsername, ResourceOwnerPassword, It.IsAny<IAccessTokenRequest>())).Returns(true);
+ string canonicalUserName = ResourceOwnerUsername;
+ authHostMock.Setup(m => m.IsResourceOwnerCredentialValid(ResourceOwnerUsername, ResourceOwnerPassword, It.IsAny<IAccessTokenRequest>(), out canonicalUserName)).Returns(true);
authHostMock.Setup(m => m.GetAccessTokenParameters(It.IsAny<IAccessTokenRequest>())).Returns(new AccessTokenParameters());
return authHostMock;
}
generated by cgit v1.1 at 2025-06-03 17:30:40 +0000