7 files changed, 40 insertions, 12 deletions

diff --git a/samples/OAuth2ProtectedWebApi/Code/AuthorizationServerHost.cs b/samples/OAuth2ProtectedWebApi/Code/AuthorizationServerHost.cs
index eb7f3f3..843280b 100644
--- a/samples/OAuth2ProtectedWebApi/Code/AuthorizationServerHost.cs
+++ b/samples/OAuth2ProtectedWebApi/Code/AuthorizationServerHost.cs
@@ -85,7 +85,7 @@
 			// TODO: Consider adding a clients table in your database to track actual client accounts
 			//       with authenticating secrets.
 			// For now, just allow all clients regardless of ID, and consider them "Public" clients.
-			return new ClientDescription();
+			return new AnyCallbackClient();
 		}
 
 		/// <summary>
@@ -171,5 +171,11 @@
 				return new AutomatedAuthorizationCheckResponse(accessRequest, false);
 			}
 		}
+
+		private class AnyCallbackClient : ClientDescription {
+			public override bool IsCallbackAllowed(Uri callback) {
+				return true;
+			}
+		}
 	}
 }
\ No newline at end of file
diff --git a/samples/OAuthConsumerWpf/Authorize2.xaml.cs b/samples/OAuthConsumerWpf/Authorize2.xaml.cs
index f45af5c..829d323 100644
--- a/samples/OAuthConsumerWpf/Authorize2.xaml.cs
+++ b/samples/OAuthConsumerWpf/Authorize2.xaml.cs
@@ -31,6 +31,10 @@
 			get { return this.clientAuthorizationView.Authorization; }
 		}
 
+		public ClientAuthorizationView ClientAuthorizationView {
+			get { return this.clientAuthorizationView; }
+		}
+
 		private void clientAuthorizationView_Completed(object sender, ClientAuthorizationCompleteEventArgs e) {
 			this.DialogResult = e.Authorization != null;
 			this.Close();
diff --git a/samples/OAuthConsumerWpf/MainWindow.xaml b/samples/OAuthConsumerWpf/MainWindow.xaml
index 8bc1e6a..71f3810 100644
--- a/samples/OAuthConsumerWpf/MainWindow.xaml
+++ b/samples/OAuthConsumerWpf/MainWindow.xaml
@@ -152,7 +152,7 @@
                     <ComboBox.Items>
                         <ComboBoxItem>Authorization Code</ComboBoxItem>
                         <ComboBoxItem>Implicit Grant</ComboBoxItem>
-                        <ComboBoxItem>Resource Owner Password Credentials</ComboBoxItem>
+                        <!--<ComboBoxItem>Resource Owner Password Credentials</ComboBoxItem>-->
                     </ComboBox.Items>
                 </ComboBox>
                 <Label Grid.Row="3" TabIndex="207">Resource URL</Label>
diff --git a/samples/OAuthConsumerWpf/MainWindow.xaml.cs b/samples/OAuthConsumerWpf/MainWindow.xaml.cs
index 5d94920..efe7673 100644
--- a/samples/OAuthConsumerWpf/MainWindow.xaml.cs
+++ b/samples/OAuthConsumerWpf/MainWindow.xaml.cs
@@ -176,6 +176,7 @@
 				authorizePopup.Authorization.Scope.AddRange(OAuthUtilities.SplitScopes(this.oauth2ScopeBox.Text));
 				authorizePopup.Authorization.Callback = new Uri("http://www.microsoft.com/en-us/default.aspx");
 				authorizePopup.Owner = this;
+				authorizePopup.ClientAuthorizationView.RequestImplicitGrant = flowBox.SelectedIndex == 1;
 				bool? result = authorizePopup.ShowDialog();
 				if (result.HasValue && result.Value) {
 					var requestUri = new UriBuilder(this.oauth2ResourceUrlBox.Text);
diff --git a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ClientDescription.cs b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ClientDescription.cs
index 753148e..6d77f14 100644
--- a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ClientDescription.cs
+++ b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ClientDescription.cs
@@ -27,11 +27,13 @@ namespace DotNetOpenAuth.OAuth2 {
 		/// </summary>
 		/// <param name="secret">The secret.</param>
 		/// <param name="defaultCallback">The default callback.</param>
-		/// <param name="clientType">Type of the client.</param>
-		public ClientDescription(string secret, Uri defaultCallback = null, ClientType clientType = ClientType.Confidential) {
+		public ClientDescription(string secret, Uri defaultCallback) {
+			Requires.NotNullOrEmpty(secret, "secret");
+			Requires.NotNull(defaultCallback, "defaultCallback");
+
 			this.secret = secret;
 			this.DefaultCallback = defaultCallback;
-			this.ClientType = clientType;
+			this.ClientType = ClientType.Confidential;
 		}
 
 		/// <summary>
@@ -39,10 +41,17 @@ namespace DotNetOpenAuth.OAuth2 {
 		/// to represent a public client (one that does not have an authenticating secret.)
 		/// </summary>
 		/// <param name="defaultCallback">The default callback.</param>
-		/// <param name="clientType">Type of the client.</param>
-		public ClientDescription(Uri defaultCallback = null, ClientType clientType = ClientType.Public) {
+		public ClientDescription(Uri defaultCallback) {
+			Requires.NotNull(defaultCallback, "defaultCallback");
+
 			this.DefaultCallback = defaultCallback;
-			this.ClientType = clientType;
+			this.ClientType = ClientType.Public;
+		}
+
+		/// <summary>
+		/// Initializes a new instance of the <see cref="ClientDescription"/> class.
+		/// </summary>
+		protected ClientDescription() {
 		}
 
 		#region IClientDescription Members
@@ -54,12 +63,12 @@ namespace DotNetOpenAuth.OAuth2 {
 		/// <value>
 		/// An absolute URL; or <c>null</c> if none is registered.
 		/// </value>
-		public Uri DefaultCallback { get; private set; }
+		public Uri DefaultCallback { get; protected set; }
 
 		/// <summary>
 		/// Gets the type of the client.
 		/// </summary>
-		public ClientType ClientType { get; private set; }
+		public ClientType ClientType { get; protected set; }
 
 		/// <summary>
 		/// Gets a value indicating whether a non-empty secret is registered for this client.
diff --git a/src/DotNetOpenAuth.OAuth2.Client.UI/OAuth2/ClientAuthorizationView.cs b/src/DotNetOpenAuth.OAuth2.Client.UI/OAuth2/ClientAuthorizationView.cs
index 002202e..8f1c5f6 100644
--- a/src/DotNetOpenAuth.OAuth2.Client.UI/OAuth2/ClientAuthorizationView.cs
+++ b/src/DotNetOpenAuth.OAuth2.Client.UI/OAuth2/ClientAuthorizationView.cs
@@ -95,6 +95,14 @@ namespace DotNetOpenAuth.OAuth2 {
 		}
 
 		/// <summary>
+		/// Gets or sets a value indicating whether the implicit grant type should be used instead of the authorization code grant.
+		/// </summary>
+		/// <value>
+		/// <c>true</c> if [request implicit grant]; otherwise, <c>false</c>.
+		/// </value>
+		public bool RequestImplicitGrant { get; set; }
+
+		/// <summary>
 		/// Called when the authorization flow has been completed.
 		/// </summary>
 		protected virtual void OnCompleted() {
@@ -113,7 +121,7 @@ namespace DotNetOpenAuth.OAuth2 {
 		protected override async void OnLoad(EventArgs e) {
 			base.OnLoad(e);
 
-			Uri authorizationUrl = await this.Client.RequestUserAuthorizationAsync(this.Authorization);
+			Uri authorizationUrl = await this.Client.RequestUserAuthorizationAsync(this.Authorization, implicitResponseType: this.RequestImplicitGrant);
 			this.webBrowser1.Navigate(authorizationUrl.AbsoluteUri); // use AbsoluteUri to workaround bug in WebBrowser that calls Uri.ToString instead of Uri.AbsoluteUri leading to escaping errors.
 		}
 
diff --git a/src/DotNetOpenAuth.OAuth2.Client/OAuth2/ChannelElements/OAuth2ClientChannel.cs b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/ChannelElements/OAuth2ClientChannel.cs
index 62dc311..65f3e1d 100644
--- a/src/DotNetOpenAuth.OAuth2.Client/OAuth2/ChannelElements/OAuth2ClientChannel.cs
+++ b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/ChannelElements/OAuth2ClientChannel.cs
@@ -121,7 +121,7 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements {
 			// Typically the fragment is not available because the browser doesn't send it to a web server
 			// but this request may have been fabricated by an installed desktop app, in which case
 			// the fragment is available.
-			string fragment = request.GetPublicFacingUrl().Fragment;
+			string fragment = request.Url.Fragment;
 			if (!string.IsNullOrEmpty(fragment)) {
 				foreach (var pair in HttpUtility.ParseQueryString(fragment.Substring(1)).ToDictionary()) {
 					fields.Add(pair.Key, pair.Value);