diff options
3 files changed, 34 insertions, 25 deletions
diff --git a/src/DotNetOpenAuth/OAuth2/AuthorizationServer.cs b/src/DotNetOpenAuth/OAuth2/AuthorizationServer.cs index bae752c..da46b0a 100644 --- a/src/DotNetOpenAuth/OAuth2/AuthorizationServer.cs +++ b/src/DotNetOpenAuth/OAuth2/AuthorizationServer.cs @@ -214,25 +214,12 @@ namespace DotNetOpenAuth.OAuth2 { Contract.Requires<ArgumentNullException>(request != null); var tokenRequest = (IAuthorizationCarryingRequest)request; - TimeSpan accessTokenLifetime = this.AuthorizationServerServices.GetAccessTokenLifetime(request); - using (var resourceServerEncryptionKey = this.AuthorizationServerServices.GetResourceServerEncryptionKey(request)) { - var accessToken = new AccessToken(tokenRequest.AuthorizationDescription, accessTokenLifetime); - var accessTokenFormatter = AccessToken.CreateFormatter(this.AuthorizationServerServices.AccessTokenSigningKey, resourceServerEncryptionKey); - - var response = new AccessTokenSuccessResponse(request) { - AccessToken = accessTokenFormatter.Serialize(accessToken), - Lifetime = accessToken.Lifetime, - }; - response.Scope.ResetContents(tokenRequest.AuthorizationDescription.Scope); - - if (includeRefreshToken) { - var refreshToken = new RefreshToken(tokenRequest.AuthorizationDescription); - var refreshTokenFormatter = RefreshToken.CreateFormatter(this.AuthorizationServerServices.CryptoKeyStore); - response.RefreshToken = refreshTokenFormatter.Serialize(refreshToken); - } - - return response; - } + var response = new AccessTokenSuccessResponse(request) { + Lifetime = this.AuthorizationServerServices.GetAccessTokenLifetime(request), + HasRefreshToken = includeRefreshToken, + }; + response.Scope.ResetContents(tokenRequest.AuthorizationDescription.Scope); + return response; } /// <summary> diff --git a/src/DotNetOpenAuth/OAuth2/ChannelElements/AccessTokenBindingElement.cs b/src/DotNetOpenAuth/OAuth2/ChannelElements/AccessTokenBindingElement.cs index 64e2433..3a709b6 100644 --- a/src/DotNetOpenAuth/OAuth2/ChannelElements/AccessTokenBindingElement.cs +++ b/src/DotNetOpenAuth/OAuth2/ChannelElements/AccessTokenBindingElement.cs @@ -43,16 +43,33 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { /// Null if this binding element did not even apply to this binding element. /// </returns> public override MessageProtections? ProcessOutgoingMessage(IProtocolMessage message) { - var response = message as EndUserAuthorizationSuccessAccessTokenResponse; - if (response != null) { - var directResponse = (IDirectResponseProtocolMessage)response; - var request = (IAccessTokenRequest)directResponse.OriginatingRequest; - IAuthorizationCarryingRequest tokenCarryingResponse = response; - tokenCarryingResponse.AuthorizationDescription = new AccessToken(request.ClientIdentifier, response.Scope, response.AuthorizingUsername, response.Lifetime); + var directResponse = message as IDirectResponseProtocolMessage; + IAccessTokenRequest request = directResponse != null ? directResponse.OriginatingRequest as IAccessTokenRequest : null; + + var implicitGrantResponse = message as EndUserAuthorizationSuccessAccessTokenResponse; + if (implicitGrantResponse != null) { + IAuthorizationCarryingRequest tokenCarryingResponse = implicitGrantResponse; + tokenCarryingResponse.AuthorizationDescription = new AccessToken(request.ClientIdentifier, implicitGrantResponse.Scope, implicitGrantResponse.AuthorizingUsername, implicitGrantResponse.Lifetime); return MessageProtections.None; } + var accessTokenResponse = message as AccessTokenSuccessResponse; + if (accessTokenResponse != null) { + var authCarryingRequest = (IAuthorizationCarryingRequest)request; + var accessToken = new AccessToken(authCarryingRequest.AuthorizationDescription, accessTokenResponse.Lifetime); + using (var resourceServerEncryptionKey = this.AuthorizationServer.GetResourceServerEncryptionKey(request)) { + var accessTokenFormatter = AccessToken.CreateFormatter(this.AuthorizationServer.AccessTokenSigningKey, resourceServerEncryptionKey); + accessTokenResponse.AccessToken = accessTokenFormatter.Serialize(accessToken); + } + + if (accessTokenResponse.HasRefreshToken) { + var refreshToken = new RefreshToken(authCarryingRequest.AuthorizationDescription); + var refreshTokenFormatter = RefreshToken.CreateFormatter(this.AuthorizationServer.CryptoKeyStore); + accessTokenResponse.RefreshToken = refreshTokenFormatter.Serialize(refreshToken); + } + } + return null; } diff --git a/src/DotNetOpenAuth/OAuth2/Messages/AccessTokenSuccessResponse.cs b/src/DotNetOpenAuth/OAuth2/Messages/AccessTokenSuccessResponse.cs index b7d8dea..5682bf7 100644 --- a/src/DotNetOpenAuth/OAuth2/Messages/AccessTokenSuccessResponse.cs +++ b/src/DotNetOpenAuth/OAuth2/Messages/AccessTokenSuccessResponse.cs @@ -90,5 +90,10 @@ namespace DotNetOpenAuth.OAuth2.Messages { /// <value>The scope of the access request expressed as a list of space-delimited strings. The value of the scope parameter is defined by the authorization server. If the value contains multiple space-delimited strings, their order does not matter, and each string adds an additional access range to the requested scope.</value> [MessagePart(Protocol.scope, IsRequired = false, Encoder = typeof(ScopeEncoder))] public HashSet<string> Scope { get; private set; } + + /// <summary> + /// Gets or sets a value indicating whether a refresh token is or should be included in the response. + /// </summary> + internal bool HasRefreshToken { get; set; } } } |