summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--samples/OAuthConsumerWpf/MainWindow.xaml.cs2
-rw-r--r--src/DotNetOpenAuth/OAuth2/AuthorizationServer.cs9
-rw-r--r--src/DotNetOpenAuth/OAuth2/ChannelElements/AccessRequestBindingElement.cs4
-rw-r--r--src/DotNetOpenAuth/OAuth2/Protocol.cs5
4 files changed, 17 insertions, 3 deletions
diff --git a/samples/OAuthConsumerWpf/MainWindow.xaml.cs b/samples/OAuthConsumerWpf/MainWindow.xaml.cs
index eacee60..3c55eeb 100644
--- a/samples/OAuthConsumerWpf/MainWindow.xaml.cs
+++ b/samples/OAuthConsumerWpf/MainWindow.xaml.cs
@@ -61,7 +61,7 @@
AuthorizationEndpoint = new Uri("http://localhost:50172/OAuth/Authorize"),
TokenEndpoint = new Uri("http://localhost:50172/OAuth/Token"),
};
- this.wcf = new UserAgentClient(authServer, "sampleImplicitConsumer");
+ this.wcf = new UserAgentClient(authServer, "sampleconsumer", "samplesecret");
}
private void beginAuthorizationButton_Click(object sender, RoutedEventArgs e) {
diff --git a/src/DotNetOpenAuth/OAuth2/AuthorizationServer.cs b/src/DotNetOpenAuth/OAuth2/AuthorizationServer.cs
index da46b0a..ad40fa5 100644
--- a/src/DotNetOpenAuth/OAuth2/AuthorizationServer.cs
+++ b/src/DotNetOpenAuth/OAuth2/AuthorizationServer.cs
@@ -62,7 +62,14 @@ namespace DotNetOpenAuth.OAuth2 {
}
EndUserAuthorizationRequest message;
- this.Channel.TryReadFromRequest(request, out message);
+ if (this.Channel.TryReadFromRequest(request, out message)) {
+ if (message.ResponseType == EndUserAuthorizationResponseType.AuthorizationCode) {
+ // Clients with no secrets can only request implicit grant types.
+ var client = this.AuthorizationServerServices.GetClientOrThrow(message.ClientIdentifier);
+ ErrorUtilities.VerifyProtocol(!String.IsNullOrEmpty(client.Secret), Protocol.unauthorized_client);
+ }
+ }
+
return message;
}
diff --git a/src/DotNetOpenAuth/OAuth2/ChannelElements/AccessRequestBindingElement.cs b/src/DotNetOpenAuth/OAuth2/ChannelElements/AccessRequestBindingElement.cs
index b7775b6..b86f5dd 100644
--- a/src/DotNetOpenAuth/OAuth2/ChannelElements/AccessRequestBindingElement.cs
+++ b/src/DotNetOpenAuth/OAuth2/ChannelElements/AccessRequestBindingElement.cs
@@ -135,7 +135,9 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements {
// Check that the client secret is correct.
var client = this.AuthorizationServer.GetClientOrThrow(accessRequest.ClientIdentifier);
- ErrorUtilities.VerifyProtocol(MessagingUtilities.EqualsConstantTime(client.Secret, accessRequest.ClientSecret), Protocol.incorrect_client_credentials);
+ string secret = client.Secret;
+ ErrorUtilities.VerifyProtocol(!String.IsNullOrEmpty(secret), Protocol.unauthorized_client); // an empty secret is not allowed for client authenticated calls.
+ ErrorUtilities.VerifyProtocol(MessagingUtilities.EqualsConstantTime(secret, accessRequest.ClientSecret), Protocol.incorrect_client_credentials);
var scopedAccessRequest = accessRequest as ScopedAccessTokenRequest;
if (scopedAccessRequest != null) {
diff --git a/src/DotNetOpenAuth/OAuth2/Protocol.cs b/src/DotNetOpenAuth/OAuth2/Protocol.cs
index 2b50439..3cb8253 100644
--- a/src/DotNetOpenAuth/OAuth2/Protocol.cs
+++ b/src/DotNetOpenAuth/OAuth2/Protocol.cs
@@ -70,6 +70,11 @@ namespace DotNetOpenAuth.OAuth2 {
internal const string incorrect_client_credentials = "incorrect_client_credentials";
/// <summary>
+ /// The "unauthorized_client" string.
+ /// </summary>
+ internal const string unauthorized_client = "unauthorized_client";
+
+ /// <summary>
/// The "authorization_expired" string.
/// </summary>
internal const string authorization_expired = "authorization_expired";