1 files changed, 32 insertions, 37 deletions

diff --git a/projecttemplates/MvcRelyingParty/Controllers/AccountController.cs b/projecttemplates/MvcRelyingParty/Controllers/AccountController.cs
index a322f7d..864a38e 100644
--- a/projecttemplates/MvcRelyingParty/Controllers/AccountController.cs
+++ b/projecttemplates/MvcRelyingParty/Controllers/AccountController.cs
@@ -50,13 +50,21 @@
 
 		[Authorize]
 		public ActionResult Authorize() {
-			if (OAuthServiceProvider.PendingAuthorizationRequest == null) {
+			var pendingRequest = OAuthServiceProvider.AuthorizationServer.ReadAuthorizationRequest();
+			if (pendingRequest == null) {
 				return RedirectToAction("Edit");
 			}
 
+			var requestingClient = Database.DataContext.Clients.First(c => c.ClientIdentifier == pendingRequest.ClientIdentifier);
+
+			// Consider auto-approving if safe to do so.
+			if (((OAuthAuthorizationServer)OAuthServiceProvider.AuthorizationServer.AuthorizationServer).CanBeAutoApproved(pendingRequest)) {
+				OAuthServiceProvider.AuthorizationServer.ApproveAuthorizationRequest(pendingRequest, HttpContext.User.Identity.Name);
+			}
+
 			var model = new AccountAuthorizeModel {
-				ConsumerApp = OAuthServiceProvider.PendingAuthorizationConsumer.Name,
-				IsUnsafeRequest = OAuthServiceProvider.PendingAuthorizationRequest.IsUnsafeRequest,
+				ClientApp = requestingClient.Name,
+				Scope = pendingRequest.Scope,
 			};
 
 			return View(model);
@@ -64,43 +72,30 @@
 
 		[Authorize, AcceptVerbs(HttpVerbs.Post), ValidateAntiForgeryToken]
 		public ActionResult Authorize(bool isApproved) {
+			var getRequest = new HttpRequestInfo("GET", this.Request.Url, this.Request.RawUrl, new WebHeaderCollection(), null);
+			var pendingRequest = OAuthServiceProvider.AuthorizationServer.ReadAuthorizationRequest(getRequest);
+			var requestingClient = Database.DataContext.Clients.First(c => c.ClientIdentifier == pendingRequest.ClientIdentifier);
+
+			IDirectedProtocolMessage response;
 			if (isApproved) {
-				var consumer = OAuthServiceProvider.PendingAuthorizationConsumer;
-				var tokenManager = OAuthServiceProvider.ServiceProvider.TokenManager;
-				var pendingRequest = OAuthServiceProvider.PendingAuthorizationRequest;
-				ITokenContainingMessage requestTokenMessage = pendingRequest;
-				var requestToken = tokenManager.GetRequestToken(requestTokenMessage.Token);
-
-				var response = OAuthServiceProvider.AuthorizePendingRequestTokenAsWebResponse();
-				if (response != null) {
-					// The consumer provided a callback URL that can take care of everything else.
-					return response.AsActionResult();
-				}
-
-				var model = new AccountAuthorizeModel {
-					ConsumerApp = consumer.Name,
-				};
-
-				if (!pendingRequest.IsUnsafeRequest) {
-					model.VerificationCode = ServiceProvider.CreateVerificationCode(consumer.VerificationCodeFormat, consumer.VerificationCodeLength);
-					requestToken.VerificationCode = model.VerificationCode;
-					tokenManager.UpdateToken(requestToken);
-				}
-
-				return View("AuthorizeApproved", model);
+				Database.LoggedInUser.ClientAuthorizations.Add(
+					new ClientAuthorization() {
+						Client = requestingClient,
+						Scope = string.Join(" ", pendingRequest.Scope.ToArray()),
+						User = Database.LoggedInUser,
+						CreatedOnUtc = DateTime.UtcNow.CutToSecond(),
+					});
+				response = OAuthServiceProvider.AuthorizationServer.PrepareApproveAuthorizationRequest(pendingRequest, HttpContext.User.Identity.Name);
 			} else {
-				OAuthServiceProvider.PendingAuthorizationRequest = null;
-				return View("AuthorizeDenied");
+				response = OAuthServiceProvider.AuthorizationServer.PrepareRejectAuthorizationRequest(pendingRequest);
 			}
+
+			return OAuthServiceProvider.AuthorizationServer.Channel.PrepareResponse(response).AsActionResult();
 		}
 
 		[Authorize, AcceptVerbs(HttpVerbs.Delete)] // ValidateAntiForgeryToken would be GREAT here, but it's not a FORM POST operation so that doesn't work.
-		public ActionResult RevokeToken(string token) {
-			if (String.IsNullOrEmpty(token)) {
-				throw new ArgumentNullException("token");
-			}
-
-			var tokenEntity = Database.DataContext.IssuedTokens.OfType<IssuedAccessToken>().Where(t => t.User.UserId == Database.LoggedInUser.UserId && t.Token == token).FirstOrDefault();
+		public ActionResult RevokeAuthorization(int authorizationId) {
+			var tokenEntity = Database.DataContext.ClientAuthorizations.Where(auth => auth.User.UserId == Database.LoggedInUser.UserId && auth.AuthorizationId == authorizationId).FirstOrDefault();
 			if (tokenEntity == null) {
 				throw new ArgumentOutOfRangeException("id", "The logged in user does not have a token with this name to revoke.");
 			}
@@ -112,9 +107,9 @@
 		}
 
 		private static AccountInfoModel GetAccountInfoModel() {
-			var authorizedApps = from token in Database.DataContext.IssuedTokens.OfType<IssuedAccessToken>()
-								 where token.User.UserId == Database.LoggedInUser.UserId
-								 select new AccountInfoModel.AuthorizedApp { AppName = token.Consumer.Name, Token = token.Token };
+			var authorizedApps = from auth in Database.DataContext.ClientAuthorizations
+								 where auth.User.UserId == Database.LoggedInUser.UserId
+								 select new AccountInfoModel.AuthorizedApp { AppName = auth.Client.Name, AuthorizationId = auth.AuthorizationId, Scope = auth.Scope };
 			Database.LoggedInUser.AuthenticationTokens.Load();
 			var model = new AccountInfoModel {
 				FirstName = Database.LoggedInUser.FirstName,