1 files changed, 21 insertions, 8 deletions

diff --git a/projecttemplates/RelyingPartyLogic/Model.Client.cs b/projecttemplates/RelyingPartyLogic/Model.Client.cs
index a2d895e..2b06958 100644
--- a/projecttemplates/RelyingPartyLogic/Model.Client.cs
+++ b/projecttemplates/RelyingPartyLogic/Model.Client.cs
@@ -7,20 +7,13 @@
 namespace RelyingPartyLogic {
 	using System;
 	using System.Collections.Generic;
-
+	using DotNetOpenAuth.Messaging;
 	using DotNetOpenAuth.OAuth2;
 
 	public partial class Client : IClientDescription {
 		#region IConsumerDescription Members
 
 		/// <summary>
-		/// Gets the client secret.
-		/// </summary>
-		string IClientDescription.Secret {
-			get { return this.ClientSecret; }
-		}
-
-		/// <summary>
 		/// Gets the callback to use when an individual authorization request
 		/// does not include an explicit callback URI.
 		/// </summary>
@@ -39,6 +32,26 @@ namespace RelyingPartyLogic {
 		}
 
 		/// <summary>
+		/// Gets a value indicating whether a non-empty secret is registered for this client.
+		/// </summary>
+		bool IClientDescription.HasNonEmptySecret {
+			get { return !string.IsNullOrEmpty(this.ClientSecret); }
+		}
+
+		/// <summary>
+		/// Checks whether the specified client secret is correct.
+		/// </summary>
+		/// <param name="secret">The secret obtained from the client.</param>
+		/// <returns><c>true</c> if the secret matches the one in the authorization server's record for the client; <c>false</c> otherwise.</returns>
+		/// <remarks>
+		/// All string equality checks, whether checking secrets or their hashes,
+		/// should be done using <see cref="MessagingUtilities.EqualsConstantTime"/> to mitigate timing attacks.
+		/// </remarks>
+		bool IClientDescription.IsValidClientSecret(string secret) {
+			return MessagingUtilities.EqualsConstantTime(secret, this.ClientSecret);
+		}
+
+		/// <summary>
 		/// Determines whether a callback URI included in a client's authorization request
 		/// is among those allowed callbacks for the registered client.
 		/// </summary>