2 files changed, 19 insertions, 17 deletions

diff --git a/samples/OAuthAuthorizationServer/Controllers/AccountController.cs b/samples/OAuthAuthorizationServer/Controllers/AccountController.cs
index d69a3b5..336f9bd 100644
--- a/samples/OAuthAuthorizationServer/Controllers/AccountController.cs
+++ b/samples/OAuthAuthorizationServer/Controllers/AccountController.cs
@@ -1,13 +1,12 @@
 namespace OAuthAuthorizationServer.Controllers {
 	using System;
 	using System.Linq;
+	using System.Threading.Tasks;
 	using System.Web.Mvc;
 	using System.Web.Security;
-
 	using DotNetOpenAuth.Messaging;
 	using DotNetOpenAuth.OpenId;
 	using DotNetOpenAuth.OpenId.RelyingParty;
-
 	using OAuthAuthorizationServer.Code;
 	using OAuthAuthorizationServer.Models;
 
@@ -21,16 +20,17 @@
 		}
 
 		[HttpPost]
-		public ActionResult LogOn(LogOnModel model, string returnUrl) {
+		public async Task<ActionResult> LogOn(LogOnModel model, string returnUrl) {
 			if (ModelState.IsValid) {
 				var rp = new OpenIdRelyingParty();
-				var request = rp.CreateRequest(model.UserSuppliedIdentifier, Realm.AutoDetect, new Uri(Request.Url, Url.Action("Authenticate")));
+				var request = await rp.CreateRequestAsync(model.UserSuppliedIdentifier, Realm.AutoDetect, new Uri(Request.Url, Url.Action("Authenticate")), Response.ClientDisconnectedToken);
 				if (request != null) {
 					if (returnUrl != null) {
 						request.AddCallbackArguments("returnUrl", returnUrl);
 					}
 
-					return request.RedirectingResponse.AsActionResult();
+					var response = await request.GetRedirectingResponseAsync(Response.ClientDisconnectedToken);
+					return response.AsActionResult();
 				} else {
 					ModelState.AddModelError(string.Empty, "The identifier you supplied is not recognized as a valid OpenID Identifier.");
 				}
@@ -40,9 +40,9 @@
 			return View(model);
 		}
 
-		public ActionResult Authenticate(string returnUrl) {
+		public async Task<ActionResult> Authenticate(string returnUrl) {
 			var rp = new OpenIdRelyingParty();
-			var response = rp.GetResponse();
+			var response = await rp.GetResponseAsync(Request, Response.ClientDisconnectedToken);
 			if (response != null) {
 				switch (response.Status) {
 					case AuthenticationStatus.Authenticated:
diff --git a/samples/OAuthAuthorizationServer/Controllers/OAuthController.cs b/samples/OAuthAuthorizationServer/Controllers/OAuthController.cs
index 4c3e4d4..3ab4096 100644
--- a/samples/OAuthAuthorizationServer/Controllers/OAuthController.cs
+++ b/samples/OAuthAuthorizationServer/Controllers/OAuthController.cs
@@ -4,12 +4,11 @@
 	using System.Linq;

 	using System.Net;

 	using System.Security.Cryptography;

+	using System.Threading.Tasks;

 	using System.Web;

 	using System.Web.Mvc;

-

 	using DotNetOpenAuth.Messaging;

 	using DotNetOpenAuth.OAuth2;

-

 	using OAuthAuthorizationServer.Code;

 	using OAuthAuthorizationServer.Models;

 

@@ -20,8 +19,9 @@
 		/// The OAuth 2.0 token endpoint.

 		/// </summary>

 		/// <returns>The response to the Client.</returns>

-		public ActionResult Token() {

-			return this.authorizationServer.HandleTokenRequest(this.Request).AsActionResult();

+		public async Task<ActionResult> Token() {

+			var request = await this.authorizationServer.HandleTokenRequestAsync(this.Request, this.Response.ClientDisconnectedToken);

+			return request.AsActionResult();

 		}

 

 		/// <summary>

@@ -30,8 +30,8 @@
 		/// <returns>The browser HTML response that prompts the user to authorize the client.</returns>

 		[Authorize, AcceptVerbs(HttpVerbs.Get | HttpVerbs.Post)]

 		[HttpHeader("x-frame-options", "SAMEORIGIN")] // mitigates clickjacking

-		public ActionResult Authorize() {

-			var pendingRequest = this.authorizationServer.ReadAuthorizationRequest();

+		public async Task<ActionResult> Authorize() {

+			var pendingRequest = await this.authorizationServer.ReadAuthorizationRequestAsync(Request, Response.ClientDisconnectedToken);

 			if (pendingRequest == null) {

 				throw new HttpException((int)HttpStatusCode.BadRequest, "Missing authorization request.");

 			}

@@ -41,7 +41,8 @@
 			// Consider auto-approving if safe to do so.

 			if (((OAuth2AuthorizationServer)this.authorizationServer.AuthorizationServerServices).CanBeAutoApproved(pendingRequest)) {

 				var approval = this.authorizationServer.PrepareApproveAuthorizationRequest(pendingRequest, HttpContext.User.Identity.Name);

-				return this.authorizationServer.Channel.PrepareResponse(approval).AsActionResult();

+				var response = await this.authorizationServer.Channel.PrepareResponseAsync(approval, Response.ClientDisconnectedToken);

+				return response.AsActionResult();

 			}

 

 			var model = new AccountAuthorizeModel {

@@ -59,8 +60,8 @@
 		/// <param name="isApproved">if set to <c>true</c>, the user has authorized the Client; <c>false</c> otherwise.</param>

 		/// <returns>HTML response that redirects the browser to the Client.</returns>

 		[Authorize, HttpPost, ValidateAntiForgeryToken]

-		public ActionResult AuthorizeResponse(bool isApproved) {

-			var pendingRequest = this.authorizationServer.ReadAuthorizationRequest();

+		public async Task<ActionResult> AuthorizeResponse(bool isApproved) {

+			var pendingRequest = await this.authorizationServer.ReadAuthorizationRequestAsync(Request, Response.ClientDisconnectedToken);

 			if (pendingRequest == null) {

 				throw new HttpException((int)HttpStatusCode.BadRequest, "Missing authorization request.");

 			}

@@ -86,7 +87,8 @@
 				response = this.authorizationServer.PrepareRejectAuthorizationRequest(pendingRequest);

 			}

 

-			return this.authorizationServer.Channel.PrepareResponse(response).AsActionResult();

+			var preparedResponse = await this.authorizationServer.Channel.PrepareResponseAsync(response, Response.ClientDisconnectedToken);

+			return preparedResponse.AsActionResult();

 		}

 	}

 }