diff options
Diffstat (limited to 'samples/OAuthAuthorizationServer')
4 files changed, 11 insertions, 1 deletions
diff --git a/samples/OAuthAuthorizationServer/Code/DatabaseKeyNonceStore.cs b/samples/OAuthAuthorizationServer/Code/DatabaseKeyNonceStore.cs index 765696e..0a1d8af 100644 --- a/samples/OAuthAuthorizationServer/Code/DatabaseKeyNonceStore.cs +++ b/samples/OAuthAuthorizationServer/Code/DatabaseKeyNonceStore.cs @@ -67,6 +67,7 @@ public IEnumerable<KeyValuePair<string, CryptoKey>> GetKeys(string bucket) { return from key in MvcApplication.DataContext.SymmetricCryptoKeys + where key.Bucket == bucket orderby key.ExpiresUtc descending select new KeyValuePair<string, CryptoKey>(key.Handle, new CryptoKey(key.Secret, key.ExpiresUtc.AsUtc())); } diff --git a/samples/OAuthAuthorizationServer/Code/OAuth2AuthorizationServer.cs b/samples/OAuthAuthorizationServer/Code/OAuth2AuthorizationServer.cs index 90f99f8..e2e4325 100644 --- a/samples/OAuthAuthorizationServer/Code/OAuth2AuthorizationServer.cs +++ b/samples/OAuthAuthorizationServer/Code/OAuth2AuthorizationServer.cs @@ -108,6 +108,10 @@ } private bool IsAuthorizationValid(HashSet<string> requestedScopes, string clientIdentifier, DateTime issuedUtc, string username) { + // If db precision exceeds token time precision (which is common), the following query would + // often disregard a token that is minted immediately after the authorization record is stored in the db. + // To compensate for this, we'll increase the timestamp on the token's issue date by 1 second. + issuedUtc += TimeSpan.FromSeconds(1); var grantedScopeStrings = from auth in MvcApplication.DataContext.ClientAuthorizations where auth.Client.ClientIdentifier == clientIdentifier && diff --git a/samples/OAuthAuthorizationServer/Controllers/HomeController.cs b/samples/OAuthAuthorizationServer/Controllers/HomeController.cs index 1887576..1311caa 100644 --- a/samples/OAuthAuthorizationServer/Controllers/HomeController.cs +++ b/samples/OAuthAuthorizationServer/Controllers/HomeController.cs @@ -4,7 +4,7 @@ using System.IO; using System.Linq; using System.Web.Mvc; - + using System.Web.Security; using OAuthAuthorizationServer.Code; [HandleError] @@ -39,6 +39,10 @@ }); dc.SubmitChanges(); + + // Force the user to log out because a new database warrants a new row in the users table, which we create + // when the user logs in. + FormsAuthentication.SignOut(); ViewData["Success"] = true; } catch (SqlException ex) { ViewData["Error"] = string.Join("<br>", ex.Errors.OfType<SqlError>().Select(er => er.Message).ToArray()); diff --git a/samples/OAuthAuthorizationServer/Controllers/OAuthController.cs b/samples/OAuthAuthorizationServer/Controllers/OAuthController.cs index 11e7b11..fb836a6 100644 --- a/samples/OAuthAuthorizationServer/Controllers/OAuthController.cs +++ b/samples/OAuthAuthorizationServer/Controllers/OAuthController.cs @@ -113,6 +113,7 @@ User = MvcApplication.LoggedInUser,
CreatedOnUtc = DateTime.UtcNow,
});
+ MvcApplication.DataContext.SubmitChanges(); // submit now so that this new row can be retrieved later in this same HTTP request
// In this simple sample, the user either agrees to the entire scope requested by the client or none of it.
// But in a real app, you could grant a reduced scope of access to the client by passing a scope parameter to this method.
|