summaryrefslogtreecommitdiffstats
path: root/samples/ServiceProvider/App_Code/OAuthAuthorizationManager.cs
diff options
context:
space:
mode:
Diffstat (limited to 'samples/ServiceProvider/App_Code/OAuthAuthorizationManager.cs')
-rw-r--r--samples/ServiceProvider/App_Code/OAuthAuthorizationManager.cs8
1 files changed, 6 insertions, 2 deletions
diff --git a/samples/ServiceProvider/App_Code/OAuthAuthorizationManager.cs b/samples/ServiceProvider/App_Code/OAuthAuthorizationManager.cs
index 2b4e06b..4c461e8 100644
--- a/samples/ServiceProvider/App_Code/OAuthAuthorizationManager.cs
+++ b/samples/ServiceProvider/App_Code/OAuthAuthorizationManager.cs
@@ -22,8 +22,12 @@ public class OAuthAuthorizationManager : ServiceAuthorizationManager {
var auth = sp.GetProtectedResourceAuthorization(httpDetails, requestUri);
if (auth != null) {
var accessToken = Global.DataContext.OAuthTokens.Single(token => token.Token == auth.AccessToken);
- operationContext.IncomingMessageProperties["OAuthAccessToken"] = accessToken;
- return true;
+ // Only allow this method call if the access token scope permits it.
+ string[] scopes = accessToken.Scope.Split('|');
+ if (scopes.Contains(operationContext.IncomingMessageHeaders.Action)) {
+ operationContext.IncomingMessageProperties["OAuthAccessToken"] = accessToken;
+ return true;
+ }
}
return false;
generated by cgit v1.1 at 2025-05-18 08:54:31 +0000