4 files changed, 110 insertions, 2 deletions
diff --git a/samples/DotNetOpenAuth.ApplicationBlock/GoogleConsumer.cs b/samples/DotNetOpenAuth.ApplicationBlock/GoogleConsumer.cs
index 4bcca86..40cb36d 100644
--- a/samples/DotNetOpenAuth.ApplicationBlock/GoogleConsumer.cs
+++ b/samples/DotNetOpenAuth.ApplicationBlock/GoogleConsumer.cs
@@ -38,9 +38,21 @@ namespace DotNetOpenAuth.ApplicationBlock {
 		/// A mapping between Google's applications and their URI scope values.
 		/// </summary>
 		private static readonly Dictionary<Applications, string> DataScopeUris = new Dictionary<Applications, string> {
-			{ Applications.Contacts, "http://www.google.com/m8/feeds/" },
-			{ Applications.Calendar, "http://www.google.com/calendar/feeds/" },
+			{ Applications.Analytics, "https://www.google.com/analytics/feeds/" },
+			{ Applications.GoogleBase, "http://www.google.com/base/feeds/" },
 			{ Applications.Blogger, "http://www.blogger.com/feeds" },
+			{ Applications.BookSearch, "http://www.google.com/books/feeds/" },
+			{ Applications.Calendar, "http://www.google.com/calendar/feeds/" },
+			{ Applications.Contacts, "http://www.google.com/m8/feeds/" },
+			{ Applications.DocumentsList, "http://docs.google.com/feeds/" },
+			{ Applications.Finance, "http://finance.google.com/finance/feeds/" },
+			{ Applications.Gmail, "https://mail.google.com/mail/feed/atom" },
+			{ Applications.Health, "https://www.google.com/h9/feeds/" },
+			{ Applications.OpenSocial, "http://sandbox.gmodules.com/api/" },
+			{ Applications.PicasaWeb, "http://picasaweb.google.com/data/" },
+			{ Applications.Spreadsheets, "http://spreadsheets.google.com/feeds/" },
+			{ Applications.WebmasterTools, "http://www.google.com/webmasters/tools/feeds/" },
+			{ Applications.YouTube, "http://gdata.youtube.com" },
 		};
 
 		/// <summary>
@@ -67,6 +79,66 @@ namespace DotNetOpenAuth.ApplicationBlock {
 			/// Blog post authoring.
 			/// </summary>
 			Blogger = 0x4,
+
+			/// <summary>
+			/// Google Finance
+			/// </summary>
+			Finance = 0x8,
+
+			/// <summary>
+			/// Gmail
+			/// </summary>
+			Gmail = 0x10,
+
+			/// <summary>
+			/// Google Health
+			/// </summary>
+			Health = 0x20,
+
+			/// <summary>
+			/// OpenSocial
+			/// </summary>
+			OpenSocial = 0x40,
+
+			/// <summary>
+			/// Picasa Web
+			/// </summary>
+			PicasaWeb = 0x80,
+
+			/// <summary>
+			/// Google Spreadsheets
+			/// </summary>
+			Spreadsheets = 0x100,
+
+			/// <summary>
+			/// Webmaster Tools
+			/// </summary>
+			WebmasterTools = 0x200,
+
+			/// <summary>
+			/// YouTube
+			/// </summary>
+			YouTube = 0x400,
+
+			/// <summary>
+			/// Google Docs
+			/// </summary>
+			DocumentsList = 0x800,
+
+			/// <summary>
+			/// Google Book Search
+			/// </summary>
+			BookSearch = 0x1000,
+
+			/// <summary>
+			/// Google Base
+			/// </summary>
+			GoogleBase = 0x2000,
+
+			/// <summary>
+			/// Analytics
+			/// </summary>
+			Analytics = 0x4000,
 		}
 
 		/// <summary>
diff --git a/samples/OAuthServiceProvider/App_Code/DatabaseTokenManager.cs b/samples/OAuthServiceProvider/App_Code/DatabaseTokenManager.cs
index d922901..275a7c9 100644
--- a/samples/OAuthServiceProvider/App_Code/DatabaseTokenManager.cs
+++ b/samples/OAuthServiceProvider/App_Code/DatabaseTokenManager.cs
@@ -119,4 +119,18 @@ public class DatabaseTokenManager : IServiceProviderTokenManager {
 		tokenRow.State = TokenAuthorizationState.AuthorizedRequestToken;
 		tokenRow.User = user;
 	}
+
+	public OAuthConsumer GetConsumerForToken(string token) {
+		if (String.IsNullOrEmpty(token)) {
+			throw new ArgumentNullException("requestToken");
+		}
+
+		var tokenRow = Global.DataContext.OAuthTokens.SingleOrDefault(
+			tokenCandidate => tokenCandidate.Token == token);
+		if (tokenRow == null) {
+			throw new ArgumentException();
+		}
+
+		return tokenRow.OAuthConsumer;
+	}
 }
diff --git a/samples/OAuthServiceProvider/Members/Authorize.aspx b/samples/OAuthServiceProvider/Members/Authorize.aspx
index 0fd272c..69f9498 100644
--- a/samples/OAuthServiceProvider/Members/Authorize.aspx
+++ b/samples/OAuthServiceProvider/Members/Authorize.aspx
@@ -7,6 +7,7 @@
 			<div style="background-color: Yellow">
 				<b>Warning</b>: Never give your login credentials to another web site or application.
 			</div>
+			<asp:HiddenField runat="server" ID="OAuthAuthorizationSecToken" EnableViewState="false" />
 			<p>The client web site or application
 				<asp:Label ID="consumerLabel" Font-Bold="true" runat="server" Text="[consumer]" />
 				wants access to your
diff --git a/samples/OAuthServiceProvider/Members/Authorize.aspx.cs b/samples/OAuthServiceProvider/Members/Authorize.aspx.cs
index 76eec26..68dba5a 100644
--- a/samples/OAuthServiceProvider/Members/Authorize.aspx.cs
+++ b/samples/OAuthServiceProvider/Members/Authorize.aspx.cs
@@ -7,11 +7,19 @@ using System.Web.UI.WebControls;
 using DotNetOpenAuth;
 using DotNetOpenAuth.OAuth;
 using DotNetOpenAuth.OAuth.Messages;
+using System.Security.Cryptography;
 
 /// <summary>
 /// Conducts the user through a Consumer authorization process.
 /// </summary>
 public partial class Authorize : System.Web.UI.Page {
+	private static readonly RandomNumberGenerator CryptoRandomDataGenerator = new RNGCryptoServiceProvider();
+
+	private string AuthorizationSecret {
+		get { return Session["OAuthAuthorizationSecret"] as string; }
+		set { Session["OAuthAuthorizationSecret"] = value; }
+	}
+
 	protected void Page_Load(object sender, EventArgs e) {
 		if (!IsPostBack) {
 			if (Global.PendingOAuthAuthorization == null) {
@@ -20,11 +28,24 @@ public partial class Authorize : System.Web.UI.Page {
 				ITokenContainingMessage pendingToken = Global.PendingOAuthAuthorization;
 				var token = Global.DataContext.OAuthTokens.Single(t => t.Token == pendingToken.Token);
 				desiredAccessLabel.Text = token.Scope;
+				consumerLabel.Text = Global.TokenManager.GetConsumerForToken(token.Token).ConsumerKey;
+
+				// Generate an unpredictable secret that goes to the user agent and must come back
+				// with authorization to guarantee the user interacted with this page rather than
+				// being scripted by an evil Consumer.
+				byte[] randomData = new byte[8];
+				CryptoRandomDataGenerator.GetBytes(randomData);
+				this.AuthorizationSecret = Convert.ToBase64String(randomData);
+				OAuthAuthorizationSecToken.Value = this.AuthorizationSecret;
 			}
 		}
 	}
 
 	protected void allowAccessButton_Click(object sender, EventArgs e) {
+		if (this.AuthorizationSecret != OAuthAuthorizationSecToken.Value) {
+			throw new ArgumentException(); // probably someone trying to hack in.
+		}
+		this.AuthorizationSecret = null; // clear one time use secret
 		var pending = Global.PendingOAuthAuthorization;
 		Global.AuthorizePendingRequestToken();
 		multiView.ActiveViewIndex = 1;