summaryrefslogtreecommitdiffstats
path: root/src/DotNetOAuth/ChannelElements
diff options
context:
space:
mode:
Diffstat (limited to 'src/DotNetOAuth/ChannelElements')
-rw-r--r--src/DotNetOAuth/ChannelElements/ITokenGenerator.cs32
-rw-r--r--src/DotNetOAuth/ChannelElements/ITokenManager.cs42
-rw-r--r--src/DotNetOAuth/ChannelElements/SigningBindingElementBase.cs10
-rw-r--r--src/DotNetOAuth/ChannelElements/StandardTokenGenerator.cs45
4 files changed, 99 insertions, 30 deletions
diff --git a/src/DotNetOAuth/ChannelElements/ITokenGenerator.cs b/src/DotNetOAuth/ChannelElements/ITokenGenerator.cs
index 45bc5b2..b9d690f 100644
--- a/src/DotNetOAuth/ChannelElements/ITokenGenerator.cs
+++ b/src/DotNetOAuth/ChannelElements/ITokenGenerator.cs
@@ -5,14 +5,36 @@
//-----------------------------------------------------------------------
namespace DotNetOAuth.ChannelElements {
- using System;
- using System.Collections.Generic;
- using System.Linq;
- using System.Text;
-
+ /// <summary>
+ /// An interface allowing OAuth hosts to inject their own algorithm for generating tokens and secrets.
+ /// </summary>
internal interface ITokenGenerator {
+ /// <summary>
+ /// Generates a new token to represent a not-yet-authorized request to access protected resources.
+ /// </summary>
+ /// <param name="consumerKey">The consumer that requested this token.</param>
+ /// <returns>The newly generated token.</returns>
+ /// <remarks>
+ /// This method should not store the newly generated token in any persistent store.
+ /// This will be done in <see cref="ITokenManager.StoreNewRequestToken"/>.
+ /// </remarks>
string GenerateRequestToken(string consumerKey);
+
+ /// <summary>
+ /// Generates a new token to represent an authorized request to access protected resources.
+ /// </summary>
+ /// <param name="consumerKey">The consumer that requested this token.</param>
+ /// <returns>The newly generated token.</returns>
+ /// <remarks>
+ /// This method should not store the newly generated token in any persistent store.
+ /// This will be done in <see cref="ITokenManager.ExpireRequestTokenAndStoreNewAccessToken"/>.
+ /// </remarks>
string GenerateAccessToken(string consumerKey);
+
+ /// <summary>
+ /// Returns a cryptographically strong random string for use as a token secret.
+ /// </summary>
+ /// <returns>The generated string.</returns>
string GenerateSecret();
}
}
diff --git a/src/DotNetOAuth/ChannelElements/ITokenManager.cs b/src/DotNetOAuth/ChannelElements/ITokenManager.cs
index ee3124a..9aa9299 100644
--- a/src/DotNetOAuth/ChannelElements/ITokenManager.cs
+++ b/src/DotNetOAuth/ChannelElements/ITokenManager.cs
@@ -10,28 +10,46 @@ namespace DotNetOAuth.ChannelElements {
using System.Linq;
using System.Text;
+ /// <summary>
+ /// An interface OAuth hosts must implement for persistent storage and recall of tokens and secrets.
+ /// </summary>
public interface ITokenManager {
+ /// <summary>
+ /// Gets the Consumer Secret given a Consumer Key.
+ /// </summary>
+ /// <param name="consumerKey">The Consumer Key.</param>
+ /// <returns>The Consumer Secret.</returns>
string GetConsumerSecret(string consumerKey);
+
+ /// <summary>
+ /// Gets the Token Secret given a request or access token.
+ /// </summary>
+ /// <param name="token">The request or access token.</param>
+ /// <returns>The secret associated with the given token.</returns>
string GetTokenSecret(string token);
/// <summary>
- ///
+ /// Stores a newly generated unauthorized request token, secret, and optional
+ /// application-specific parameters for later recall.
/// </summary>
- /// <param name="consumerKey"></param>
- /// <param name="requestToken"></param>
- /// <param name="requestTokenSecret"></param>
- /// <param name="parameters"></param>
- /// <returns>True if there was no conflict with an existing token. False if a new token should be generated.</returns>
+ /// <param name="consumerKey">The key of the Consumer that requested this token.</param>
+ /// <param name="requestToken">The token to store.</param>
+ /// <param name="requestTokenSecret">The secret to store as associated with the request token.</param>
+ /// <param name="parameters">The optional application-specific parameters of this request.</param>
void StoreNewRequestToken(string consumerKey, string requestToken, string requestTokenSecret, IDictionary<string, string> parameters);
/// <summary>
- ///
+ /// Deletes a request token and its associated secret and stores a new access token and secret.
/// </summary>
- /// <param name="consumerKey"></param>
- /// <param name="requestToken"></param>
- /// <param name="accessToken"></param>
- /// <param name="accessTokenSecret"></param>
- /// <returns>True if there was no conflict with an existing token. False if a new token should be generated.</returns>
+ /// <param name="consumerKey">The Consumer that is exchanging its request token for an access token.</param>
+ /// <param name="requestToken">The Consumer's request token that should be deleted/expired.</param>
+ /// <param name="accessToken">The new access token that is being issued to the Consumer.</param>
+ /// <param name="accessTokenSecret">The secret associated with the newly issued access token.</param>
+ /// <remarks>
+ /// Any scope of granted privileges associated with the request token from the
+ /// original call to <see cref="StoreNewRequestToken"/> should be carried over
+ /// to the new Access Token.
+ /// </remarks>
void ExpireRequestTokenAndStoreNewAccessToken(string consumerKey, string requestToken, string accessToken, string accessTokenSecret);
}
}
diff --git a/src/DotNetOAuth/ChannelElements/SigningBindingElementBase.cs b/src/DotNetOAuth/ChannelElements/SigningBindingElementBase.cs
index 43d1e8b..a1e5feb 100644
--- a/src/DotNetOAuth/ChannelElements/SigningBindingElementBase.cs
+++ b/src/DotNetOAuth/ChannelElements/SigningBindingElementBase.cs
@@ -17,17 +17,17 @@ namespace DotNetOAuth.ChannelElements {
/// </summary>
internal abstract class SigningBindingElementBase : IChannelBindingElement {
/// <summary>
- /// The signature method this binding element uses.
- /// </summary>
- private string signatureMethod;
-
- /// <summary>
/// The delegate that will initialize the non-serialized properties necessary on a signed
/// message so that its signature can be correctly calculated for verification.
/// </summary>
private readonly Action<ITamperResistantOAuthMessage> incomingMessageSignatureVerificationCallback;
/// <summary>
+ /// The signature method this binding element uses.
+ /// </summary>
+ private string signatureMethod;
+
+ /// <summary>
/// Initializes a new instance of the <see cref="SigningBindingElementBase"/> class.
/// </summary>
/// <param name="signatureMethod">The OAuth signature method that the binding element uses.</param>
diff --git a/src/DotNetOAuth/ChannelElements/StandardTokenGenerator.cs b/src/DotNetOAuth/ChannelElements/StandardTokenGenerator.cs
index b54da20..fb2590a 100644
--- a/src/DotNetOAuth/ChannelElements/StandardTokenGenerator.cs
+++ b/src/DotNetOAuth/ChannelElements/StandardTokenGenerator.cs
@@ -6,33 +6,62 @@
namespace DotNetOAuth.ChannelElements {
using System;
- using System.Collections.Generic;
- using System.Linq;
- using System.Text;
using System.Security.Cryptography;
+ /// <summary>
+ /// A cryptographically strong random string generator for tokens and secrets.
+ /// </summary>
internal class StandardTokenGenerator : ITokenGenerator {
- RandomNumberGenerator cryptoProvider = new RNGCryptoServiceProvider();
+ /// <summary>
+ /// The cryptographically strong random string generator for tokens and secrets.
+ /// </summary>
+ private RandomNumberGenerator cryptoProvider = new RNGCryptoServiceProvider();
#region ITokenGenerator Members
+ /// <summary>
+ /// Generates a new token to represent a not-yet-authorized request to access protected resources.
+ /// </summary>
+ /// <param name="consumerKey">The consumer that requested this token.</param>
+ /// <returns>The newly generated token.</returns>
+ /// <remarks>
+ /// This method should not store the newly generated token in any persistent store.
+ /// This will be done in <see cref="ITokenManager.StoreNewRequestToken"/>.
+ /// </remarks>
public string GenerateRequestToken(string consumerKey) {
- return GenerateCryptographicallyStrongString();
+ return this.GenerateCryptographicallyStrongString();
}
+ /// <summary>
+ /// Generates a new token to represent an authorized request to access protected resources.
+ /// </summary>
+ /// <param name="consumerKey">The consumer that requested this token.</param>
+ /// <returns>The newly generated token.</returns>
+ /// <remarks>
+ /// This method should not store the newly generated token in any persistent store.
+ /// This will be done in <see cref="ITokenManager.ExpireRequestTokenAndStoreNewAccessToken"/>.
+ /// </remarks>
public string GenerateAccessToken(string consumerKey) {
- return GenerateCryptographicallyStrongString();
+ return this.GenerateCryptographicallyStrongString();
}
+ /// <summary>
+ /// Returns a cryptographically strong random string for use as a token secret.
+ /// </summary>
+ /// <returns>The generated string.</returns>
public string GenerateSecret() {
- return GenerateCryptographicallyStrongString();
+ return this.GenerateCryptographicallyStrongString();
}
#endregion
+ /// <summary>
+ /// Returns a new random string.
+ /// </summary>
+ /// <returns>The new random string.</returns>
private string GenerateCryptographicallyStrongString() {
byte[] buffer = new byte[20];
- cryptoProvider.GetBytes(buffer);
+ this.cryptoProvider.GetBytes(buffer);
return Convert.ToBase64String(buffer);
}
}
generated by cgit v1.1 at 2025-05-29 14:18:10 +0000