diff options
Diffstat (limited to 'src/DotNetOpenAuth.OAuth2.Client')
8 files changed, 983 insertions, 0 deletions
diff --git a/src/DotNetOpenAuth.OAuth2.Client/DotNetOpenAuth.OAuth2.Client.csproj b/src/DotNetOpenAuth.OAuth2.Client/DotNetOpenAuth.OAuth2.Client.csproj new file mode 100644 index 0000000..4cc5a0d --- /dev/null +++ b/src/DotNetOpenAuth.OAuth2.Client/DotNetOpenAuth.OAuth2.Client.csproj @@ -0,0 +1,54 @@ +<?xml version="1.0" encoding="utf-8"?> +<Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> + <Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildProjectDirectory), EnlistmentInfo.props))\EnlistmentInfo.props" Condition=" '$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildProjectDirectory), EnlistmentInfo.props))' != '' " /> + <PropertyGroup> + <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration> + <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform> + </PropertyGroup> + <Import Project="$(ProjectRoot)tools\DotNetOpenAuth.props" /> + <PropertyGroup> + <SchemaVersion>2.0</SchemaVersion> + <ProjectGuid>{CDEDD439-7F35-4E6E-8605-4E70BDC4CC99}</ProjectGuid> + <AppDesignerFolder>Properties</AppDesignerFolder> + <AssemblyName>DotNetOpenAuth.OAuth2.Client</AssemblyName> + </PropertyGroup> + <Import Project="$(ProjectRoot)tools\DotNetOpenAuth.Product.props" /> + <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' "> + </PropertyGroup> + <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' "> + </PropertyGroup> + <ItemGroup> + <Compile Include="OAuth2\ClientAuthorizationView.cs"> + <SubType>UserControl</SubType> + </Compile> + <Compile Include="OAuth2\ClientAuthorizationView.Designer.cs"> + <DependentUpon>ClientAuthorizationView.cs</DependentUpon> + </Compile> + <Compile Include="OAuth2\UserAgentClient.cs" /> + <Compile Include="Properties\AssemblyInfo.cs" /> + <Compile Include="OAuth2\ClientBase.cs" /> + <Compile Include="OAuth2\WebServerClient.cs" /> + </ItemGroup> + <ItemGroup> + <ProjectReference Include="..\DotNetOpenAuth.Messaging\DotNetOpenAuth.Messaging.csproj"> + <Project>{60426312-6AE5-4835-8667-37EDEA670222}</Project> + <Name>DotNetOpenAuth.Messaging</Name> + </ProjectReference> + <ProjectReference Include="..\DotNetOpenAuth.OAuth2\DotNetOpenAuth.OAuth2.csproj"> + <Project>{56459A6C-6BA2-4BAC-A9C0-27E3BD961FA6}</Project> + <Name>DotNetOpenAuth.OAuth2</Name> + </ProjectReference> + <ProjectReference Include="..\DotNetOpenAuth.OAuth\DotNetOpenAuth.OAuth.csproj"> + <Project>{A288FCC8-6FCF-46DA-A45E-5F9281556361}</Project> + <Name>DotNetOpenAuth.OAuth</Name> + </ProjectReference> + </ItemGroup> + <ItemGroup> + <EmbeddedResource Include="OAuth2\ClientAuthorizationView.resx"> + <DependentUpon>ClientAuthorizationView.cs</DependentUpon> + </EmbeddedResource> + </ItemGroup> + <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" /> + <Import Project="$(ProjectRoot)tools\DotNetOpenAuth.targets" /> + <Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildProjectDirectory), EnlistmentInfo.targets))\EnlistmentInfo.targets" Condition=" '$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildProjectDirectory), EnlistmentInfo.targets))' != '' " /> +</Project>
\ No newline at end of file diff --git a/src/DotNetOpenAuth.OAuth2.Client/OAuth2/ClientAuthorizationView.Designer.cs b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/ClientAuthorizationView.Designer.cs new file mode 100644 index 0000000..c05a4b8 --- /dev/null +++ b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/ClientAuthorizationView.Designer.cs @@ -0,0 +1,56 @@ +namespace DotNetOpenAuth.OAuth2 { + partial class ClientAuthorizationView { + /// <summary> + /// Required designer variable. + /// </summary> + private System.ComponentModel.IContainer components = null; + + /// <summary> + /// Clean up any resources being used. + /// </summary> + /// <param name="disposing">true if managed resources should be disposed; otherwise, false.</param> + protected override void Dispose(bool disposing) { + if (disposing && (components != null)) { + components.Dispose(); + } + base.Dispose(disposing); + } + + #region Component Designer generated code + + /// <summary> + /// Required method for Designer support - do not modify + /// the contents of this method with the code editor. + /// </summary> + private void InitializeComponent() { + this.webBrowser1 = new System.Windows.Forms.WebBrowser(); + this.SuspendLayout(); + // + // webBrowser1 + // + this.webBrowser1.AllowWebBrowserDrop = false; + this.webBrowser1.Dock = System.Windows.Forms.DockStyle.Fill; + this.webBrowser1.IsWebBrowserContextMenuEnabled = false; + this.webBrowser1.Location = new System.Drawing.Point(0, 0); + this.webBrowser1.Name = "webBrowser1"; + this.webBrowser1.Size = new System.Drawing.Size(150, 150); + this.webBrowser1.TabIndex = 0; + this.webBrowser1.Navigated += new System.Windows.Forms.WebBrowserNavigatedEventHandler(this.WebBrowser1_Navigated); + this.webBrowser1.Navigating += new System.Windows.Forms.WebBrowserNavigatingEventHandler(this.WebBrowser1_Navigating); + this.webBrowser1.LocationChanged += new System.EventHandler(this.WebBrowser1_LocationChanged); + // + // ClientAuthorizationView + // + this.AutoScaleDimensions = new System.Drawing.SizeF(8F, 16F); + this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font; + this.Controls.Add(this.webBrowser1); + this.Name = "ClientAuthorizationView"; + this.ResumeLayout(false); + + } + + #endregion + + private System.Windows.Forms.WebBrowser webBrowser1; + } +} diff --git a/src/DotNetOpenAuth.OAuth2.Client/OAuth2/ClientAuthorizationView.cs b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/ClientAuthorizationView.cs new file mode 100644 index 0000000..ffa217b --- /dev/null +++ b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/ClientAuthorizationView.cs @@ -0,0 +1,192 @@ +//----------------------------------------------------------------------- +// <copyright file="ClientAuthorizationView.cs" company="Andrew Arnott"> +// Copyright (c) Andrew Arnott. All rights reserved. +// </copyright> +//----------------------------------------------------------------------- + +namespace DotNetOpenAuth.OAuth2 { + using System; + using System.Collections.Generic; + using System.ComponentModel; + using System.Data; + using System.Diagnostics.Contracts; + using System.Drawing; + using System.Linq; + using System.Text; + using System.Windows.Forms; + using DotNetOpenAuth.Messaging; + + /// <summary> + /// A WinForms control that hosts a mini-browser for hosting by native applications to + /// allow the user to authorize the client without leaving the application. + /// </summary> + public partial class ClientAuthorizationView : UserControl { + /// <summary> + /// Initializes a new instance of the <see cref="ClientAuthorizationView"/> class. + /// </summary> + public ClientAuthorizationView() { + this.InitializeComponent(); + + this.Authorization = new AuthorizationState(); + } + + /// <summary> + /// Occurs when the authorization flow has completed. + /// </summary> + public event EventHandler<ClientAuthorizationCompleteEventArgs> Completed; + + /// <summary> + /// Gets the authorization tracking object. + /// </summary> + public IAuthorizationState Authorization { get; private set; } + + /// <summary> + /// Gets or sets the client used to coordinate the authorization flow. + /// </summary> + public UserAgentClient Client { get; set; } + + /// <summary> + /// Gets the set of scopes that describe the requested level of access. + /// </summary> + public HashSet<string> Scope { + get { return this.Authorization.Scope; } + } + + /// <summary> + /// Gets or sets the callback URL used to indicate the flow has completed. + /// </summary> + public Uri Callback { + get { return this.Authorization.Callback; } + set { this.Authorization.Callback = value; } + } + + /// <summary> + /// Gets a value indicating whether the authorization flow has been completed. + /// </summary> + public bool IsCompleted { + get { return this.Authorization == null || this.Authorization.AccessToken != null; } + } + + /// <summary> + /// Gets a value indicating whether authorization has been granted. + /// </summary> + /// <value>Null if <see cref="IsCompleted"/> is <c>false</c></value> + public bool? IsGranted { + get { + if (this.Authorization == null) { + return false; + } + + return this.Authorization.AccessToken != null ? (bool?)true : null; + } + } + + /// <summary> + /// Gets a value indicating whether authorization has been rejected. + /// </summary> + /// <value>Null if <see cref="IsCompleted"/> is <c>false</c></value> + public bool? IsRejected { + get { + bool? granted = this.IsGranted; + return granted.HasValue ? (bool?)(!granted.Value) : null; + } + } + + /// <summary> + /// Called when the authorization flow has been completed. + /// </summary> + protected virtual void OnCompleted() { + var completed = this.Completed; + if (completed != null) { + completed(this, new ClientAuthorizationCompleteEventArgs(this.Authorization)); + } + } + + /// <summary> + /// Raises the <see cref="E:System.Windows.Forms.UserControl.Load"/> event. + /// </summary> + /// <param name="e">An <see cref="T:System.EventArgs"/> that contains the event data.</param> + protected override void OnLoad(EventArgs e) { + base.OnLoad(e); + + Uri authorizationUrl = this.Client.RequestUserAuthorization(this.Authorization); + this.webBrowser1.Navigate(authorizationUrl.AbsoluteUri); // use AbsoluteUri to workaround bug in WebBrowser that calls Uri.ToString instead of Uri.AbsoluteUri leading to escaping errors. + } + + /// <summary> + /// Tests whether two URLs are equal for purposes of detecting the conclusion of authorization. + /// </summary> + /// <param name="location1">The first location.</param> + /// <param name="location2">The second location.</param> + /// <param name="components">The components to compare.</param> + /// <returns><c>true</c> if the given components are equal.</returns> + private static bool SignificantlyEqual(Uri location1, Uri location2, UriComponents components) { + string value1 = location1.GetComponents(components, UriFormat.Unescaped); + string value2 = location2.GetComponents(components, UriFormat.Unescaped); + return string.Equals(value1, value2, StringComparison.Ordinal); + } + + /// <summary> + /// Handles the Navigating event of the webBrowser1 control. + /// </summary> + /// <param name="sender">The source of the event.</param> + /// <param name="e">The <see cref="System.Windows.Forms.WebBrowserNavigatingEventArgs"/> instance containing the event data.</param> + private void WebBrowser1_Navigating(object sender, WebBrowserNavigatingEventArgs e) { + this.ProcessLocationChanged(e.Url); + } + + /// <summary> + /// Processes changes in the URL the browser has navigated to. + /// </summary> + /// <param name="location">The location.</param> + private void ProcessLocationChanged(Uri location) { + if (SignificantlyEqual(location, this.Authorization.Callback, UriComponents.SchemeAndServer | UriComponents.Path)) { + try { + this.Client.ProcessUserAuthorization(location, this.Authorization); + } catch (ProtocolException ex) { + MessageBox.Show(ex.ToStringDescriptive()); + } finally { + this.OnCompleted(); + } + } + } + + /// <summary> + /// Handles the Navigated event of the webBrowser1 control. + /// </summary> + /// <param name="sender">The source of the event.</param> + /// <param name="e">The <see cref="System.Windows.Forms.WebBrowserNavigatedEventArgs"/> instance containing the event data.</param> + private void WebBrowser1_Navigated(object sender, WebBrowserNavigatedEventArgs e) { + this.ProcessLocationChanged(e.Url); + } + + /// <summary> + /// Handles the LocationChanged event of the webBrowser1 control. + /// </summary> + /// <param name="sender">The source of the event.</param> + /// <param name="e">The <see cref="System.EventArgs"/> instance containing the event data.</param> + private void WebBrowser1_LocationChanged(object sender, EventArgs e) { + this.ProcessLocationChanged(this.webBrowser1.Url); + } + + /// <summary> + /// Describes the results of a completed authorization flow. + /// </summary> + public class ClientAuthorizationCompleteEventArgs : EventArgs { + /// <summary> + /// Initializes a new instance of the <see cref="ClientAuthorizationCompleteEventArgs"/> class. + /// </summary> + /// <param name="authorization">The authorization.</param> + public ClientAuthorizationCompleteEventArgs(IAuthorizationState authorization) { + Contract.Requires<ArgumentNullException>(authorization != null); + this.Authorization = authorization; + } + + /// <summary> + /// Gets the authorization tracking object. + /// </summary> + /// <value>Null if authorization was rejected by the user.</value> + public IAuthorizationState Authorization { get; private set; } + } + } +} diff --git a/src/DotNetOpenAuth.OAuth2.Client/OAuth2/ClientAuthorizationView.resx b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/ClientAuthorizationView.resx new file mode 100644 index 0000000..7080a7d --- /dev/null +++ b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/ClientAuthorizationView.resx @@ -0,0 +1,120 @@ +<?xml version="1.0" encoding="utf-8"?> +<root> + <!-- + Microsoft ResX Schema + + Version 2.0 + + The primary goals of this format is to allow a simple XML format + that is mostly human readable. The generation and parsing of the + various data types are done through the TypeConverter classes + associated with the data types. + + Example: + + ... ado.net/XML headers & schema ... + <resheader name="resmimetype">text/microsoft-resx</resheader> + <resheader name="version">2.0</resheader> + <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader> + <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader> + <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data> + <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data> + <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64"> + <value>[base64 mime encoded serialized .NET Framework object]</value> + </data> + <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64"> + <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value> + <comment>This is a comment</comment> + </data> + + There are any number of "resheader" rows that contain simple + name/value pairs. + + Each data row contains a name, and value. The row also contains a + type or mimetype. Type corresponds to a .NET class that support + text/value conversion through the TypeConverter architecture. + Classes that don't support this are serialized and stored with the + mimetype set. + + The mimetype is used for serialized objects, and tells the + ResXResourceReader how to depersist the object. This is currently not + extensible. For a given mimetype the value must be set accordingly: + + Note - application/x-microsoft.net.object.binary.base64 is the format + that the ResXResourceWriter will generate, however the reader can + read any of the formats listed below. + + mimetype: application/x-microsoft.net.object.binary.base64 + value : The object must be serialized with + : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter + : and then encoded with base64 encoding. + + mimetype: application/x-microsoft.net.object.soap.base64 + value : The object must be serialized with + : System.Runtime.Serialization.Formatters.Soap.SoapFormatter + : and then encoded with base64 encoding. + + mimetype: application/x-microsoft.net.object.bytearray.base64 + value : The object must be serialized into a byte array + : using a System.ComponentModel.TypeConverter + : and then encoded with base64 encoding. + --> + <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata"> + <xsd:import namespace="http://www.w3.org/XML/1998/namespace" /> + <xsd:element name="root" msdata:IsDataSet="true"> + <xsd:complexType> + <xsd:choice maxOccurs="unbounded"> + <xsd:element name="metadata"> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="value" type="xsd:string" minOccurs="0" /> + </xsd:sequence> + <xsd:attribute name="name" use="required" type="xsd:string" /> + <xsd:attribute name="type" type="xsd:string" /> + <xsd:attribute name="mimetype" type="xsd:string" /> + <xsd:attribute ref="xml:space" /> + </xsd:complexType> + </xsd:element> + <xsd:element name="assembly"> + <xsd:complexType> + <xsd:attribute name="alias" type="xsd:string" /> + <xsd:attribute name="name" type="xsd:string" /> + </xsd:complexType> + </xsd:element> + <xsd:element name="data"> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" /> + <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" /> + </xsd:sequence> + <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" /> + <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" /> + <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" /> + <xsd:attribute ref="xml:space" /> + </xsd:complexType> + </xsd:element> + <xsd:element name="resheader"> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" /> + </xsd:sequence> + <xsd:attribute name="name" type="xsd:string" use="required" /> + </xsd:complexType> + </xsd:element> + </xsd:choice> + </xsd:complexType> + </xsd:element> + </xsd:schema> + <resheader name="resmimetype"> + <value>text/microsoft-resx</value> + </resheader> + <resheader name="version"> + <value>2.0</value> + </resheader> + <resheader name="reader"> + <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value> + </resheader> + <resheader name="writer"> + <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value> + </resheader> +</root>
\ No newline at end of file diff --git a/src/DotNetOpenAuth.OAuth2.Client/OAuth2/ClientBase.cs b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/ClientBase.cs new file mode 100644 index 0000000..51aac39 --- /dev/null +++ b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/ClientBase.cs @@ -0,0 +1,256 @@ +//----------------------------------------------------------------------- +// <copyright file="ClientBase.cs" company="Andrew Arnott"> +// Copyright (c) Andrew Arnott. All rights reserved. +// </copyright> +//----------------------------------------------------------------------- + +namespace DotNetOpenAuth.OAuth2 { + using System; + using System.Collections.Generic; + using System.Diagnostics.Contracts; + using System.Globalization; + using System.Linq; + using System.Net; + using System.Text; + using DotNetOpenAuth.Messaging; + using DotNetOpenAuth.OAuth2.ChannelElements; + using DotNetOpenAuth.OAuth2.Messages; + + /// <summary> + /// A base class for common OAuth Client behaviors. + /// </summary> + public class ClientBase { + /// <summary> + /// Initializes a new instance of the <see cref="ClientBase"/> class. + /// </summary> + /// <param name="authorizationServer">The token issuer.</param> + /// <param name="clientIdentifier">The client identifier.</param> + /// <param name="clientSecret">The client secret.</param> + protected ClientBase(AuthorizationServerDescription authorizationServer, string clientIdentifier = null, string clientSecret = null) { + Contract.Requires<ArgumentNullException>(authorizationServer != null); + this.AuthorizationServer = authorizationServer; + this.Channel = new OAuth2ClientChannel(); + this.ClientIdentifier = clientIdentifier; + this.ClientSecret = clientSecret; + } + + /// <summary> + /// Gets the token issuer. + /// </summary> + /// <value>The token issuer.</value> + public AuthorizationServerDescription AuthorizationServer { get; private set; } + + /// <summary> + /// Gets the OAuth channel. + /// </summary> + /// <value>The channel.</value> + public Channel Channel { get; private set; } + + /// <summary> + /// Gets or sets the identifier by which this client is known to the Authorization Server. + /// </summary> + public string ClientIdentifier { get; set; } + + /// <summary> + /// Gets or sets the client secret shared with the Authorization Server. + /// </summary> + public string ClientSecret { get; set; } + + /// <summary> + /// Adds the necessary HTTP Authorization header to an HTTP request for protected resources + /// so that the Service Provider will allow the request through. + /// </summary> + /// <param name="request">The request for protected resources from the service provider.</param> + /// <param name="accessToken">The access token previously obtained from the Authorization Server.</param> + public static void AuthorizeRequest(HttpWebRequest request, string accessToken) { + Contract.Requires<ArgumentNullException>(request != null); + Contract.Requires<ArgumentException>(!string.IsNullOrEmpty(accessToken)); + + OAuthUtilities.AuthorizeWithBearerToken(request, accessToken); + } + + /// <summary> + /// Adds the OAuth authorization token to an outgoing HTTP request, renewing a + /// (nearly) expired access token if necessary. + /// </summary> + /// <param name="request">The request for protected resources from the service provider.</param> + /// <param name="authorization">The authorization for this request previously obtained via OAuth.</param> + public void AuthorizeRequest(HttpWebRequest request, IAuthorizationState authorization) { + Contract.Requires<ArgumentNullException>(request != null); + Contract.Requires<ArgumentNullException>(authorization != null); + Contract.Requires<ArgumentException>(!string.IsNullOrEmpty(authorization.AccessToken)); + Contract.Requires<ProtocolException>(!authorization.AccessTokenExpirationUtc.HasValue || authorization.AccessTokenExpirationUtc < DateTime.UtcNow || authorization.RefreshToken != null); + + if (authorization.AccessTokenExpirationUtc.HasValue && authorization.AccessTokenExpirationUtc.Value < DateTime.UtcNow) { + ErrorUtilities.VerifyProtocol(authorization.RefreshToken != null, "Access token has expired and cannot be automatically refreshed."); + this.RefreshAuthorization(authorization); + } + + AuthorizeRequest(request, authorization.AccessToken); + } + + /// <summary> + /// Refreshes a short-lived access token using a longer-lived refresh token + /// with a new access token that has the same scope as the refresh token. + /// The refresh token itself may also be refreshed. + /// </summary> + /// <param name="authorization">The authorization to update.</param> + /// <param name="skipIfUsefulLifeExceeds">If given, the access token will <em>not</em> be refreshed if its remaining lifetime exceeds this value.</param> + /// <returns>A value indicating whether the access token was actually renewed; <c>true</c> if it was renewed, or <c>false</c> if it still had useful life remaining.</returns> + /// <remarks> + /// This method may modify the value of the <see cref="IAuthorizationState.RefreshToken"/> property on + /// the <paramref name="authorization"/> parameter if the authorization server has cycled out your refresh token. + /// If the parameter value was updated, this method calls <see cref="IAuthorizationState.SaveChanges"/> on that instance. + /// </remarks> + public bool RefreshAuthorization(IAuthorizationState authorization, TimeSpan? skipIfUsefulLifeExceeds = null) { + Contract.Requires<ArgumentNullException>(authorization != null); + Contract.Requires<ArgumentException>(!string.IsNullOrEmpty(authorization.RefreshToken)); + + if (skipIfUsefulLifeExceeds.HasValue && authorization.AccessTokenExpirationUtc.HasValue) { + TimeSpan usefulLifeRemaining = authorization.AccessTokenExpirationUtc.Value - DateTime.UtcNow; + if (usefulLifeRemaining > skipIfUsefulLifeExceeds.Value) { + // There is useful life remaining in the access token. Don't refresh. + Logger.OAuth.DebugFormat("Skipping token refresh step because access token's remaining life is {0}, which exceeds {1}.", usefulLifeRemaining, skipIfUsefulLifeExceeds.Value); + return false; + } + } + + var request = new AccessTokenRefreshRequest(this.AuthorizationServer) { + ClientIdentifier = this.ClientIdentifier, + ClientSecret = this.ClientSecret, + RefreshToken = authorization.RefreshToken, + }; + + var response = this.Channel.Request<AccessTokenSuccessResponse>(request); + UpdateAuthorizationWithResponse(authorization, response); + return true; + } + + /// <summary> + /// Gets an access token that may be used for only a subset of the scope for which a given + /// refresh token is authorized. + /// </summary> + /// <param name="refreshToken">The refresh token.</param> + /// <param name="scope">The scope subset desired in the access token.</param> + /// <returns>A description of the obtained access token, and possibly a new refresh token.</returns> + /// <remarks> + /// If the return value includes a new refresh token, the old refresh token should be discarded and + /// replaced with the new one. + /// </remarks> + public IAuthorizationState GetScopedAccessToken(string refreshToken, HashSet<string> scope) { + Contract.Requires<ArgumentException>(!string.IsNullOrEmpty(refreshToken)); + Contract.Requires<ArgumentNullException>(scope != null); + Contract.Ensures(Contract.Result<IAuthorizationState>() != null); + + var request = new AccessTokenRefreshRequest(this.AuthorizationServer) { + ClientIdentifier = this.ClientIdentifier, + ClientSecret = this.ClientSecret, + RefreshToken = refreshToken, + }; + + var response = this.Channel.Request<AccessTokenSuccessResponse>(request); + var authorization = new AuthorizationState(); + UpdateAuthorizationWithResponse(authorization, response); + + return authorization; + } + + /// <summary> + /// Updates the authorization state maintained by the client with the content of an outgoing response. + /// </summary> + /// <param name="authorizationState">The authorization state maintained by the client.</param> + /// <param name="accessTokenSuccess">The access token containing response message.</param> + internal static void UpdateAuthorizationWithResponse(IAuthorizationState authorizationState, AccessTokenSuccessResponse accessTokenSuccess) { + Contract.Requires<ArgumentNullException>(authorizationState != null); + Contract.Requires<ArgumentNullException>(accessTokenSuccess != null); + + authorizationState.AccessToken = accessTokenSuccess.AccessToken; + authorizationState.AccessTokenExpirationUtc = DateTime.UtcNow + accessTokenSuccess.Lifetime; + authorizationState.AccessTokenIssueDateUtc = DateTime.UtcNow; + + // The authorization server MAY choose to renew the refresh token itself. + if (accessTokenSuccess.RefreshToken != null) { + authorizationState.RefreshToken = accessTokenSuccess.RefreshToken; + } + + // An included scope parameter in the response only describes the access token's scope. + // Don't update the whole authorization state object with that scope because that represents + // the refresh token's original scope. + if ((authorizationState.Scope == null || authorizationState.Scope.Count == 0) && accessTokenSuccess.Scope != null) { + authorizationState.Scope.ResetContents(accessTokenSuccess.Scope); + } + + authorizationState.SaveChanges(); + } + + /// <summary> + /// Updates the authorization state maintained by the client with the content of an outgoing response. + /// </summary> + /// <param name="authorizationState">The authorization state maintained by the client.</param> + /// <param name="accessTokenSuccess">The access token containing response message.</param> + internal static void UpdateAuthorizationWithResponse(IAuthorizationState authorizationState, EndUserAuthorizationSuccessAccessTokenResponse accessTokenSuccess) { + Contract.Requires<ArgumentNullException>(authorizationState != null); + Contract.Requires<ArgumentNullException>(accessTokenSuccess != null); + + authorizationState.AccessToken = accessTokenSuccess.AccessToken; + authorizationState.AccessTokenExpirationUtc = DateTime.UtcNow + accessTokenSuccess.Lifetime; + authorizationState.AccessTokenIssueDateUtc = DateTime.UtcNow; + if (accessTokenSuccess.Scope != null && accessTokenSuccess.Scope != authorizationState.Scope) { + if (authorizationState.Scope != null) { + Logger.OAuth.InfoFormat( + "Requested scope of \"{0}\" changed to \"{1}\" by authorization server.", + authorizationState.Scope, + accessTokenSuccess.Scope); + } + + authorizationState.Scope.ResetContents(accessTokenSuccess.Scope); + } + + authorizationState.SaveChanges(); + } + + /// <summary> + /// Updates authorization state with a success response from the Authorization Server. + /// </summary> + /// <param name="authorizationState">The authorization state to update.</param> + /// <param name="authorizationSuccess">The authorization success message obtained from the authorization server.</param> + internal void UpdateAuthorizationWithResponse(IAuthorizationState authorizationState, EndUserAuthorizationSuccessAuthCodeResponse authorizationSuccess) { + Contract.Requires<ArgumentNullException>(authorizationState != null); + Contract.Requires<ArgumentNullException>(authorizationSuccess != null); + + var accessTokenRequest = new AccessTokenAuthorizationCodeRequest(this.AuthorizationServer) { + ClientIdentifier = this.ClientIdentifier, + ClientSecret = this.ClientSecret, + Callback = authorizationState.Callback, + AuthorizationCode = authorizationSuccess.AuthorizationCode, + }; + IProtocolMessage accessTokenResponse = this.Channel.Request(accessTokenRequest); + var accessTokenSuccess = accessTokenResponse as AccessTokenSuccessResponse; + var failedAccessTokenResponse = accessTokenResponse as AccessTokenFailedResponse; + if (accessTokenSuccess != null) { + UpdateAuthorizationWithResponse(authorizationState, accessTokenSuccess); + } else { + authorizationState.Delete(); + string error = failedAccessTokenResponse != null ? failedAccessTokenResponse.Error : "(unknown)"; + ErrorUtilities.ThrowProtocol(OAuthStrings.CannotObtainAccessTokenWithReason, error); + } + } + + /// <summary> + /// Calculates the fraction of life remaining in an access token. + /// </summary> + /// <param name="authorization">The authorization to measure.</param> + /// <returns>A fractional number no greater than 1. Could be negative if the access token has already expired.</returns> + private static double ProportionalLifeRemaining(IAuthorizationState authorization) { + Contract.Requires<ArgumentNullException>(authorization != null); + Contract.Requires<ArgumentException>(authorization.AccessTokenIssueDateUtc.HasValue); + Contract.Requires<ArgumentException>(authorization.AccessTokenExpirationUtc.HasValue); + + // Calculate what % of the total life this access token has left. + TimeSpan totalLifetime = authorization.AccessTokenExpirationUtc.Value - authorization.AccessTokenIssueDateUtc.Value; + TimeSpan elapsedLifetime = DateTime.UtcNow - authorization.AccessTokenIssueDateUtc.Value; + double proportionLifetimeRemaining = 1 - (elapsedLifetime.TotalSeconds / totalLifetime.TotalSeconds); + return proportionLifetimeRemaining; + } + } +} diff --git a/src/DotNetOpenAuth.OAuth2.Client/OAuth2/UserAgentClient.cs b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/UserAgentClient.cs new file mode 100644 index 0000000..e23eca4 --- /dev/null +++ b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/UserAgentClient.cs @@ -0,0 +1,123 @@ +//----------------------------------------------------------------------- +// <copyright file="UserAgentClient.cs" company="Andrew Arnott"> +// Copyright (c) Andrew Arnott. All rights reserved. +// </copyright> +//----------------------------------------------------------------------- + +namespace DotNetOpenAuth.OAuth2 { + using System; + using System.Collections.Generic; + using System.Diagnostics.Contracts; + using System.Linq; + using System.Text; + using DotNetOpenAuth.Messaging; + using DotNetOpenAuth.OAuth2.Messages; + + /// <summary> + /// The OAuth client for the user-agent flow, providing services for installed apps + /// and in-browser Javascript widgets. + /// </summary> + public class UserAgentClient : ClientBase { + /// <summary> + /// Initializes a new instance of the <see cref="UserAgentClient"/> class. + /// </summary> + /// <param name="authorizationServer">The token issuer.</param> + /// <param name="clientIdentifier">The client identifier.</param> + /// <param name="clientSecret">The client secret.</param> + public UserAgentClient(AuthorizationServerDescription authorizationServer, string clientIdentifier = null, string clientSecret = null) + : base(authorizationServer, clientIdentifier, clientSecret) { + } + + /// <summary> + /// Initializes a new instance of the <see cref="UserAgentClient"/> class. + /// </summary> + /// <param name="authorizationEndpoint">The authorization endpoint.</param> + /// <param name="tokenEndpoint">The token endpoint.</param> + /// <param name="clientIdentifier">The client identifier.</param> + /// <param name="clientSecret">The client secret.</param> + public UserAgentClient(Uri authorizationEndpoint, Uri tokenEndpoint, string clientIdentifier = null, string clientSecret = null) + : this(new AuthorizationServerDescription { AuthorizationEndpoint = authorizationEndpoint, TokenEndpoint = tokenEndpoint }, clientIdentifier, clientSecret) { + Contract.Requires<ArgumentNullException>(authorizationEndpoint != null); + Contract.Requires<ArgumentNullException>(tokenEndpoint != null); + } + + /// <summary> + /// Generates a URL that the user's browser can be directed to in order to authorize + /// this client to access protected data at some resource server. + /// </summary> + /// <param name="scope">The scope of authorized access requested.</param> + /// <param name="state">The client state that should be returned with the authorization response.</param> + /// <param name="returnTo">The URL that the authorization response should be sent to via a user-agent redirect.</param> + /// <returns> + /// A fully-qualified URL suitable to initiate the authorization flow. + /// </returns> + public Uri RequestUserAuthorization(IEnumerable<string> scope = null, string state = null, Uri returnTo = null) { + var authorization = new AuthorizationState(scope) { + Callback = returnTo, + }; + + return this.RequestUserAuthorization(authorization); + } + + /// <summary> + /// Generates a URL that the user's browser can be directed to in order to authorize + /// this client to access protected data at some resource server. + /// </summary> + /// <param name="authorization">The authorization state that is tracking this particular request. Optional.</param> + /// <param name="state">The client state that should be returned with the authorization response.</param> + /// <returns> + /// A fully-qualified URL suitable to initiate the authorization flow. + /// </returns> + public Uri RequestUserAuthorization(IAuthorizationState authorization, string state = null) { + Contract.Requires<ArgumentNullException>(authorization != null); + Contract.Requires<InvalidOperationException>(!string.IsNullOrEmpty(this.ClientIdentifier)); + + if (authorization.Callback == null) { + authorization.Callback = new Uri("http://localhost/"); + } + + var request = new EndUserAuthorizationRequest(this.AuthorizationServer) { + ClientIdentifier = this.ClientIdentifier, + Callback = authorization.Callback, + ClientState = state, + }; + request.Scope.ResetContents(authorization.Scope); + + return this.Channel.PrepareResponse(request).GetDirectUriRequest(this.Channel); + } + + /// <summary> + /// Scans the incoming request for an authorization response message. + /// </summary> + /// <param name="actualRedirectUrl">The actual URL of the incoming HTTP request.</param> + /// <param name="authorizationState">The authorization.</param> + /// <returns>The granted authorization, or <c>null</c> if the incoming HTTP request did not contain an authorization server response or authorization was rejected.</returns> + public IAuthorizationState ProcessUserAuthorization(Uri actualRedirectUrl, IAuthorizationState authorizationState = null) { + Contract.Requires<ArgumentNullException>(actualRedirectUrl != null); + + if (authorizationState == null) { + authorizationState = new AuthorizationState(); + } + + var carrier = new HttpRequestInfo("GET", actualRedirectUrl, actualRedirectUrl.PathAndQuery, new System.Net.WebHeaderCollection(), null); + IDirectedProtocolMessage response = this.Channel.ReadFromRequest(carrier); + if (response == null) { + return null; + } + + EndUserAuthorizationSuccessAccessTokenResponse accessTokenSuccess; + EndUserAuthorizationSuccessAuthCodeResponse authCodeSuccess; + EndUserAuthorizationFailedResponse failure; + if ((accessTokenSuccess = response as EndUserAuthorizationSuccessAccessTokenResponse) != null) { + UpdateAuthorizationWithResponse(authorizationState, accessTokenSuccess); + } else if ((authCodeSuccess = response as EndUserAuthorizationSuccessAuthCodeResponse) != null) { + this.UpdateAuthorizationWithResponse(authorizationState, authCodeSuccess); + } else if ((failure = response as EndUserAuthorizationFailedResponse) != null) { + authorizationState.Delete(); + return null; + } + + return authorizationState; + } + } +} diff --git a/src/DotNetOpenAuth.OAuth2.Client/OAuth2/WebServerClient.cs b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/WebServerClient.cs new file mode 100644 index 0000000..a6fae13 --- /dev/null +++ b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/WebServerClient.cs @@ -0,0 +1,130 @@ +//----------------------------------------------------------------------- +// <copyright file="WebServerClient.cs" company="Andrew Arnott"> +// Copyright (c) Andrew Arnott. All rights reserved. +// </copyright> +//----------------------------------------------------------------------- + +namespace DotNetOpenAuth.OAuth2 { + using System; + using System.Collections.Generic; + using System.Diagnostics.Contracts; + using System.Linq; + using System.Net; + using System.Text; + using System.Web; + using DotNetOpenAuth.Messaging; + using DotNetOpenAuth.OAuth2.Messages; + + /// <summary> + /// An OAuth 2.0 consumer designed for web applications. + /// </summary> + public class WebServerClient : ClientBase { + /// <summary> + /// Initializes a new instance of the <see cref="WebServerClient"/> class. + /// </summary> + /// <param name="authorizationServer">The authorization server.</param> + /// <param name="clientIdentifier">The client identifier.</param> + /// <param name="clientSecret">The client secret.</param> + public WebServerClient(AuthorizationServerDescription authorizationServer, string clientIdentifier = null, string clientSecret = null) + : base(authorizationServer, clientIdentifier, clientSecret) { + } + + /// <summary> + /// Gets or sets an optional component that gives you greater control to record and influence the authorization process. + /// </summary> + /// <value>The authorization tracker.</value> + public IClientAuthorizationTracker AuthorizationTracker { get; set; } + + /// <summary> + /// Prepares a request for user authorization from an authorization server. + /// </summary> + /// <param name="scope">The scope of authorized access requested.</param> + /// <param name="state">The state of the client that should be sent back with the authorization response.</param> + /// <param name="returnTo">The URL the authorization server should redirect the browser (typically on this site) to when the authorization is completed. If null, the current request's URL will be used.</param> + public void RequestUserAuthorization(IEnumerable<string> scope = null, string state = null, Uri returnTo = null) { + var authorizationState = new AuthorizationState(scope) { + Callback = returnTo, + }; + this.PrepareRequestUserAuthorization(authorizationState, state).Respond(); + } + + /// <summary> + /// Prepares a request for user authorization from an authorization server. + /// </summary> + /// <param name="scopes">The scope of authorized access requested.</param> + /// <param name="state">The state of the client that should be sent back with the authorization response.</param> + /// <returns>The authorization request.</returns> + public OutgoingWebResponse PrepareRequestUserAuthorization(IEnumerable<string> scopes = null, string state = null) { + var authorizationState = new AuthorizationState(scopes); + return this.PrepareRequestUserAuthorization(authorizationState, state); + } + + /// <summary> + /// Prepares a request for user authorization from an authorization server. + /// </summary> + /// <param name="authorization">The authorization state to associate with this particular request.</param> + /// <param name="state">The state of the client that should be sent back with the authorization response.</param> + /// <returns>The authorization request.</returns> + public OutgoingWebResponse PrepareRequestUserAuthorization(IAuthorizationState authorization, string state = null) { + Contract.Requires<ArgumentNullException>(authorization != null); + Contract.Requires<InvalidOperationException>(authorization.Callback != null || (HttpContext.Current != null && HttpContext.Current.Request != null), MessagingStrings.HttpContextRequired); + Contract.Requires<InvalidOperationException>(!string.IsNullOrEmpty(this.ClientIdentifier)); + Contract.Ensures(Contract.Result<OutgoingWebResponse>() != null); + + if (authorization.Callback == null) { + authorization.Callback = this.Channel.GetRequestFromContext().UrlBeforeRewriting + .StripMessagePartsFromQueryString(this.Channel.MessageDescriptions.Get(typeof(EndUserAuthorizationSuccessResponseBase), Protocol.Default.Version)) + .StripMessagePartsFromQueryString(this.Channel.MessageDescriptions.Get(typeof(EndUserAuthorizationFailedResponse), Protocol.Default.Version)); + authorization.SaveChanges(); + } + + var request = new EndUserAuthorizationRequest(this.AuthorizationServer) { + ClientIdentifier = this.ClientIdentifier, + Callback = authorization.Callback, + ClientState = state, + }; + request.Scope.ResetContents(authorization.Scope); + + return this.Channel.PrepareResponse(request); + } + + /// <summary> + /// Processes the authorization response from an authorization server, if available. + /// </summary> + /// <param name="request">The incoming HTTP request that may carry an authorization response.</param> + /// <returns>The authorization state that contains the details of the authorization.</returns> + public IAuthorizationState ProcessUserAuthorization(HttpRequestInfo request = null) { + Contract.Requires<InvalidOperationException>(!string.IsNullOrEmpty(this.ClientIdentifier)); + Contract.Requires<InvalidOperationException>(!string.IsNullOrEmpty(this.ClientSecret)); + + if (request == null) { + request = this.Channel.GetRequestFromContext(); + } + + IMessageWithClientState response; + if (this.Channel.TryReadFromRequest<IMessageWithClientState>(request, out response)) { + Uri callback = MessagingUtilities.StripMessagePartsFromQueryString(request.UrlBeforeRewriting, this.Channel.MessageDescriptions.Get(response)); + IAuthorizationState authorizationState; + if (this.AuthorizationTracker != null) { + authorizationState = this.AuthorizationTracker.GetAuthorizationState(callback, response.ClientState); + ErrorUtilities.VerifyProtocol(authorizationState != null, "Unexpected OAuth authorization response received with callback and client state that does not match an expected value."); + } else { + authorizationState = new AuthorizationState { Callback = callback }; + } + var success = response as EndUserAuthorizationSuccessAuthCodeResponse; + var failure = response as EndUserAuthorizationFailedResponse; + ErrorUtilities.VerifyProtocol(success != null || failure != null, MessagingStrings.UnexpectedMessageReceivedOfMany); + if (success != null) { + this.UpdateAuthorizationWithResponse(authorizationState, success); + } else { // failure + Logger.OAuth.Info("User refused to grant the requested authorization at the Authorization Server."); + authorizationState.Delete(); + } + + return authorizationState; + } + + return null; + } + } +} diff --git a/src/DotNetOpenAuth.OAuth2.Client/Properties/AssemblyInfo.cs b/src/DotNetOpenAuth.OAuth2.Client/Properties/AssemblyInfo.cs new file mode 100644 index 0000000..ad8decc --- /dev/null +++ b/src/DotNetOpenAuth.OAuth2.Client/Properties/AssemblyInfo.cs @@ -0,0 +1,52 @@ +//----------------------------------------------------------------------- +// <copyright file="AssemblyInfo.cs" company="Andrew Arnott"> +// Copyright (c) Andrew Arnott. All rights reserved. +// </copyright> +//----------------------------------------------------------------------- + +// We DON'T put an AssemblyVersionAttribute in here because it is generated in the build. + +using System; +using System.Diagnostics.Contracts; +using System.Net; +using System.Reflection; +using System.Resources; +using System.Runtime.CompilerServices; +using System.Runtime.InteropServices; +using System.Security; +using System.Security.Permissions; +using System.Web.UI; + +// General Information about an assembly is controlled through the following +// set of attributes. Change these attribute values to modify the information +// associated with an assembly. +[assembly: AssemblyTitle("DotNetOpenAuth OAuth 2.0")] +[assembly: AssemblyDescription("")] +[assembly: AssemblyConfiguration("")] +[assembly: AssemblyCompany("")] +[assembly: AssemblyProduct("DotNetOpenAuth")] +[assembly: AssemblyCopyright("Copyright © 2008")] +[assembly: AssemblyTrademark("")] +[assembly: AssemblyCulture("")] +[assembly: NeutralResourcesLanguage("en-US")] +[assembly: CLSCompliant(true)] + +// Setting ComVisible to false makes the types in this assembly not visible +// to COM components. If you need to access a type in this assembly from +// COM, set the ComVisible attribute to true on that type. +[assembly: ComVisible(false)] + +// The following GUID is for the ID of the typelib if this project is exposed to COM +[assembly: Guid("7d73990c-47c0-4256-9f20-a893add9e289")] + +[assembly: ContractVerification(true)] + +#if StrongNameSigned +// See comment at top of this file. We need this so that strong-naming doesn't +// keep this assembly from being useful to shared host (medium trust) web sites. +[assembly: AllowPartiallyTrustedCallers] + +[assembly: InternalsVisibleTo("DotNetOpenAuth.Test, PublicKey=0024000004800000940000000602000000240000525341310004000001000100AD093C3765257C89A7010E853F2C7C741FF92FA8ACE06D7B8254702CAD5CF99104447F63AB05F8BB6F51CE0D81C8C93D2FCE8C20AAFF7042E721CBA16EAAE98778611DED11C0ABC8900DC5667F99B50A9DADEC24DBD8F2C91E3E8AD300EF64F1B4B9536CEB16FB440AF939F57624A9B486F867807C649AE4830EAB88C6C03998")] +#else +[assembly: InternalsVisibleTo("DotNetOpenAuth.Test")] +#endif |