diff options
Diffstat (limited to 'src/DotNetOpenAuth.OAuth2.ClientAuthorization')
-rw-r--r-- | src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/IClientDescription.cs | 50 |
1 files changed, 37 insertions, 13 deletions
diff --git a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/IClientDescription.cs b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/IClientDescription.cs index d30151b..bcef28b 100644 --- a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/IClientDescription.cs +++ b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/IClientDescription.cs @@ -15,11 +15,6 @@ namespace DotNetOpenAuth.OAuth2 { [ContractClass(typeof(IClientDescriptionContract))] public interface IClientDescription { /// <summary> - /// Gets the client secret. - /// </summary> - string Secret { get; } - - /// <summary> /// Gets the callback to use when an individual authorization request /// does not include an explicit callback URI. /// </summary> @@ -32,6 +27,11 @@ namespace DotNetOpenAuth.OAuth2 { ClientType ClientType { get; } /// <summary> + /// Gets a value indicating whether a non-empty secret is registered for this client. + /// </summary> + bool HasNonEmptySecret { get; } + + /// <summary> /// Determines whether a callback URI included in a client's authorization request /// is among those allowed callbacks for the registered client. /// </summary> @@ -56,6 +56,17 @@ namespace DotNetOpenAuth.OAuth2 { /// </para> /// </remarks> bool IsCallbackAllowed(Uri callback); + + /// <summary> + /// Checks whether the specified client secret is correct. + /// </summary> + /// <param name="secret">The secret obtained from the client.</param> + /// <returns><c>true</c> if the secret matches the one in the authorization server's record for the client; <c>false</c> otherwise.</returns> + /// <remarks> + /// All string equality checks, whether checking secrets or their hashes, + /// should be done using <see cref="MessagingUtilites.EqualsConstantTime"/> to mitigate timing attacks. + /// </remarks> + bool IsValidClientSecret(string secret); } /// <summary> @@ -66,14 +77,6 @@ namespace DotNetOpenAuth.OAuth2 { #region IClientDescription Members /// <summary> - /// Gets the client secret. - /// </summary> - /// <value></value> - string IClientDescription.Secret { - get { throw new NotImplementedException(); } - } - - /// <summary> /// Gets the type of the client. /// </summary> ClientType IClientDescription.ClientType { @@ -95,6 +98,13 @@ namespace DotNetOpenAuth.OAuth2 { } /// <summary> + /// Gets a value indicating whether a non-empty secret is registered for this client. + /// </summary> + bool IClientDescription.HasNonEmptySecret { + get { throw new NotImplementedException(); } + } + + /// <summary> /// Determines whether a callback URI included in a client's authorization request /// is among those allowed callbacks for the registered client. /// </summary> @@ -108,6 +118,20 @@ namespace DotNetOpenAuth.OAuth2 { throw new NotImplementedException(); } + /// <summary> + /// Checks whether the specified client secret is correct. + /// </summary> + /// <param name="secret">The secret obtained from the client.</param> + /// <returns><c>true</c> if the secret matches the one in the authorization server's record for the client; <c>false</c> otherwise.</returns> + /// <remarks> + /// All string equality checks, whether checking secrets or their hashes, + /// should be done using <see cref="MessagingUtilites.EqualsConstantTime"/> to mitigate timing attacks. + /// </remarks> + bool IClientDescription.IsValidClientSecret(string secret) { + Requires.NotNullOrEmpty(secret, "secret"); + throw new NotImplementedException(); + } + #endregion } } |