summaryrefslogtreecommitdiffstats
path: root/src/DotNetOpenAuth.OAuth2.ClientAuthorization
diff options
context:
space:
mode:
Diffstat (limited to 'src/DotNetOpenAuth.OAuth2.ClientAuthorization')
-rw-r--r--src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/IClientDescription.cs50
1 files changed, 37 insertions, 13 deletions
diff --git a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/IClientDescription.cs b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/IClientDescription.cs
index d30151b..bcef28b 100644
--- a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/IClientDescription.cs
+++ b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/IClientDescription.cs
@@ -15,11 +15,6 @@ namespace DotNetOpenAuth.OAuth2 {
[ContractClass(typeof(IClientDescriptionContract))]
public interface IClientDescription {
/// <summary>
- /// Gets the client secret.
- /// </summary>
- string Secret { get; }
-
- /// <summary>
/// Gets the callback to use when an individual authorization request
/// does not include an explicit callback URI.
/// </summary>
@@ -32,6 +27,11 @@ namespace DotNetOpenAuth.OAuth2 {
ClientType ClientType { get; }
/// <summary>
+ /// Gets a value indicating whether a non-empty secret is registered for this client.
+ /// </summary>
+ bool HasNonEmptySecret { get; }
+
+ /// <summary>
/// Determines whether a callback URI included in a client's authorization request
/// is among those allowed callbacks for the registered client.
/// </summary>
@@ -56,6 +56,17 @@ namespace DotNetOpenAuth.OAuth2 {
/// </para>
/// </remarks>
bool IsCallbackAllowed(Uri callback);
+
+ /// <summary>
+ /// Checks whether the specified client secret is correct.
+ /// </summary>
+ /// <param name="secret">The secret obtained from the client.</param>
+ /// <returns><c>true</c> if the secret matches the one in the authorization server's record for the client; <c>false</c> otherwise.</returns>
+ /// <remarks>
+ /// All string equality checks, whether checking secrets or their hashes,
+ /// should be done using <see cref="MessagingUtilites.EqualsConstantTime"/> to mitigate timing attacks.
+ /// </remarks>
+ bool IsValidClientSecret(string secret);
}
/// <summary>
@@ -66,14 +77,6 @@ namespace DotNetOpenAuth.OAuth2 {
#region IClientDescription Members
/// <summary>
- /// Gets the client secret.
- /// </summary>
- /// <value></value>
- string IClientDescription.Secret {
- get { throw new NotImplementedException(); }
- }
-
- /// <summary>
/// Gets the type of the client.
/// </summary>
ClientType IClientDescription.ClientType {
@@ -95,6 +98,13 @@ namespace DotNetOpenAuth.OAuth2 {
}
/// <summary>
+ /// Gets a value indicating whether a non-empty secret is registered for this client.
+ /// </summary>
+ bool IClientDescription.HasNonEmptySecret {
+ get { throw new NotImplementedException(); }
+ }
+
+ /// <summary>
/// Determines whether a callback URI included in a client's authorization request
/// is among those allowed callbacks for the registered client.
/// </summary>
@@ -108,6 +118,20 @@ namespace DotNetOpenAuth.OAuth2 {
throw new NotImplementedException();
}
+ /// <summary>
+ /// Checks whether the specified client secret is correct.
+ /// </summary>
+ /// <param name="secret">The secret obtained from the client.</param>
+ /// <returns><c>true</c> if the secret matches the one in the authorization server's record for the client; <c>false</c> otherwise.</returns>
+ /// <remarks>
+ /// All string equality checks, whether checking secrets or their hashes,
+ /// should be done using <see cref="MessagingUtilites.EqualsConstantTime"/> to mitigate timing attacks.
+ /// </remarks>
+ bool IClientDescription.IsValidClientSecret(string secret) {
+ Requires.NotNullOrEmpty(secret, "secret");
+ throw new NotImplementedException();
+ }
+
#endregion
}
}