summaryrefslogtreecommitdiffstats
path: root/src/DotNetOpenAuth.OAuth2.ResourceServer
diff options
context:
space:
mode:
Diffstat (limited to 'src/DotNetOpenAuth.OAuth2.ResourceServer')
-rw-r--r--src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ChannelElements/OAuth2ResourceServerChannel.cs25
-rw-r--r--src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ResourceServer.cs43
2 files changed, 34 insertions, 34 deletions
diff --git a/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ChannelElements/OAuth2ResourceServerChannel.cs b/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ChannelElements/OAuth2ResourceServerChannel.cs
index 363b8e0..c645753 100644
--- a/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ChannelElements/OAuth2ResourceServerChannel.cs
+++ b/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ChannelElements/OAuth2ResourceServerChannel.cs
@@ -55,10 +55,12 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements {
/// <returns>
/// The deserialized message, if one is found. Null otherwise.
/// </returns>
- protected override IDirectedProtocolMessage ReadFromRequestCore(HttpRequestBase request, CancellationToken cancellationToken) {
+ protected override async Task<IDirectedProtocolMessage> ReadFromRequestCoreAsync(HttpRequestMessage request, CancellationToken cancellationToken) {
+ Requires.NotNull(request, "request");
+
var fields = new Dictionary<string, string>();
string accessToken;
- if ((accessToken = SearchForBearerAccessTokenInRequest(request)) != null) {
+ if ((accessToken = await SearchForBearerAccessTokenInRequestAsync(request, cancellationToken)) != null) {
fields[Protocol.token_type] = Protocol.AccessTokenTypes.Bearer;
fields[Protocol.access_token] = accessToken;
}
@@ -129,27 +131,24 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements {
/// </summary>
/// <param name="request">The request.</param>
/// <returns>The bearer access token, if one exists. Otherwise <c>null</c>.</returns>
- private static string SearchForBearerAccessTokenInRequest(HttpRequestBase request) {
+ private static async Task<string> SearchForBearerAccessTokenInRequestAsync(HttpRequestMessage request, CancellationToken cancellationToken) {
Requires.NotNull(request, "request");
// First search the authorization header.
- string authorizationHeader = request.Headers[HttpRequestHeaders.Authorization];
- if (!string.IsNullOrEmpty(authorizationHeader) && authorizationHeader.StartsWith(Protocol.BearerHttpAuthorizationSchemeWithTrailingSpace, StringComparison.OrdinalIgnoreCase)) {
- return authorizationHeader.Substring(Protocol.BearerHttpAuthorizationSchemeWithTrailingSpace.Length);
+ var authorizationHeader = request.Headers.Authorization;
+ if (authorizationHeader != null && string.Equals(authorizationHeader.Scheme, Protocol.BearerHttpAuthorizationScheme, StringComparison.OrdinalIgnoreCase)) {
+ return authorizationHeader.Parameter;
}
// Failing that, scan the entity
- if (!string.IsNullOrEmpty(request.Headers[HttpRequestHeaders.ContentType])) {
- var contentType = new ContentType(request.Headers[HttpRequestHeaders.ContentType]);
- if (string.Equals(contentType.MediaType, HttpFormUrlEncoded, StringComparison.Ordinal)) {
- if (request.Form[Protocol.BearerTokenEncodedUrlParameterName] != null) {
- return request.Form[Protocol.BearerTokenEncodedUrlParameterName];
- }
+ foreach (var pair in await ParseUrlEncodedFormContentAsync(request, cancellationToken)) {
+ if (string.Equals(pair.Key, Protocol.BearerTokenEncodedUrlParameterName, StringComparison.Ordinal)) {
+ return pair.Value;
}
}
// Finally, check the least desirable location: the query string
- var unrewrittenQuery = request.GetQueryStringBeforeRewriting();
+ var unrewrittenQuery = HttpUtility.ParseQueryString(request.RequestUri.Query);
if (!string.IsNullOrEmpty(unrewrittenQuery[Protocol.BearerTokenEncodedUrlParameterName])) {
return unrewrittenQuery[Protocol.BearerTokenEncodedUrlParameterName];
}
diff --git a/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ResourceServer.cs b/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ResourceServer.cs
index 88ce451..e990e0b 100644
--- a/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ResourceServer.cs
+++ b/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ResourceServer.cs
@@ -88,17 +88,34 @@ namespace DotNetOpenAuth.OAuth2 {
/// </returns>
/// <exception cref="ProtocolFaultResponseException">Thrown when the client is not authorized. This exception should be caught and the
/// <see cref="ProtocolFaultResponseException.ErrorResponseMessage" /> message should be returned to the client.</exception>
- public virtual async Task<AccessToken> GetAccessTokenAsync(HttpRequestBase httpRequestInfo = null, CancellationToken cancellationToken = default(CancellationToken), params string[] requiredScopes) {
+ public virtual Task<AccessToken> GetAccessTokenAsync(HttpRequestBase httpRequestInfo = null, CancellationToken cancellationToken = default(CancellationToken), params string[] requiredScopes) {
+ Requires.NotNull(requiredScopes, "requiredScopes");
+ RequiresEx.ValidState(this.ScopeSatisfiedCheck != null, Strings.RequiredPropertyNotYetPreset);
+
+ httpRequestInfo = httpRequestInfo ?? this.Channel.GetRequestFromContext();
+ return this.GetAccessTokenAsync(httpRequestInfo.AsHttpRequestMessage(), cancellationToken, requiredScopes);
+ }
+
+ /// <summary>
+ /// Discovers what access the client should have considering the access token in the current request.
+ /// </summary>
+ /// <param name="request">The HTTP request message.</param>
+ /// <param name="cancellationToken">The cancellation token.</param>
+ /// <param name="requiredScopes">The set of scopes required to approve this request.</param>
+ /// <returns>
+ /// The access token describing the authorization the client has. Never <c>null</c>.
+ /// </returns>
+ /// <exception cref="ProtocolFaultResponseException">Thrown when the client is not authorized. This exception should be caught and the
+ /// <see cref="ProtocolFaultResponseException.ErrorResponseMessage" /> message should be returned to the client.</exception>
+ public virtual async Task<AccessToken> GetAccessTokenAsync(HttpRequestMessage requestMessage, CancellationToken cancellationToken = default(CancellationToken), params string[] requiredScopes) {
+ Requires.NotNull(requestMessage, "requestMessage");
Requires.NotNull(requiredScopes, "requiredScopes");
RequiresEx.ValidState(this.ScopeSatisfiedCheck != null, Strings.RequiredPropertyNotYetPreset);
- if (httpRequestInfo == null) {
- httpRequestInfo = this.Channel.GetRequestFromContext();
- }
AccessToken accessToken;
AccessProtectedResourceRequest request = null;
try {
- request = await this.Channel.TryReadFromRequestAsync<AccessProtectedResourceRequest>(cancellationToken, httpRequestInfo);
+ request = await this.Channel.TryReadFromRequestAsync<AccessProtectedResourceRequest>(requestMessage, cancellationToken);
if (request != null) {
accessToken = this.AccessTokenAnalyzer.DeserializeAccessToken(request, request.AccessToken);
ErrorUtilities.VerifyHost(accessToken != null, "IAccessTokenAnalyzer.DeserializeAccessToken returned a null reslut.");
@@ -133,22 +150,6 @@ namespace DotNetOpenAuth.OAuth2 {
/// <summary>
/// Discovers what access the client should have considering the access token in the current request.
/// </summary>
- /// <param name="request">The HTTP request message.</param>
- /// <param name="cancellationToken">The cancellation token.</param>
- /// <param name="requiredScopes">The set of scopes required to approve this request.</param>
- /// <returns>
- /// The access token describing the authorization the client has. Never <c>null</c>.
- /// </returns>
- /// <exception cref="ProtocolFaultResponseException">Thrown when the client is not authorized. This exception should be caught and the
- /// <see cref="ProtocolFaultResponseException.ErrorResponseMessage" /> message should be returned to the client.</exception>
- public virtual Task<AccessToken> GetAccessTokenAsync(HttpRequestMessage request, CancellationToken cancellationToken = default(CancellationToken), params string[] requiredScopes) {
- Requires.NotNull(request, "request");
- return this.GetAccessTokenAsync(new HttpRequestInfo(request), cancellationToken, requiredScopes);
- }
-
- /// <summary>
- /// Discovers what access the client should have considering the access token in the current request.
- /// </summary>
/// <param name="httpRequestInfo">The HTTP request info.</param>
/// <param name="cancellationToken">The cancellation token.</param>
/// <param name="requiredScopes">The set of scopes required to approve this request.</param>
generated by cgit v1.1 at 2025-05-16 20:21:58 +0000