1 files changed, 99 insertions, 0 deletions

diff --git a/src/DotNetOpenAuth.OAuth2/OAuth2/Messages/AccessTokenSuccessResponse.cs b/src/DotNetOpenAuth.OAuth2/OAuth2/Messages/AccessTokenSuccessResponse.cs
new file mode 100644
index 0000000..5682bf7
--- /dev/null
+++ b/src/DotNetOpenAuth.OAuth2/OAuth2/Messages/AccessTokenSuccessResponse.cs
@@ -0,0 +1,99 @@
+//-----------------------------------------------------------------------
+// <copyright file="AccessTokenSuccessResponse.cs" company="Andrew Arnott">
+//     Copyright (c) Andrew Arnott. All rights reserved.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace DotNetOpenAuth.OAuth2.Messages {
+	using System;
+	using System.Collections.Generic;
+	using System.Net;
+	using DotNetOpenAuth.Messaging;
+	using DotNetOpenAuth.OAuth2.ChannelElements;
+
+	/// <summary>
+	/// A response from the Authorization Server to the Client containing a delegation code
+	/// that the Client should use to obtain an access token.
+	/// </summary>
+	/// <remarks>
+	/// This message type is shared by the Web App, Rich App, and Username/Password profiles.
+	/// </remarks>
+	internal class AccessTokenSuccessResponse : MessageBase, IHttpDirectResponse {
+		/// <summary>
+		/// Initializes a new instance of the <see cref="AccessTokenSuccessResponse"/> class.
+		/// </summary>
+		/// <param name="request">The request.</param>
+		internal AccessTokenSuccessResponse(AccessTokenRequestBase request)
+			: base(request) {
+			this.Scope = new HashSet<string>(OAuthUtilities.ScopeStringComparer);
+			this.TokenType = Protocol.AccessTokenTypes.Bearer;
+		}
+
+		/// <summary>
+		/// Gets the HTTP status code that the direct response should be sent with.
+		/// </summary>
+		/// <value>Always HttpStatusCode.OK</value>
+		HttpStatusCode IHttpDirectResponse.HttpStatusCode {
+			get { return HttpStatusCode.OK; }
+		}
+
+		/// <summary>
+		/// Gets the HTTP headers to add to the response.
+		/// </summary>
+		/// <value>May be an empty collection, but must not be <c>null</c>.</value>
+		WebHeaderCollection IHttpDirectResponse.Headers {
+			get {
+				return new WebHeaderCollection
+				{
+					{ HttpResponseHeader.CacheControl, "no-store" },
+				};
+			}
+		}
+
+		/// <summary>
+		/// Gets or sets the access token.
+		/// </summary>
+		/// <value>The access token.</value>
+		[MessagePart(Protocol.access_token, IsRequired = true)]
+		public string AccessToken { get; internal set; }
+
+		/// <summary>
+		/// Gets or sets the token type.
+		/// </summary>
+		/// <value>Usually "bearer".</value>
+		/// <remarks>
+		/// Described in OAuth 2.0 section 7.1.
+		/// </remarks>
+		[MessagePart(Protocol.token_type, IsRequired = true)]
+		public string TokenType { get; internal set; }
+
+		/// <summary>
+		/// Gets or sets the lifetime of the access token.
+		/// </summary>
+		/// <value>The lifetime.</value>
+		[MessagePart(Protocol.expires_in, IsRequired = false, Encoder = typeof(TimespanSecondsEncoder))]
+		public TimeSpan? Lifetime { get; internal set; }
+
+		/// <summary>
+		/// Gets or sets the refresh token.
+		/// </summary>
+		/// <value>The refresh token.</value>
+		/// <remarks>
+		/// OPTIONAL. The refresh token used to obtain new access tokens using the same end-user access grant as described in Section 6  (Refreshing an Access Token). 
+		/// </remarks>
+		[MessagePart(Protocol.refresh_token, IsRequired = false)]
+		public string RefreshToken { get; internal set; }
+
+		/// <summary>
+		/// Gets the scope of access being requested.
+		/// </summary>
+		/// <value>The scope of the access request expressed as a list of space-delimited strings. The value of the scope parameter is defined by the authorization server. If the value contains multiple space-delimited strings, their order does not matter, and each string adds an additional access range to the requested scope.</value>
+		[MessagePart(Protocol.scope, IsRequired = false, Encoder = typeof(ScopeEncoder))]
+		public HashSet<string> Scope { get; private set; }
+
+		/// <summary>
+		/// Gets or sets a value indicating whether a refresh token is or should be included in the response.
+		/// </summary>
+		internal bool HasRefreshToken { get; set; }
+	}
+}