3 files changed, 63 insertions, 52 deletions
diff --git a/src/DotNetOpenAuth.OAuth2/OAuth2/AccessToken.cs b/src/DotNetOpenAuth.OAuth2/OAuth2/AccessToken.cs
index fa87972..a8c911e 100644
--- a/src/DotNetOpenAuth.OAuth2/OAuth2/AccessToken.cs
+++ b/src/DotNetOpenAuth.OAuth2/OAuth2/AccessToken.cs
@@ -57,6 +57,15 @@ namespace DotNetOpenAuth.OAuth2 {
 		}
 
 		/// <summary>
+		/// Creates a formatter capable of serializing/deserializing an access token.
+		/// </summary>
+		/// <returns>An access token serializer.</returns>
+		internal static IDataBagFormatter<AccessToken> CreateFormatter(ICryptoKeyStore symmetricKeyStore) {
+			Requires.NotNull(symmetricKeyStore, "symmetricKeyStore");
+			return new UriStyleMessageFormatter<AccessToken>(symmetricKeyStore, bucket: "AccessTokens", signed: true, encrypted: true);
+		}
+
+		/// <summary>
 		/// Initializes this instance of the <see cref="AccessToken"/> class.
 		/// </summary>
 		/// <param name="authorization">The authorization to apply to this access token.</param>
diff --git a/src/DotNetOpenAuth.OAuth2/OAuth2/OAuthUtilities.cs b/src/DotNetOpenAuth.OAuth2/OAuth2/OAuthUtilities.cs
index f2acf79..1871ad6 100644
--- a/src/DotNetOpenAuth.OAuth2/OAuth2/OAuthUtilities.cs
+++ b/src/DotNetOpenAuth.OAuth2/OAuth2/OAuthUtilities.cs
@@ -10,10 +10,13 @@ namespace DotNetOpenAuth.OAuth2 {
 	using System.Globalization;
 	using System.Linq;
 	using System.Net;
+	using System.Net.Http.Headers;
 	using System.Text;
 	using DotNetOpenAuth.Messaging;
 	using Validation;
 
+	using HttpRequestHeaders = DotNetOpenAuth.Messaging.HttpRequestHeaders;
+
 	/// <summary>
 	/// Some common utility methods for OAuth 2.0.
 	/// </summary>
@@ -26,7 +29,7 @@ namespace DotNetOpenAuth.OAuth2 {
 		/// <summary>
 		/// The string "Basic ".
 		/// </summary>
-		private const string HttpBasicAuthScheme = "Basic ";
+		private const string HttpBasicAuthScheme = "Basic";
 
 		/// <summary>
 		/// The delimiter between scope elements.
@@ -161,7 +164,7 @@ namespace DotNetOpenAuth.OAuth2 {
 		/// <param name="headers">The headers collection to set the authorization header to.</param>
 		/// <param name="userName">The username.  Cannot be empty.</param>
 		/// <param name="password">The password.  Cannot be null.</param>
-		internal static void ApplyHttpBasicAuth(WebHeaderCollection headers, string userName, string password) {
+		internal static void ApplyHttpBasicAuth(System.Net.Http.Headers.HttpRequestHeaders headers, string userName, string password) {
 			Requires.NotNull(headers, "headers");
 			Requires.NotNullOrEmpty(userName, "userName");
 			Requires.NotNull(password, "password");
@@ -169,8 +172,7 @@ namespace DotNetOpenAuth.OAuth2 {
 			string concat = userName + ":" + password;
 			byte[] bits = HttpBasicEncoding.GetBytes(concat);
 			string base64 = Convert.ToBase64String(bits);
-			string header = HttpBasicAuthScheme + base64;
-			headers[HttpRequestHeader.Authorization] = header;
+			headers.Authorization = new AuthenticationHeaderValue(HttpBasicAuthScheme, base64);
 		}
 
 		/// <summary>
@@ -178,12 +180,12 @@ namespace DotNetOpenAuth.OAuth2 {
 		/// </summary>
 		/// <param name="headers">The incoming web headers.</param>
 		/// <returns>The network credentials; or <c>null</c> if none could be discovered in the request.</returns>
-		internal static NetworkCredential ParseHttpBasicAuth(WebHeaderCollection headers) {
+		internal static NetworkCredential ParseHttpBasicAuth(System.Net.Http.Headers.HttpRequestHeaders headers) {
 			Requires.NotNull(headers, "headers");
 
-			string authorizationHeader = headers[HttpRequestHeaders.Authorization];
-			if (authorizationHeader != null && authorizationHeader.StartsWith(HttpBasicAuthScheme, StringComparison.Ordinal)) {
-				string base64 = authorizationHeader.Substring(HttpBasicAuthScheme.Length);
+			var authorizationHeader = headers.Authorization;
+			if (authorizationHeader != null && string.Equals(authorizationHeader.Scheme, HttpBasicAuthScheme, StringComparison.Ordinal)) {
+				string base64 = authorizationHeader.Parameter;
 				byte[] bits = Convert.FromBase64String(base64);
 				string usernameColonPassword = HttpBasicEncoding.GetString(bits);
 				string[] usernameAndPassword = usernameColonPassword.Split(ColonSeparator, 2);
diff --git a/src/DotNetOpenAuth.OAuth2/OAuth2/Protocol.cs b/src/DotNetOpenAuth.OAuth2/OAuth2/Protocol.cs
index d780a81..93cbd93 100644
--- a/src/DotNetOpenAuth.OAuth2/OAuth2/Protocol.cs
+++ b/src/DotNetOpenAuth.OAuth2/OAuth2/Protocol.cs
@@ -22,7 +22,7 @@ namespace DotNetOpenAuth.OAuth2 {
 	/// <summary>
 	/// Protocol constants for OAuth 2.0.
 	/// </summary>
-	internal class Protocol {
+	public class Protocol {
 		/// <summary>
 		/// The HTTP authorization scheme "Bearer";
 		/// </summary>
@@ -135,7 +135,7 @@ namespace DotNetOpenAuth.OAuth2 {
 		/// <summary>
 		/// The "error_uri" string.
 		/// </summary>
-		public const string error_uri = "error_uri";
+		internal const string error_uri = "error_uri";
 
 		/// <summary>
 		/// The "error_description" string.
@@ -169,7 +169,7 @@ namespace DotNetOpenAuth.OAuth2 {
 		/// </summary>
 		/// <param name="version">The OAuth version to get.</param>
 		/// <returns>A matching <see cref="Protocol"/> instance.</returns>
-		public static Protocol Lookup(ProtocolVersion version) {
+		internal static Protocol Lookup(ProtocolVersion version) {
 			switch (version) {
 				case ProtocolVersion.V20: return Protocol.V20;
 				default: throw new ArgumentOutOfRangeException("version");
@@ -177,6 +177,47 @@ namespace DotNetOpenAuth.OAuth2 {
 		}
 
 		/// <summary>
+		/// Error codes that an authorization server can return to a client in response to a malformed or unsupported end user authorization request.
+		/// </summary>
+		public static class EndUserAuthorizationRequestErrorCodes
+		{
+			/// <summary>
+			/// The request is missing a required parameter, includes an unknown parameter or parameter value, or is otherwise malformed.
+			/// </summary>
+			public const string InvalidRequest = "invalid_request";
+
+			/// <summary>
+			/// The client is not authorized to use the requested response type.
+			/// </summary>
+			public const string UnauthorizedClient = "unauthorized_client";
+
+			/// <summary>
+			/// The end-user or authorization server denied the request.
+			/// </summary>
+			public const string AccessDenied = "access_denied";
+
+			/// <summary>
+			/// The requested response type is not supported by the authorization server.
+			/// </summary>
+			public const string UnsupportedResponseType = "unsupported_response_type";
+
+			/// <summary>
+			/// The requested scope is invalid, unknown, or malformed.
+			/// </summary>
+			public const string InvalidScope = "invalid_scope";
+
+			/// <summary>
+			/// The authorization server encountered an unexpected condition which prevented it from fulfilling the request.
+			/// </summary>
+			public const string ServerError = "server_error";
+
+			/// <summary>
+			/// The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server.
+			/// </summary>
+			public const string TemporarilyUnavailable = "temporarily_unavailable";
+		}
+
+		/// <summary>
 		/// Values for the "response_type" parameter.
 		/// </summary>
 		internal static class ResponseTypes
@@ -248,47 +289,6 @@ namespace DotNetOpenAuth.OAuth2 {
 		}
 
 		/// <summary>
-		/// Error codes that an authorization server can return to a client in response to a malformed or unsupported end user authorization request.
-		/// </summary>
-		internal static class EndUserAuthorizationRequestErrorCodes
-		{
-			/// <summary>
-			/// The request is missing a required parameter, includes an unknown parameter or parameter value, or is otherwise malformed.
-			/// </summary>
-			internal const string InvalidRequest = "invalid_request";
-
-			/// <summary>
-			/// The client is not authorized to use the requested response type.
-			/// </summary>
-			internal const string UnauthorizedClient = "unauthorized_client";
-
-			/// <summary>
-			/// The end-user or authorization server denied the request.
-			/// </summary>
-			internal const string AccessDenied = "access_denied";
-
-			/// <summary>
-			/// The requested response type is not supported by the authorization server.
-			/// </summary>
-			internal const string UnsupportedResponseType = "unsupported_response_type";
-
-			/// <summary>
-			/// The requested scope is invalid, unknown, or malformed.
-			/// </summary>
-			internal const string InvalidScope = "invalid_scope";
-
-			/// <summary>
-			/// The authorization server encountered an unexpected condition which prevented it from fulfilling the request.
-			/// </summary>
-			internal const string ServerError = "server_error";
-
-			/// <summary>
-			/// The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server.
-			/// </summary>
-			internal const string TemporarilyUnavailable = "temporarily_unavailable";
-		}
-
-		/// <summary>
 		/// Recognized access token types.
 		/// </summary>
 		internal static class AccessTokenTypes {