diff options
Diffstat (limited to 'src/DotNetOpenAuth.OAuth2/OAuth2')
-rw-r--r-- | src/DotNetOpenAuth.OAuth2/OAuth2/ChannelElements/AuthorizationCode.cs | 7 | ||||
-rw-r--r-- | src/DotNetOpenAuth.OAuth2/OAuth2/Messages/AccessTokenAuthorizationCodeRequest.cs | 5 |
2 files changed, 9 insertions, 3 deletions
diff --git a/src/DotNetOpenAuth.OAuth2/OAuth2/ChannelElements/AuthorizationCode.cs b/src/DotNetOpenAuth.OAuth2/OAuth2/ChannelElements/AuthorizationCode.cs index ad9730a..6199178 100644 --- a/src/DotNetOpenAuth.OAuth2/OAuth2/ChannelElements/AuthorizationCode.cs +++ b/src/DotNetOpenAuth.OAuth2/OAuth2/ChannelElements/AuthorizationCode.cs @@ -33,12 +33,11 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { /// Initializes a new instance of the <see cref="AuthorizationCode"/> class. /// </summary> /// <param name="clientIdentifier">The client identifier.</param> - /// <param name="callback">The callback the client used to obtain authorization.</param> + /// <param name="callback">The callback the client used to obtain authorization, if one was explicitly included in the request.</param> /// <param name="scopes">The authorized scopes.</param> /// <param name="username">The name on the account that authorized access.</param> internal AuthorizationCode(string clientIdentifier, Uri callback, IEnumerable<string> scopes, string username) { Requires.NotNullOrEmpty(clientIdentifier, "clientIdentifier"); - Requires.NotNull(callback, "callback"); this.ClientIdentifier = clientIdentifier; this.CallbackHash = CalculateCallbackHash(callback); @@ -96,6 +95,10 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { /// </returns> [SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "False positive.")] private static byte[] CalculateCallbackHash(Uri callback) { + if (callback == null) { + return null; + } + using (var hasher = new SHA256Managed()) { return hasher.ComputeHash(Encoding.UTF8.GetBytes(callback.AbsoluteUri)); } diff --git a/src/DotNetOpenAuth.OAuth2/OAuth2/Messages/AccessTokenAuthorizationCodeRequest.cs b/src/DotNetOpenAuth.OAuth2/OAuth2/Messages/AccessTokenAuthorizationCodeRequest.cs index 7c7cdc7..4931040 100644 --- a/src/DotNetOpenAuth.OAuth2/OAuth2/Messages/AccessTokenAuthorizationCodeRequest.cs +++ b/src/DotNetOpenAuth.OAuth2/OAuth2/Messages/AccessTokenAuthorizationCodeRequest.cs @@ -81,7 +81,10 @@ namespace DotNetOpenAuth.OAuth2.Messages { /// <value> /// The Callback URL used to obtain the Verification Code. /// </value> - [MessagePart(Protocol.redirect_uri, IsRequired = true)] + /// <remarks> + /// REQUIRED, if the redirect_uri parameter was included in the authorization request as described in Section 4.1.1, and their values MUST be identical. + /// </remarks> + [MessagePart(Protocol.redirect_uri, IsRequired = false)] internal Uri Callback { get; set; } /// <summary> |