2 files changed, 63 insertions, 0 deletions

diff --git a/src/DotNetOpenAuth.OpenIdOAuth/OAuth/ChannelElements/ICombinedOpenIdProviderTokenManager.cs b/src/DotNetOpenAuth.OpenIdOAuth/OAuth/ChannelElements/ICombinedOpenIdProviderTokenManager.cs
new file mode 100644
index 0000000..d6a7e93
--- /dev/null
+++ b/src/DotNetOpenAuth.OpenIdOAuth/OAuth/ChannelElements/ICombinedOpenIdProviderTokenManager.cs
@@ -0,0 +1,33 @@
+//-----------------------------------------------------------------------
+// <copyright file="ICombinedOpenIdProviderTokenManager.cs" company="Outercurve Foundation">
+//     Copyright (c) Outercurve Foundation. All rights reserved.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace DotNetOpenAuth.OAuth.ChannelElements {
+	using DotNetOpenAuth.OpenId;
+
+	/// <summary>
+	/// An interface that providers that play a dual role as OpenID Provider
+	/// and OAuth Service Provider should implement on their token manager classes.
+	/// </summary>
+	/// <remarks>
+	/// This interface should be implemented by the same class that implements
+	/// <see cref="ITokenManager"/> in order to enable the OpenID+OAuth extension.
+	/// </remarks>
+	public interface ICombinedOpenIdProviderTokenManager : IOpenIdOAuthTokenManager, ITokenManager {
+		/// <summary>
+		/// Gets the OAuth consumer key for a given OpenID relying party realm.
+		/// </summary>
+		/// <param name="realm">The relying party's OpenID realm.</param>
+		/// <returns>The OAuth consumer key for a given OpenID realm.</returns>
+		/// <para>This is a security-critical function.  Since OpenID requests 
+		/// and OAuth extensions for those requests can be formulated by ANYONE 
+		/// (no signing is required by the relying party), and since the response to 
+		/// the authentication will include access the user is granted to the 
+		/// relying party who CLAIMS to be from some realm, it is of paramount 
+		/// importance that the realm is recognized as belonging to the consumer 
+		/// key by the host service provider in order to protect against phishers.</para>
+		string GetConsumerKey(Realm realm);
+	}
+}
diff --git a/src/DotNetOpenAuth.OpenIdOAuth/OAuth/ChannelElements/IOpenIdOAuthTokenManager.cs b/src/DotNetOpenAuth.OpenIdOAuth/OAuth/ChannelElements/IOpenIdOAuthTokenManager.cs
new file mode 100644
index 0000000..3f3c1d9
--- /dev/null
+++ b/src/DotNetOpenAuth.OpenIdOAuth/OAuth/ChannelElements/IOpenIdOAuthTokenManager.cs
@@ -0,0 +1,30 @@
+//-----------------------------------------------------------------------
+// <copyright file="IOpenIdOAuthTokenManager.cs" company="Outercurve Foundation">
+//     Copyright (c) Outercurve Foundation. All rights reserved.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace DotNetOpenAuth.OAuth.ChannelElements {
+	using DotNetOpenAuth.OpenId;
+	using DotNetOpenAuth.OpenId.Extensions.OAuth;
+
+	/// <summary>
+	/// Additional methods an <see cref="ITokenManager"/> implementing class
+	/// may implement to support the OpenID+OAuth extension.
+	/// </summary>
+	public interface IOpenIdOAuthTokenManager {
+		/// <summary>
+		/// Stores a new request token obtained over an OpenID request.
+		/// </summary>
+		/// <param name="consumerKey">The consumer key.</param>
+		/// <param name="authorization">The authorization message carrying the request token and authorized access scope.</param>
+		/// <remarks>
+		/// <para>The token secret is the empty string.</para>
+		/// <para>Tokens stored by this method should be short-lived to mitigate 
+		/// possible security threats.  Their lifetime should be sufficient for the
+		/// relying party to receive the positive authentication assertion and immediately
+		/// send a follow-up request for the access token.</para>
+		/// </remarks>
+		void StoreOpenIdAuthorizedRequestToken(string consumerKey, AuthorizationApprovedResponse authorization);
+	}
+}