summaryrefslogtreecommitdiffstats
path: root/src/DotNetOpenAuth/OAuth2/UserAgentClient.cs
diff options
context:
space:
mode:
Diffstat (limited to 'src/DotNetOpenAuth/OAuth2/UserAgentClient.cs')
-rw-r--r--src/DotNetOpenAuth/OAuth2/UserAgentClient.cs18
1 files changed, 14 insertions, 4 deletions
diff --git a/src/DotNetOpenAuth/OAuth2/UserAgentClient.cs b/src/DotNetOpenAuth/OAuth2/UserAgentClient.cs
index 1a30af0..db73cd9 100644
--- a/src/DotNetOpenAuth/OAuth2/UserAgentClient.cs
+++ b/src/DotNetOpenAuth/OAuth2/UserAgentClient.cs
@@ -36,6 +36,12 @@ namespace DotNetOpenAuth.OAuth2 {
Contract.Requires<ArgumentNullException>(authorizationEndpoint != null, "authorizationEndpoint");
}
+ // TODO: remove this. user agent clients can't keep secrets.
+ public new string ClientSecret {
+ get { return base.ClientSecret; }
+ set { base.ClientSecret = value; }
+ }
+
/// <summary>
/// Generates a URL that the user's browser can be directed to in order to authorize
/// this client to access protected data at some resource server.
@@ -65,7 +71,8 @@ namespace DotNetOpenAuth.OAuth2 {
ClientIdentifier = this.ClientIdentifier,
Scope = authorization.Scope,
Callback = authorization.Callback,
- ResponseType = EndUserAuthorizationResponseType.AccessToken,
+ // TODO: bring back ResponseType = AccessToken, since user agents can't keep secrets, thus can't process authorization codes.
+ //ResponseType = EndUserAuthorizationResponseType.AccessToken,
};
return this.Channel.PrepareResponse(request).GetDirectUriRequest(this.Channel);
@@ -90,10 +97,13 @@ namespace DotNetOpenAuth.OAuth2 {
return null;
}
- EndUserAuthorizationSuccessAccessTokenResponse success;
+ EndUserAuthorizationSuccessAccessTokenResponse accessTokenSuccess;
+ EndUserAuthorizationSuccessAuthCodeResponse authCodeSuccess;
EndUserAuthorizationFailedResponse failure;
- if ((success = response as EndUserAuthorizationSuccessAccessTokenResponse) != null) {
- this.UpdateAuthorizationWithResponse(authorizationState, success);
+ if ((accessTokenSuccess = response as EndUserAuthorizationSuccessAccessTokenResponse) != null) {
+ this.UpdateAuthorizationWithResponse(authorizationState, accessTokenSuccess);
+ } else if ((authCodeSuccess = response as EndUserAuthorizationSuccessAuthCodeResponse) != null) {
+ this.UpdateAuthorizationWithResponse(authorizationState, authCodeSuccess);
} else if ((failure = response as EndUserAuthorizationFailedResponse) != null) {
authorizationState.Delete();
return null;
generated by cgit v1.1 at 2025-06-06 23:18:58 +0000