1 files changed, 70 insertions, 1 deletions

diff --git a/src/DotNetOpenId/RelyingParty/IAuthenticationResponse.cs b/src/DotNetOpenId/RelyingParty/IAuthenticationResponse.cs
index 382b080..c73859f 100644
--- a/src/DotNetOpenId/RelyingParty/IAuthenticationResponse.cs
+++ b/src/DotNetOpenId/RelyingParty/IAuthenticationResponse.cs
@@ -1,6 +1,7 @@
 using System;

 using System.Collections.Generic;

 using System.Text;

+using System.Web;

 using DotNetOpenId.Extensions;

 

 namespace DotNetOpenId.RelyingParty {

@@ -17,6 +18,32 @@ namespace DotNetOpenId.RelyingParty {
 	/// </remarks>

 	public interface IAuthenticationResponse {

 		/// <summary>

+		/// Gets a callback argument's value that was previously added using 

+		/// <see cref="IAuthenticationRequest.AddCallbackArguments(string, string)"/>.

+		/// </summary>

+		/// <returns>The value of the argument, or null if the named parameter could not be found.</returns>

+		/// <remarks>

+		/// <para>This may return any argument on the querystring that came with the authentication response,

+		/// which may include parameters not explicitly added using 

+		/// <see cref="IAuthenticationRequest.AddCallbackArguments(string, string)"/>.</para>

+		/// <para>Note that these values are NOT protected against tampering in transit.</para>

+		/// </remarks>

+		string GetCallbackArgument(string key);

+		/// <summary>

+		/// Gets all the callback arguments that were previously added using 

+		/// <see cref="IAuthenticationRequest.AddCallbackArguments(string, string)"/> or as a natural part

+		/// of the return_to URL.

+		/// </summary>

+		/// <returns>A name-value dictionary.  Never null.</returns>

+		/// <remarks>

+		/// <para>This MAY return any argument on the querystring that came with the authentication response,

+		/// which may include parameters not explicitly added using 

+		/// <see cref="IAuthenticationRequest.AddCallbackArguments(string, string)"/>.</para>

+		/// <para>Note that these values are NOT protected against tampering in transit.</para>

+		/// </remarks>

+		[System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Design", "CA1024:UsePropertiesWhereAppropriate")]

+		IDictionary<string, string> GetCallbackArguments();

+		/// <summary>

 		/// Tries to get an OpenID extension that may be present in the response.

 		/// </summary>

 		/// <returns>The extension, if it is found.  Null otherwise.</returns>

@@ -28,10 +55,52 @@ namespace DotNetOpenId.RelyingParty {
 		/// <returns>The extension, if it is found.  Null otherwise.</returns>

 		IExtensionResponse GetExtension(Type extensionType);

 		/// <summary>

-		/// An Identifier that the end user claims to own.

+		/// An Identifier that the end user claims to own.  For use with user database storage and lookup.

+		/// May be null for some failed authentications (i.e. failed directed identity authentications).

 		/// </summary>

+		/// <remarks>

+		/// <para>

+		/// This is the secure identifier that should be used for database storage and lookup.

+		/// It is not always friendly (i.e. =Arnott becomes =!9B72.7DD1.50A9.5CCD), but it protects

+		/// user identities against spoofing and other attacks.  

+		/// </para>

+		/// <para>

+		/// For user-friendly identifiers to display, use the 

+		/// <see cref="FriendlyIdentifierForDisplay"/> property.

+		/// </para>

+		/// </remarks>

 		Identifier ClaimedIdentifier { get; }

 		/// <summary>

+		/// Gets a user-friendly OpenID Identifier for display purposes ONLY.

+		/// </summary>

+		/// <remarks>

+		/// <para>

+		/// This <i>should</i> be put through <see cref="HttpUtility.HtmlEncode(string)"/> before

+		/// sending to a browser to secure against javascript injection attacks.

+		/// </para>

+		/// <para>

+		/// This property retains some aspects of the user-supplied identifier that get lost

+		/// in the <see cref="ClaimedIdentifier"/>.  For example, XRIs used as user-supplied

+		/// identifiers (i.e. =Arnott) become unfriendly unique strings (i.e. =!9B72.7DD1.50A9.5CCD).

+		/// For display purposes, such as text on a web page that says "You're logged in as ...",

+		/// this property serves to provide the =Arnott string, or whatever else is the most friendly

+		/// string close to what the user originally typed in.

+		/// </para>

+		/// <para>

+		/// If the user-supplied identifier is a URI, this property will be the URI after all 

+		/// redirects, and with the protocol and fragment trimmed off.

+		/// If the user-supplied identifier is an XRI, this property will be the original XRI.

+		/// If the user-supplied identifier is an OpenID Provider identifier (i.e. yahoo.com), 

+		/// this property will be the Claimed Identifier, with the protocol stripped if it is a URI.

+		/// </para>

+		/// <para>

+		/// It is <b>very</b> important that this property <i>never</i> be used for database storage

+		/// or lookup to avoid identity spoofing and other security risks.  For database storage

+		/// and lookup please use the <see cref="ClaimedIdentifier"/> property.

+		/// </para>

+		/// </remarks>

+		string FriendlyIdentifierForDisplay { get; }

+		/// <summary>

 		/// The detailed success or failure status of the authentication attempt.

 		/// </summary>

 		AuthenticationStatus Status { get; }