diff options
Diffstat (limited to 'src')
14 files changed, 84 insertions, 96 deletions
diff --git a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthServerStrings.Designer.cs b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthServerStrings.Designer.cs index 43a97f3..4b4f830 100644 --- a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthServerStrings.Designer.cs +++ b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthServerStrings.Designer.cs @@ -1,7 +1,7 @@ //------------------------------------------------------------------------------ // <auto-generated> // This code was generated by a tool. -// Runtime Version:4.0.30319.17611 +// Runtime Version:4.0.30319.17614 // // Changes to this file may cause incorrect behavior and will be lost if // the code is regenerated. @@ -70,6 +70,24 @@ namespace DotNetOpenAuth.OAuth2 { } /// <summary> + /// Looks up a localized string similar to The callback URL ({0}) is not allowed for this client.. + /// </summary> + internal static string ClientCallbackDisallowed { + get { + return ResourceManager.GetString("ClientCallbackDisallowed", resourceCulture); + } + } + + /// <summary> + /// Looks up a localized string similar to Failure looking up secret for client or token.. + /// </summary> + internal static string ClientOrTokenSecretNotFound { + get { + return ResourceManager.GetString("ClientOrTokenSecretNotFound", resourceCulture); + } + } + + /// <summary> /// Looks up a localized string similar to The client secret was incorrect.. /// </summary> internal static string ClientSecretMismatch { @@ -86,5 +104,14 @@ namespace DotNetOpenAuth.OAuth2 { return ResourceManager.GetString("InvalidResourceOwnerPasswordCredential", resourceCulture); } } + + /// <summary> + /// Looks up a localized string similar to No callback URI was available for this request.. + /// </summary> + internal static string NoCallback { + get { + return ResourceManager.GetString("NoCallback", resourceCulture); + } + } } } diff --git a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthServerStrings.resx b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthServerStrings.resx index 82b3e81..29d841a 100644 --- a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthServerStrings.resx +++ b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthServerStrings.resx @@ -120,10 +120,19 @@ <data name="AccessScopeExceedsGrantScope" xml:space="preserve"> <value>The requested access scope exceeds the grant scope.</value> </data> + <data name="ClientCallbackDisallowed" xml:space="preserve"> + <value>The callback URL ({0}) is not allowed for this client.</value> + </data> + <data name="ClientOrTokenSecretNotFound" xml:space="preserve"> + <value>Failure looking up secret for client or token.</value> + </data> <data name="ClientSecretMismatch" xml:space="preserve"> <value>The client secret was incorrect.</value> </data> <data name="InvalidResourceOwnerPasswordCredential" xml:space="preserve"> <value>Invalid resource owner password credential.</value> </data> + <data name="NoCallback" xml:space="preserve"> + <value>No callback URI was available for this request.</value> + </data> </root>
\ No newline at end of file diff --git a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthServerUtilities.cs b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthServerUtilities.cs index a59eaa7..dbb1279 100644 --- a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthServerUtilities.cs +++ b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthServerUtilities.cs @@ -32,9 +32,9 @@ namespace DotNetOpenAuth.OAuth2 { ErrorUtilities.VerifyHost(result != null, OAuthStrings.ResultShouldNotBeNull, authorizationServer.GetType().FullName, "GetClient(string)"); return result; } catch (KeyNotFoundException ex) { - throw ErrorUtilities.Wrap(ex, OAuthStrings.ClientOrTokenSecretNotFound); + throw ErrorUtilities.Wrap(ex, AuthServerStrings.ClientOrTokenSecretNotFound); } catch (ArgumentException ex) { - throw ErrorUtilities.Wrap(ex, OAuthStrings.ClientOrTokenSecretNotFound); + throw ErrorUtilities.Wrap(ex, AuthServerStrings.ClientOrTokenSecretNotFound); } } diff --git a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthorizationServer.cs b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthorizationServer.cs index 7770163..70d7838 100644 --- a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthorizationServer.cs +++ b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthorizationServer.cs @@ -237,7 +237,7 @@ namespace DotNetOpenAuth.OAuth2 { // Since the request didn't include a callback URL, look up the callback from // the client's preregistration with this authorization server. Uri defaultCallback = client.DefaultCallback; - ErrorUtilities.VerifyProtocol(defaultCallback != null, OAuthStrings.NoCallback); + ErrorUtilities.VerifyProtocol(defaultCallback != null, AuthServerStrings.NoCallback); return defaultCallback; } diff --git a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs index 43ce243..be4f70d 100644 --- a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs +++ b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs @@ -115,8 +115,8 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { var authorizationRequest = message as EndUserAuthorizationRequest; if (authorizationRequest != null) { var client = this.AuthorizationServer.GetClientOrThrow(authorizationRequest.ClientIdentifier); - ErrorUtilities.VerifyProtocol(authorizationRequest.Callback == null || client.IsCallbackAllowed(authorizationRequest.Callback), OAuthStrings.ClientCallbackDisallowed, authorizationRequest.Callback); - ErrorUtilities.VerifyProtocol(authorizationRequest.Callback != null || client.DefaultCallback != null, OAuthStrings.NoCallback); + ErrorUtilities.VerifyProtocol(authorizationRequest.Callback == null || client.IsCallbackAllowed(authorizationRequest.Callback), AuthServerStrings.ClientCallbackDisallowed, authorizationRequest.Callback); + ErrorUtilities.VerifyProtocol(authorizationRequest.Callback != null || client.DefaultCallback != null, AuthServerStrings.NoCallback); applied = true; } diff --git a/src/DotNetOpenAuth.OAuth2.Client/OAuth2/ChannelElements/OAuth2ClientChannel.cs b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/ChannelElements/OAuth2ClientChannel.cs index 95ec983..4f80a1e 100644 --- a/src/DotNetOpenAuth.OAuth2.Client/OAuth2/ChannelElements/OAuth2ClientChannel.cs +++ b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/ChannelElements/OAuth2ClientChannel.cs @@ -78,7 +78,7 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { } else if (response.ContentType.MediaType == HttpFormUrlEncoded || response.ContentType.MediaType == PlainTextEncoded) { return HttpUtility.ParseQueryString(body).ToDictionary(); } else { - throw ErrorUtilities.ThrowProtocol(OAuthStrings.UnexpectedResponseContentType, response.ContentType.MediaType); + throw ErrorUtilities.ThrowProtocol(OAuth2Strings.UnexpectedResponseContentType, response.ContentType.MediaType); } } diff --git a/src/DotNetOpenAuth.OAuth2.Client/OAuth2/ClientBase.cs b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/ClientBase.cs index 1bda5e0..ea83585 100644 --- a/src/DotNetOpenAuth.OAuth2.Client/OAuth2/ClientBase.cs +++ b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/ClientBase.cs @@ -262,7 +262,7 @@ namespace DotNetOpenAuth.OAuth2 { } else { authorizationState.Delete(); string error = failedAccessTokenResponse != null ? failedAccessTokenResponse.Error : "(unknown)"; - ErrorUtilities.ThrowProtocol(OAuthStrings.CannotObtainAccessTokenWithReason, error); + ErrorUtilities.ThrowProtocol(OAuth2Strings.CannotObtainAccessTokenWithReason, error); } } diff --git a/src/DotNetOpenAuth.OAuth2.Client/OAuth2/OAuth2Strings.Designer.cs b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/OAuth2Strings.Designer.cs index 74c0685..2395cb8 100644 --- a/src/DotNetOpenAuth.OAuth2.Client/OAuth2/OAuth2Strings.Designer.cs +++ b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/OAuth2Strings.Designer.cs @@ -1,7 +1,7 @@ //------------------------------------------------------------------------------ // <auto-generated> // This code was generated by a tool. -// Runtime Version:4.0.30319.261 +// Runtime Version:4.0.30319.17614 // // Changes to this file may cause incorrect behavior and will be lost if // the code is regenerated. @@ -88,6 +88,15 @@ namespace DotNetOpenAuth.OAuth2 { } /// <summary> + /// Looks up a localized string similar to Failed to obtain access token. Authorization Server reports reason: {0}. + /// </summary> + internal static string CannotObtainAccessTokenWithReason { + get { + return ResourceManager.GetString("CannotObtainAccessTokenWithReason", resourceCulture); + } + } + + /// <summary> /// Looks up a localized string similar to The property {0} must be set before this operation is allowed.. /// </summary> internal static string RequiredPropertyNotYetPreset { @@ -95,5 +104,14 @@ namespace DotNetOpenAuth.OAuth2 { return ResourceManager.GetString("RequiredPropertyNotYetPreset", resourceCulture); } } + + /// <summary> + /// Looks up a localized string similar to Unexpected response Content-Type {0}. + /// </summary> + internal static string UnexpectedResponseContentType { + get { + return ResourceManager.GetString("UnexpectedResponseContentType", resourceCulture); + } + } } } diff --git a/src/DotNetOpenAuth.OAuth2.Client/OAuth2/OAuth2Strings.resx b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/OAuth2Strings.resx index 0a41e42..a1ed7cd 100644 --- a/src/DotNetOpenAuth.OAuth2.Client/OAuth2/OAuth2Strings.resx +++ b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/OAuth2Strings.resx @@ -127,7 +127,13 @@ <value>Unexpected OAuth authorization response received with callback and client state that does not match an expected value.</value> <comment>The error message generated when detecting a mismatch between the state sent to the authorization server originally and what we got back with successful authorization, or that the user sessions were not identical between the two requests, suggesting XSRF or other attack on the user (victim).</comment> </data> + <data name="CannotObtainAccessTokenWithReason" xml:space="preserve"> + <value>Failed to obtain access token. Authorization Server reports reason: {0}</value> + </data> <data name="RequiredPropertyNotYetPreset" xml:space="preserve"> <value>The property {0} must be set before this operation is allowed.</value> </data> + <data name="UnexpectedResponseContentType" xml:space="preserve"> + <value>Unexpected response Content-Type {0}</value> + </data> </root>
\ No newline at end of file diff --git a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/ClientAuthorizationStrings.Designer.cs b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/ClientAuthorizationStrings.Designer.cs index 7d33d3e..e7e1b6b 100644 --- a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/ClientAuthorizationStrings.Designer.cs +++ b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/ClientAuthorizationStrings.Designer.cs @@ -1,7 +1,7 @@ //------------------------------------------------------------------------------ // <auto-generated> // This code was generated by a tool. -// Runtime Version:4.0.30319.17611 +// Runtime Version:4.0.30319.17614 // // Changes to this file may cause incorrect behavior and will be lost if // the code is regenerated. @@ -61,6 +61,15 @@ namespace DotNetOpenAuth.OAuth2 { } /// <summary> + /// Looks up a localized string similar to The request message type {0} should not be responded to with a refresh token.. + /// </summary> + internal static string RefreshTokenInappropriateForRequestType { + get { + return ResourceManager.GetString("RefreshTokenInappropriateForRequestType", resourceCulture); + } + } + + /// <summary> /// Looks up a localized string similar to The Authorization Server's token endpoint generated error {0}: '{1}'. /// </summary> internal static string TokenEndpointErrorFormat { diff --git a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/ClientAuthorizationStrings.resx b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/ClientAuthorizationStrings.resx index 5ae922f..da2dd73 100644 --- a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/ClientAuthorizationStrings.resx +++ b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/ClientAuthorizationStrings.resx @@ -117,6 +117,9 @@ <resheader name="writer"> <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value> </resheader> + <data name="RefreshTokenInappropriateForRequestType" xml:space="preserve"> + <value>The request message type {0} should not be responded to with a refresh token.</value> + </data> <data name="TokenEndpointErrorFormat" xml:space="preserve"> <value>The Authorization Server's token endpoint generated error {0}: '{1}'</value> </data> diff --git a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/AccessTokenSuccessResponse.cs b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/AccessTokenSuccessResponse.cs index 5dc3271..1de39a6 100644 --- a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/AccessTokenSuccessResponse.cs +++ b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/AccessTokenSuccessResponse.cs @@ -151,7 +151,7 @@ namespace DotNetOpenAuth.OAuth2.Messages { // Per OAuth 2.0 section 4.4.3 (draft 23), refresh tokens should never be included // in a response to an access token request that used the client credential grant type. - ErrorUtilities.VerifyProtocol(!this.HasRefreshToken || !(this.OriginatingRequest is AccessTokenClientCredentialsRequest), OAuthStrings.RefreshTokenInappropriateForRequestType, this.OriginatingRequest.GetType().Name); + ErrorUtilities.VerifyProtocol(!this.HasRefreshToken || !(this.OriginatingRequest is AccessTokenClientCredentialsRequest), ClientAuthorizationStrings.RefreshTokenInappropriateForRequestType, this.OriginatingRequest.GetType().Name); } } } diff --git a/src/DotNetOpenAuth.OAuth2/OAuth2/OAuthStrings.Designer.cs b/src/DotNetOpenAuth.OAuth2/OAuth2/OAuthStrings.Designer.cs index d975330..051d0d5 100644 --- a/src/DotNetOpenAuth.OAuth2/OAuth2/OAuthStrings.Designer.cs +++ b/src/DotNetOpenAuth.OAuth2/OAuth2/OAuthStrings.Designer.cs @@ -1,7 +1,7 @@ //------------------------------------------------------------------------------ // <auto-generated> // This code was generated by a tool. -// Runtime Version:4.0.30319.17611 +// Runtime Version:4.0.30319.17614 // // Changes to this file may cause incorrect behavior and will be lost if // the code is regenerated. @@ -79,33 +79,6 @@ namespace DotNetOpenAuth.OAuth2 { } /// <summary> - /// Looks up a localized string similar to Failed to obtain access token. Authorization Server reports reason: {0}. - /// </summary> - internal static string CannotObtainAccessTokenWithReason { - get { - return ResourceManager.GetString("CannotObtainAccessTokenWithReason", resourceCulture); - } - } - - /// <summary> - /// Looks up a localized string similar to The callback URL ({0}) is not allowed for this client.. - /// </summary> - internal static string ClientCallbackDisallowed { - get { - return ResourceManager.GetString("ClientCallbackDisallowed", resourceCulture); - } - } - - /// <summary> - /// Looks up a localized string similar to Failure looking up secret for client or token.. - /// </summary> - internal static string ClientOrTokenSecretNotFound { - get { - return ResourceManager.GetString("ClientOrTokenSecretNotFound", resourceCulture); - } - } - - /// <summary> /// Looks up a localized string similar to This message can only be sent over HTTPS.. /// </summary> internal static string HttpsRequired { @@ -115,15 +88,6 @@ namespace DotNetOpenAuth.OAuth2 { } /// <summary> - /// Looks up a localized string similar to Failed to obtain access token due to invalid Client Identifier or Client Secret.. - /// </summary> - internal static string InvalidClientCredentials { - get { - return ResourceManager.GetString("InvalidClientCredentials", resourceCulture); - } - } - - /// <summary> /// Looks up a localized string similar to The scope token "{0}" contains illegal characters or is empty.. /// </summary> internal static string InvalidScopeToken { @@ -133,15 +97,6 @@ namespace DotNetOpenAuth.OAuth2 { } /// <summary> - /// Looks up a localized string similar to No callback URI was available for this request.. - /// </summary> - internal static string NoCallback { - get { - return ResourceManager.GetString("NoCallback", resourceCulture); - } - } - - /// <summary> /// Looks up a localized string similar to Refresh tokens should not be granted without the request including an access grant.. /// </summary> internal static string NoGrantNoRefreshToken { @@ -151,15 +106,6 @@ namespace DotNetOpenAuth.OAuth2 { } /// <summary> - /// Looks up a localized string similar to The request message type {0} should not be responded to with a refresh token.. - /// </summary> - internal static string RefreshTokenInappropriateForRequestType { - get { - return ResourceManager.GetString("RefreshTokenInappropriateForRequestType", resourceCulture); - } - } - - /// <summary> /// Looks up a localized string similar to The return value of {0}.{1} should never be null.. /// </summary> internal static string ResultShouldNotBeNull { @@ -176,14 +122,5 @@ namespace DotNetOpenAuth.OAuth2 { return ResourceManager.GetString("ScopesMayNotContainSpaces", resourceCulture); } } - - /// <summary> - /// Looks up a localized string similar to Unexpected response Content-Type {0}. - /// </summary> - internal static string UnexpectedResponseContentType { - get { - return ResourceManager.GetString("UnexpectedResponseContentType", resourceCulture); - } - } } } diff --git a/src/DotNetOpenAuth.OAuth2/OAuth2/OAuthStrings.resx b/src/DotNetOpenAuth.OAuth2/OAuth2/OAuthStrings.resx index 11c24f4..4d9d248 100644 --- a/src/DotNetOpenAuth.OAuth2/OAuth2/OAuthStrings.resx +++ b/src/DotNetOpenAuth.OAuth2/OAuth2/OAuthStrings.resx @@ -123,40 +123,19 @@ <data name="AccessTokenInvalidForHttpAuthorizationHeader" xml:space="preserve"> <value>The access token contains characters that must not appear in the HTTP Authorization header.</value> </data> - <data name="CannotObtainAccessTokenWithReason" xml:space="preserve"> - <value>Failed to obtain access token. Authorization Server reports reason: {0}</value> - </data> - <data name="ClientCallbackDisallowed" xml:space="preserve"> - <value>The callback URL ({0}) is not allowed for this client.</value> - </data> - <data name="ClientOrTokenSecretNotFound" xml:space="preserve"> - <value>Failure looking up secret for client or token.</value> - </data> <data name="HttpsRequired" xml:space="preserve"> <value>This message can only be sent over HTTPS.</value> </data> - <data name="InvalidClientCredentials" xml:space="preserve"> - <value>Failed to obtain access token due to invalid Client Identifier or Client Secret.</value> - </data> <data name="InvalidScopeToken" xml:space="preserve"> <value>The scope token "{0}" contains illegal characters or is empty.</value> </data> - <data name="NoCallback" xml:space="preserve"> - <value>No callback URI was available for this request.</value> - </data> <data name="NoGrantNoRefreshToken" xml:space="preserve"> <value>Refresh tokens should not be granted without the request including an access grant.</value> </data> - <data name="RefreshTokenInappropriateForRequestType" xml:space="preserve"> - <value>The request message type {0} should not be responded to with a refresh token.</value> - </data> <data name="ResultShouldNotBeNull" xml:space="preserve"> <value>The return value of {0}.{1} should never be null.</value> </data> <data name="ScopesMayNotContainSpaces" xml:space="preserve"> <value>Individual scopes may not contain spaces.</value> </data> - <data name="UnexpectedResponseContentType" xml:space="preserve"> - <value>Unexpected response Content-Type {0}</value> - </data> </root>
\ No newline at end of file |