3 files changed, 16 insertions, 7 deletions

diff --git a/src/DotNetOpenAuth/Messaging/Channel.cs b/src/DotNetOpenAuth/Messaging/Channel.cs
index c0a20ab..0813d17 100644
--- a/src/DotNetOpenAuth/Messaging/Channel.cs
+++ b/src/DotNetOpenAuth/Messaging/Channel.cs
@@ -386,6 +386,8 @@ namespace DotNetOpenAuth.Messaging {
 		public TResponse Request<TResponse>(IDirectedProtocolMessage requestMessage)
 			where TResponse : class, IProtocolMessage {
 			Contract.Requires(requestMessage != null);
+			Contract.Ensures(Contract.Result<TResponse>() != null);
+
 			IProtocolMessage response = this.Request(requestMessage);
 			ErrorUtilities.VerifyProtocol(response != null, MessagingStrings.ExpectedMessageNotReceived, typeof(TResponse));
 
diff --git a/src/DotNetOpenAuth/OAuth/ConsumerBase.cs b/src/DotNetOpenAuth/OAuth/ConsumerBase.cs
index dbeb006..58f8f60 100644
--- a/src/DotNetOpenAuth/OAuth/ConsumerBase.cs
+++ b/src/DotNetOpenAuth/OAuth/ConsumerBase.cs
@@ -8,6 +8,7 @@ namespace DotNetOpenAuth.OAuth {
 	using System;
 	using System.Collections.Generic;
 	using System.Diagnostics.CodeAnalysis;
+	using System.Diagnostics.Contracts;
 	using System.Net;
 	using DotNetOpenAuth.Messaging;
 	using DotNetOpenAuth.Messaging.Bindings;
@@ -145,12 +146,10 @@ namespace DotNetOpenAuth.OAuth {
 		/// <param name="accessToken">The access token that permits access to the protected resource.</param>
 		/// <returns>The initialized WebRequest object.</returns>
 		protected internal AccessProtectedResourceRequest CreateAuthorizingMessage(MessageReceivingEndpoint endpoint, string accessToken) {
-			if (endpoint == null) {
-				throw new ArgumentNullException("endpoint");
-			}
-			if (String.IsNullOrEmpty(accessToken)) {
-				throw new ArgumentNullException("accessToken");
-			}
+			Contract.Requires(endpoint != null);
+			Contract.Requires(!String.IsNullOrEmpty(accessToken));
+			ErrorUtilities.VerifyArgumentNotNull(endpoint, "endpoint");
+			ErrorUtilities.VerifyNonZeroLength(accessToken, "accessToken");
 
 			AccessProtectedResourceRequest message = new AccessProtectedResourceRequest(endpoint) {
 				AccessToken = accessToken,
@@ -166,6 +165,10 @@ namespace DotNetOpenAuth.OAuth {
 		/// <param name="requestToken">The request token that the user has authorized.</param>
 		/// <returns>The access token assigned by the Service Provider.</returns>
 		protected AuthorizedTokenResponse ProcessUserAuthorization(string requestToken) {
+			Contract.Requires(!String.IsNullOrEmpty(requestToken));
+			Contract.Ensures(Contract.Result<AuthorizedTokenResponse>() != null);
+			ErrorUtilities.VerifyNonZeroLength(requestToken, "requestToken");
+
 			var requestAccess = new AuthorizedTokenRequest(this.ServiceProvider.AccessTokenEndpoint) {
 				RequestToken = requestToken,
 				ConsumerKey = this.ConsumerKey,
diff --git a/src/DotNetOpenAuth/OAuth/WebConsumer.cs b/src/DotNetOpenAuth/OAuth/WebConsumer.cs
index bbf6115..1d70f59 100644
--- a/src/DotNetOpenAuth/OAuth/WebConsumer.cs
+++ b/src/DotNetOpenAuth/OAuth/WebConsumer.cs
@@ -7,6 +7,7 @@
 namespace DotNetOpenAuth.OAuth {
 	using System;
 	using System.Collections.Generic;
+	using System.Diagnostics.Contracts;
 	using System.Web;
 	using DotNetOpenAuth.Messaging;
 	using DotNetOpenAuth.OAuth.ChannelElements;
@@ -75,7 +76,10 @@ namespace DotNetOpenAuth.OAuth {
 		/// </summary>
 		/// <param name="request">The incoming HTTP request.</param>
 		/// <returns>The access token, or null if no incoming authorization message was recognized.</returns>
-		internal AuthorizedTokenResponse ProcessUserAuthorization(HttpRequestInfo request) {
+		public AuthorizedTokenResponse ProcessUserAuthorization(HttpRequestInfo request) {
+			Contract.Requires(request != null);
+			ErrorUtilities.VerifyArgumentNotNull(request, "request");
+
 			UserAuthorizationResponse authorizationMessage;
 			if (this.Channel.TryReadFromRequest<UserAuthorizationResponse>(request, out authorizationMessage)) {
 				string requestToken = authorizationMessage.RequestToken;