//----------------------------------------------------------------------- // // Copyright (c) Outercurve Foundation. All rights reserved. // //----------------------------------------------------------------------- namespace DotNetOpenAuth.OAuth2.ChannelElements { using System; using System.Collections.Generic; using System.Collections.Specialized; using System.Net; using System.Net.Http; using System.Threading; using System.Threading.Tasks; using System.Web; using System.Xml; using DotNetOpenAuth.Messaging; using DotNetOpenAuth.OAuth2.Messages; ///

/// The messaging channel used by OAuth 2.0 Clients. ///

internal class OAuth2ClientChannel : OAuth2ChannelBase, IOAuth2ChannelWithClient { ///

/// The messages receivable by this channel. ///

private static readonly Type[] MessageTypes = new Type[] { typeof(AccessTokenSuccessResponse), typeof(AccessTokenFailedResponse), typeof(EndUserAuthorizationSuccessAuthCodeResponse), typeof(EndUserAuthorizationSuccessAccessTokenResponse), typeof(EndUserAuthorizationFailedResponse), typeof(UnauthorizedResponse), }; ///

/// Initializes a new instance of the class. ///

internal OAuth2ClientChannel() : base(MessageTypes) { } ///

/// Gets or sets the identifier by which this client is known to the Authorization Server. ///

public string ClientIdentifier { get; set; } ///

/// Gets or sets the tool to use to apply client credentials to authenticated requests to the Authorization Server. ///

/// May be null if this client has no client secret. public ClientCredentialApplicator ClientCredentialApplicator { get; set; } ///

/// Gets quotas used when deserializing JSON. ///

public XmlDictionaryReaderQuotas JsonReaderQuotas { get { return this.XmlDictionaryReaderQuotas; } } ///

/// Prepares an HTTP request that carries a given message. ///

/// The message to send. /// /// The prepared to send the request. /// /// /// This method must be overridden by a derived class, unless the method /// is overridden and does not require this method. /// protected override HttpRequestMessage CreateHttpRequest(IDirectedProtocolMessage request) { HttpRequestMessage httpRequest; if ((request.HttpMethods & HttpDeliveryMethods.GetRequest) != 0) { httpRequest = InitializeRequestAsGet(request); } else if ((request.HttpMethods & HttpDeliveryMethods.PostRequest) != 0) { httpRequest = InitializeRequestAsPost(request); } else { throw new NotSupportedException(); } return httpRequest; } ///

/// Gets the protocol message that may be in the given HTTP response. ///

/// The response that is anticipated to contain an protocol message. /// /// The deserialized message parts, if found. Null otherwise. /// /// Thrown when the response is not valid. protected override async Task> ReadFromResponseCoreAsync(HttpResponseMessage response) { // The spec says direct responses should be JSON objects, but Facebook uses HttpFormUrlEncoded instead, calling it text/plain // Others return text/javascript. Again bad. string body = await response.Content.ReadAsStringAsync(); var contentType = response.Content.Headers.ContentType.MediaType; if (contentType == JsonEncoded || contentType == JsonTextEncoded) { return this.DeserializeFromJson(body); } else if (contentType == HttpFormUrlEncoded || contentType == PlainTextEncoded) { return HttpUtility.ParseQueryString(body).ToDictionary(); } else { throw ErrorUtilities.ThrowProtocol(ClientStrings.UnexpectedResponseContentType, contentType); } } ///

/// Gets the protocol message that may be embedded in the given HTTP request. ///

/// The request to search for an embedded message. /// The cancellation token. /// /// The deserialized message, if one is found. Null otherwise. /// protected override IDirectedProtocolMessage ReadFromRequestCore(HttpRequestBase request, CancellationToken cancellationToken) { Logger.Channel.DebugFormat("Incoming HTTP request: {0} {1}", request.HttpMethod, request.GetPublicFacingUrl().AbsoluteUri); var fields = request.GetQueryStringBeforeRewriting().ToDictionary(); // Also read parameters from the fragment, if it's available. // Typically the fragment is not available because the browser doesn't send it to a web server // but this request may have been fabricated by an installed desktop app, in which case // the fragment is available. string fragment = request.Url.Fragment; if (!string.IsNullOrEmpty(fragment)) { foreach (var pair in HttpUtility.ParseQueryString(fragment.Substring(1)).ToDictionary()) { fields.Add(pair.Key, pair.Value); } } MessageReceivingEndpoint recipient; try { recipient = request.GetRecipient(); } catch (ArgumentException ex) { Logger.Messaging.WarnFormat("Unrecognized HTTP request: ", ex); return null; } return (IDirectedProtocolMessage)this.Receive(fields, recipient); } ///

/// Queues a message for sending in the response stream where the fields /// are sent in the response stream in querystring style. ///

/// The message to send as a response. /// /// The pending user agent redirect based message to be sent as an HttpResponse. /// /// /// This method implements spec OAuth V1.0 section 5.3. /// protected override HttpResponseMessage PrepareDirectResponse(IProtocolMessage response) { // Clients don't ever send direct responses. throw new NotImplementedException(); } ///

/// Performs additional processing on an outgoing web request before it is sent to the remote server. ///

/// The request. protected override void PrepareHttpWebRequest(HttpRequestMessage request) { base.PrepareHttpWebRequest(request); if (this.ClientCredentialApplicator != null) { this.ClientCredentialApplicator.ApplyClientCredential(this.ClientIdentifier, request); } } } }