//----------------------------------------------------------------------- // // Copyright (c) Andrew Arnott. All rights reserved. // //----------------------------------------------------------------------- namespace DotNetOpenAuth.OAuth2 { using System.Collections.Generic; using Validation; ///

/// The default scope superset checker, which assumes that no scopes overlap. ///

internal class StandardScopeSatisfiedCheck : IScopeSatisfiedCheck { ///

/// Checks whether the granted scope is a superset of the required scope. ///

/// The set of strings that the resource server demands in an access token's scope in order to complete some operation. /// The set of strings that define the scope within an access token that the client is authorized to. /// true if is a superset of to allow the request to proceed; false otherwise. /// /// The default reasonable implementation of this is: ///


		///     return .IsSupersetOf();
		///

/// In some advanced cases it may not be so simple. One case is that there may be a string that aggregates the capabilities of several others /// in order to simplify common scenarios. For example, the scope "ReadAll" may represent the same authorization as "ReadProfile", "ReadEmail", and /// "ReadFriends". /// /// Great care should be taken in implementing this method as this is a critical security module for the authorization and resource servers. /// public bool IsScopeSatisfied(HashSet requiredScope, HashSet grantedScope) { Requires.NotNull(requiredScope, "requiredScope"); Requires.NotNull(grantedScope, "grantedScope"); return grantedScope.IsSupersetOf(requiredScope); } } }