1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
|
//-----------------------------------------------------------------------
// <copyright file="ClientCredentialApplicator.cs" company="Andrew Arnott">
// Copyright (c) Andrew Arnott. All rights reserved.
// </copyright>
//-----------------------------------------------------------------------
namespace DotNetOpenAuth.OAuth2 {
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Text;
using DotNetOpenAuth.Messaging;
using DotNetOpenAuth.OAuth2.Messages;
/// <summary>
/// A base class for extensions that apply client authentication to messages for the authorization server in specific ways.
/// </summary>
public abstract class ClientCredentialApplicator {
/// <summary>
/// Initializes a new instance of the <see cref="ClientCredentialApplicator"/> class.
/// </summary>
protected ClientCredentialApplicator() {
}
/// <summary>
/// Transmits the secret the client shares with the authorization server as a parameter in the POST entity payload.
/// </summary>
/// <param name="clientSecret">The secret the client shares with the authorization server.</param>
/// <returns>The credential applicator to provide to the <see cref="ClientBase"/> instance.</returns>
public static ClientCredentialApplicator PostParameter(string clientSecret) {
Requires.NotNullOrEmpty(clientSecret, "clientSecret");
return new PostParameterApplicator(clientSecret);
}
/// <summary>
/// Transmits the client identifier and secret in the HTTP Authorization header via HTTP Basic authentication.
/// </summary>
/// <param name="credential">The client id and secret.</param>
/// <returns>The credential applicator to provide to the <see cref="ClientBase"/> instance.</returns>
public static ClientCredentialApplicator NetworkCredential(NetworkCredential credential) {
Requires.NotNull(credential, "credential");
return new NetworkCredentialApplicator(credential);
}
/// <summary>
/// Transmits the client identifier and secret in the HTTP Authorization header via HTTP Basic authentication.
/// </summary>
/// <param name="clientSecret">The secret the client shares with the authorization server.</param>
/// <returns>The credential applicator to provide to the <see cref="ClientBase"/> instance.</returns>
public static ClientCredentialApplicator NetworkCredential(string clientSecret) {
Requires.NotNullOrEmpty(clientSecret, "clientSecret");
return new NetworkCredentialApplicator(clientSecret);
}
/// <summary>
/// Never transmits a secret. Useful for anonymous clients or clients unable to keep a secret.
/// </summary>
/// <returns>The credential applicator to provide to the <see cref="ClientBase"/> instance.</returns>
public static ClientCredentialApplicator NoSecret() {
return null;
}
/// <summary>
/// Applies the client identifier and (when applicable) the client authentication to an outbound message.
/// </summary>
/// <param name="clientIdentifier">The identifier by which the authorization server should recognize this client.</param>
/// <param name="request">The outbound message to apply authentication information to.</param>
public virtual void ApplyClientCredential(string clientIdentifier, AuthenticatedClientRequestBase request) {
}
/// <summary>
/// Applies the client identifier and (when applicable) the client authentication to an outbound message.
/// </summary>
/// <param name="clientIdentifier">The identifier by which the authorization server should recognize this client.</param>
/// <param name="request">The outbound message to apply authentication information to.</param>
public virtual void ApplyClientCredential(string clientIdentifier, HttpWebRequest request) {
}
/// <summary>
/// Authenticates the client via HTTP Basic.
/// </summary>
private class NetworkCredentialApplicator : ClientCredentialApplicator {
/// <summary>
/// The client identifier and secret.
/// </summary>
private readonly NetworkCredential credential;
/// <summary>
/// The client secret.
/// </summary>
private readonly string clientSecret;
/// <summary>
/// Initializes a new instance of the <see cref="NetworkCredentialApplicator"/> class.
/// </summary>
/// <param name="clientSecret">The client secret.</param>
internal NetworkCredentialApplicator(string clientSecret) {
Requires.NotNullOrEmpty(clientSecret, "clientSecret");
this.clientSecret = clientSecret;
}
/// <summary>
/// Initializes a new instance of the <see cref="NetworkCredentialApplicator"/> class.
/// </summary>
/// <param name="credential">The client credential.</param>
internal NetworkCredentialApplicator(NetworkCredential credential) {
Requires.NotNull(credential, "credential");
this.credential = credential;
}
/// <summary>
/// Applies the client identifier and (when applicable) the client authentication to an outbound message.
/// </summary>
/// <param name="clientIdentifier">The identifier by which the authorization server should recognize this client.</param>
/// <param name="request">The outbound message to apply authentication information to.</param>
public override void ApplyClientCredential(string clientIdentifier, AuthenticatedClientRequestBase request) {
// When using network credentials, the client authentication is not done as standard message parts.
request.ClientIdentifier = null;
request.ClientSecret = null;
}
/// <summary>
/// Applies the client identifier and (when applicable) the client authentication to an outbound message.
/// </summary>
/// <param name="clientIdentifier">The identifier by which the authorization server should recognize this client.</param>
/// <param name="request">The outbound message to apply authentication information to.</param>
public override void ApplyClientCredential(string clientIdentifier, HttpWebRequest request) {
if (this.credential != null && this.credential.UserName == clientIdentifier) {
ErrorUtilities.VerifyHost(false, "Client identifiers \"{0}\" and \"{1}\" do not match.", this.credential.UserName, clientIdentifier);
}
request.Credentials = this.credential ?? new NetworkCredential(clientIdentifier, this.clientSecret);
}
}
/// <summary>
/// Authenticates the client via a client_secret parameter in the message.
/// </summary>
private class PostParameterApplicator : ClientCredentialApplicator {
/// <summary>
/// The client secret.
/// </summary>
private readonly string secret;
/// <summary>
/// Initializes a new instance of the <see cref="PostParameterApplicator"/> class.
/// </summary>
/// <param name="clientSecret">The client secret.</param>
internal PostParameterApplicator(string clientSecret) {
Requires.NotNullOrEmpty(clientSecret, "clientSecret");
this.secret = clientSecret;
}
/// <summary>
/// Applies the client identifier and (when applicable) the client authentication to an outbound message.
/// </summary>
/// <param name="clientIdentifier">The identifier by which the authorization server should recognize this client.</param>
/// <param name="request">The outbound message to apply authentication information to.</param>
public override void ApplyClientCredential(string clientIdentifier, AuthenticatedClientRequestBase request) {
request.ClientSecret = this.secret;
}
}
}
}
|
