1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
|
//-----------------------------------------------------------------------
// <copyright file="IClientDescription.cs" company="Outercurve Foundation">
// Copyright (c) Outercurve Foundation. All rights reserved.
// </copyright>
//-----------------------------------------------------------------------
namespace DotNetOpenAuth.OAuth2 {
using System;
using System.Collections.Generic;
using System.Diagnostics.Contracts;
using DotNetOpenAuth.Messaging;
/// <summary>
/// A description of a client from an Authorization Server's point of view.
/// </summary>
[ContractClass(typeof(IClientDescriptionContract))]
public interface IClientDescription {
/// <summary>
/// Gets the callback to use when an individual authorization request
/// does not include an explicit callback URI.
/// </summary>
/// <value>An absolute URL; or <c>null</c> if none is registered.</value>
Uri DefaultCallback { get; }
/// <summary>
/// Gets the type of the client.
/// </summary>
ClientType ClientType { get; }
/// <summary>
/// Gets a value indicating whether a non-empty secret is registered for this client.
/// </summary>
bool HasNonEmptySecret { get; }
/// <summary>
/// Determines whether a callback URI included in a client's authorization request
/// is among those allowed callbacks for the registered client.
/// </summary>
/// <param name="callback">The absolute URI the client has requested the authorization result be received at. Never null.</param>
/// <returns>
/// <c>true</c> if the callback URL is allowable for this client; otherwise, <c>false</c>.
/// </returns>
/// <remarks>
/// <para>
/// At the point this method is invoked, the identity of the client has <em>not</em>
/// been confirmed. To avoid open redirector attacks, the alleged client's identity
/// is used to lookup a list of allowable callback URLs to make sure that the callback URL
/// the actual client is requesting is one of the expected ones.
/// </para>
/// <para>
/// From OAuth 2.0 section 2.1:
/// The authorization server SHOULD require the client to pre-register
/// their redirection URI or at least certain components such as the
/// scheme, host, port and path. If a redirection URI was registered,
/// the authorization server MUST compare any redirection URI received at
/// the authorization endpoint with the registered URI.
/// </para>
/// </remarks>
bool IsCallbackAllowed(Uri callback);
/// <summary>
/// Checks whether the specified client secret is correct.
/// </summary>
/// <param name="secret">The secret obtained from the client.</param>
/// <returns><c>true</c> if the secret matches the one in the authorization server's record for the client; <c>false</c> otherwise.</returns>
/// <remarks>
/// All string equality checks, whether checking secrets or their hashes,
/// should be done using <see cref="MessagingUtilities.EqualsConstantTime"/> to mitigate timing attacks.
/// </remarks>
bool IsValidClientSecret(string secret);
}
/// <summary>
/// Contract class for the <see cref="IClientDescription"/> interface.
/// </summary>
[ContractClassFor(typeof(IClientDescription))]
internal abstract class IClientDescriptionContract : IClientDescription {
#region IClientDescription Members
/// <summary>
/// Gets the type of the client.
/// </summary>
ClientType IClientDescription.ClientType {
get { throw new NotImplementedException(); }
}
/// <summary>
/// Gets the callback to use when an individual authorization request
/// does not include an explicit callback URI.
/// </summary>
/// <value>
/// An absolute URL; or <c>null</c> if none is registered.
/// </value>
Uri IClientDescription.DefaultCallback {
get {
Contract.Ensures(Contract.Result<Uri>() == null || Contract.Result<Uri>().IsAbsoluteUri);
throw new NotImplementedException();
}
}
/// <summary>
/// Gets a value indicating whether a non-empty secret is registered for this client.
/// </summary>
bool IClientDescription.HasNonEmptySecret {
get { throw new NotImplementedException(); }
}
/// <summary>
/// Determines whether a callback URI included in a client's authorization request
/// is among those allowed callbacks for the registered client.
/// </summary>
/// <param name="callback">The requested callback URI.</param>
/// <returns>
/// <c>true</c> if the callback is allowed; otherwise, <c>false</c>.
/// </returns>
bool IClientDescription.IsCallbackAllowed(Uri callback) {
Requires.NotNull(callback, "callback");
Requires.True(callback.IsAbsoluteUri, "callback");
throw new NotImplementedException();
}
/// <summary>
/// Checks whether the specified client secret is correct.
/// </summary>
/// <param name="secret">The secret obtained from the client.</param>
/// <returns><c>true</c> if the secret matches the one in the authorization server's record for the client; <c>false</c> otherwise.</returns>
/// <remarks>
/// All string equality checks, whether checking secrets or their hashes,
/// should be done using <see cref="MessagingUtilities.EqualsConstantTime"/> to mitigate timing attacks.
/// </remarks>
bool IClientDescription.IsValidClientSecret(string secret) {
Requires.NotNullOrEmpty(secret, "secret");
throw new NotImplementedException();
}
#endregion
}
}
|
