1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
|
// <auto-generated/> // disable StyleCop on this file
//-----------------------------------------------------------------------
// <copyright file="Protocol.cs" company="Outercurve Foundation">
// Copyright (c) Outercurve Foundation. All rights reserved.
// </copyright>
//-----------------------------------------------------------------------
namespace DotNetOpenAuth.OAuth2 {
using System;
using System.Collections.Generic;
/// <summary>
/// An enumeration of the OAuth protocol versions supported by this library.
/// </summary>
public enum ProtocolVersion {
/// <summary>
/// The OAuth 2.0 specification.
/// </summary>
V20,
}
/// <summary>
/// Protocol constants for OAuth 2.0.
/// </summary>
public class Protocol {
/// <summary>
/// The HTTP authorization scheme "Bearer";
/// </summary>
internal const string BearerHttpAuthorizationScheme = "Bearer";
/// <summary>
/// The HTTP authorization scheme "Bearer ";
/// </summary>
internal const string BearerHttpAuthorizationSchemeWithTrailingSpace = BearerHttpAuthorizationScheme + " ";
/// <summary>
/// The format of the HTTP Authorization header value that authorizes OAuth 2.0 requests using bearer access tokens.
/// </summary>
internal const string BearerHttpAuthorizationHeaderFormat = BearerHttpAuthorizationSchemeWithTrailingSpace + "{0}";
/// <summary>
/// The name of the parameter whose value is an OAuth 2.0 bearer access token, as it is defined
/// in a URL-encoded POST entity or URL query string.
/// </summary>
internal const string BearerTokenEncodedUrlParameterName = "access_token";
/// <summary>
/// The "state" string.
/// </summary>
internal const string state = "state";
/// <summary>
/// The "redirect_uri_mismatch" string.
/// </summary>
internal const string redirect_uri_mismatch = "redirect_uri_mismatch";
/// <summary>
/// The "redirect_uri" string.
/// </summary>
internal const string redirect_uri = "redirect_uri";
/// <summary>
/// The "client_id" string.
/// </summary>
internal const string client_id = "client_id";
/// <summary>
/// The "scope" string.
/// </summary>
internal const string scope = "scope";
/// <summary>
/// The "client_secret" string.
/// </summary>
internal const string client_secret = "client_secret";
/// <summary>
/// The "code" string.
/// </summary>
internal const string code = "code";
/// <summary>
/// The "error" string.
/// </summary>
internal const string error = "error";
/// <summary>
/// The "access_token" string.
/// </summary>
internal const string access_token = "access_token";
/// <summary>
/// The "token_type" string.
/// </summary>
internal const string token_type = "token_type";
/// <summary>
/// The "refresh_token" string.
/// </summary>
internal const string refresh_token = "refresh_token";
/// <summary>
/// The "expires_in" string.
/// </summary>
internal const string expires_in = "expires_in";
/// <summary>
/// The "username" string.
/// </summary>
internal const string username = "username";
/// <summary>
/// The "password" string.
/// </summary>
internal const string password = "password";
/// <summary>
/// Gets the <see cref="Protocol"/> instance with values initialized for V1.0 of the protocol.
/// </summary>
internal static readonly Protocol V20 = new Protocol {
Version = new Version(2, 0),
ProtocolVersion = ProtocolVersion.V20,
};
/// <summary>
/// A list of all supported OAuth versions, in order starting from newest version.
/// </summary>
internal static readonly List<Protocol> AllVersions = new List<Protocol>() { V20 };
/// <summary>
/// The default (or most recent) supported version of the OpenID protocol.
/// </summary>
internal static readonly Protocol Default = AllVersions[0];
/// <summary>
/// The "error_uri" string.
/// </summary>
internal const string error_uri = "error_uri";
/// <summary>
/// The "error_description" string.
/// </summary>
internal const string error_description = "error_description";
/// <summary>
/// The "response_type" string.
/// </summary>
internal const string response_type = "response_type";
/// <summary>
/// The "grant_type" string.
/// </summary>
internal const string grant_type = "grant_type";
/// <summary>
/// Gets or sets the OAuth 2.0 version represented by this instance.
/// </summary>
/// <value>The version.</value>
internal Version Version { get; private set; }
/// <summary>
/// Gets or sets the OAuth 2.0 version represented by this instance.
/// </summary>
/// <value>The protocol version.</value>
internal ProtocolVersion ProtocolVersion { get; private set; }
/// <summary>
/// Gets the OAuth Protocol instance to use for the given version.
/// </summary>
/// <param name="version">The OAuth version to get.</param>
/// <returns>A matching <see cref="Protocol"/> instance.</returns>
internal static Protocol Lookup(ProtocolVersion version) {
switch (version) {
case ProtocolVersion.V20: return Protocol.V20;
default: throw new ArgumentOutOfRangeException("version");
}
}
/// <summary>
/// Error codes that an authorization server can return to a client in response to a malformed or unsupported end user authorization request.
/// </summary>
public static class EndUserAuthorizationRequestErrorCodes
{
/// <summary>
/// The request is missing a required parameter, includes an unknown parameter or parameter value, or is otherwise malformed.
/// </summary>
public const string InvalidRequest = "invalid_request";
/// <summary>
/// The client is not authorized to use the requested response type.
/// </summary>
public const string UnauthorizedClient = "unauthorized_client";
/// <summary>
/// The end-user or authorization server denied the request.
/// </summary>
public const string AccessDenied = "access_denied";
/// <summary>
/// The requested response type is not supported by the authorization server.
/// </summary>
public const string UnsupportedResponseType = "unsupported_response_type";
/// <summary>
/// The requested scope is invalid, unknown, or malformed.
/// </summary>
public const string InvalidScope = "invalid_scope";
/// <summary>
/// The authorization server encountered an unexpected condition which prevented it from fulfilling the request.
/// </summary>
public const string ServerError = "server_error";
/// <summary>
/// The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server.
/// </summary>
public const string TemporarilyUnavailable = "temporarily_unavailable";
}
/// <summary>
/// Values for the "response_type" parameter.
/// </summary>
internal static class ResponseTypes
{
/// <summary>
/// The string "code".
/// </summary>
internal const string Code = "code";
/// <summary>
/// The string "token".
/// </summary>
internal const string Token = "token";
}
internal static class GrantTypes
{
internal const string AuthorizationCode = "authorization_code";
internal const string Password = "password";
internal const string Assertion = "assertion";
internal const string RefreshToken = "refresh_token";
internal const string ClientCredentials = "client_credentials";
}
/// <summary>
/// Error codes that an authorization server can return to a client in response to a malformed or unsupported access token request.
/// </summary>
internal static class AccessTokenRequestErrorCodes
{
/// <summary>
/// The request is missing a required parameter, includes an unknown parameter or parameter value, repeats a parameter,
/// includes multiple credentials, utilizes more than one mechanism for authenticating the client, or is otherwise malformed.
/// </summary>
internal const string InvalidRequest = "invalid_request";
/// <summary>
/// Client authentication failed (e.g. unknown client, no client authentication included, or unsupported authentication method).
/// The authorization server MAY return an HTTP 401 (Unauthorized) status code to indicate which HTTP authentication schemes are supported.
/// If the client attempted to authenticate via the Authorization request header field, the authorization server MUST respond with
/// an HTTP 401 (Unauthorized) status code, and include the WWW-Authenticate response header field matching the authentication scheme
/// used by the client.
/// </summary>
internal const string InvalidClient = "invalid_client";
/// <summary>
/// The provided authorization grant (e.g. authorization code, resource owner credentials) or refresh token is invalid, expired,
/// revoked, does not match the redirection URI used in the authorization request, or was issued to another client.
/// </summary>
internal const string InvalidGrant = "invalid_grant";
/// <summary>
/// The authenticated client is not authorized to use this authorization grant type.
/// </summary>
internal const string UnauthorizedClient = "unauthorized_client";
/// <summary>
/// The authorization grant type is not supported by the authorization server.
/// </summary>
internal const string UnsupportedGrantType = "unsupported_grant_type";
/// <summary>
/// The requested scope is invalid, unknown, malformed, or exceeds the scope granted by the resource owner.
/// </summary>
internal const string InvalidScope = "invalid_scope";
}
/// <summary>
/// Recognized access token types.
/// </summary>
internal static class AccessTokenTypes {
/// <summary>
/// The "bearer" token type.
/// </summary>
internal const string Bearer = "bearer";
}
internal static class BearerTokenUnauthorizedResponseParameters {
internal const string Realm = "realm";
internal const string ErrorCode = "error";
internal const string ErrorDescription = "error_description";
internal const string ErrorUri = "error_uri";
internal const string Scope = "scope";
}
/// <summary>
/// The error codes prescribed in http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.html#resource-error-codes
/// </summary>
internal static class BearerTokenErrorCodes {
/// <summary>
/// The request is missing a required parameter, includes an unsupported parameter or parameter value,
/// repeats the same parameter, uses more than one method for including an access token, or is otherwise
/// malformed. The resource server SHOULD respond with the HTTP 400 (Bad Request) status code.
/// </summary>
internal const string InvalidRequest = "invalid_request";
/// <summary>
/// The access token provided is expired, revoked, malformed, or invalid for other reasons.
/// The resource SHOULD respond with the HTTP 401 (Unauthorized) status code. The client MAY request
/// a new access token and retry the protected resource request.
/// </summary>
internal const string InvalidToken = "invalid_token";
/// <summary>
/// The request requires higher privileges than provided by the access token. The resource server
/// SHOULD respond with the HTTP 403 (Forbidden) status code and MAY include the scope attribute
/// with the scope necessary to access the protected resource.
/// </summary>
internal const string InsufficientScope = "insufficient_scope";
}
}
}
|
