C# Class DotNetOpenAuth.ApplicationBlock.InMemoryTokenManager

A token manager that only retains tokens in memory. Meant for SHORT TERM USE TOKENS ONLY.
A likely application of this class is for "Sign In With Twitter", where the user only signs in without providing any authorization to access Twitter APIs except to authenticate, since that access token is only useful once.
Inheritance: IConsumerTokenManager, IOpenIdOAuthTokenManager
Datei anzeigen Open project: 23/23-api-dotnet Class Usage Examples

Public Methods

Method Description
ExpireRequestTokenAndStoreNewAccessToken ( string consumerKey, string requestToken, string accessToken, string accessTokenSecret ) : void

Deletes a request token and its associated secret and stores a new access token and secret.

Any scope of granted privileges associated with the request token from the original call to StoreNewRequestToken should be carried over to the new Access Token.

To associate a user account with the new access token, HttpContext.Current.User may be useful in an ASP.NET web application within the implementation of this method. Alternatively you may store the access token here without associating with a user account, and wait until WebConsumer.ProcessUserAuthorization() or DesktopConsumer.ProcessUserAuthorization(string, string) return the access token to associate the access token with a user account at that point.

GetTokenSecret ( string token ) : string

Gets the Token Secret given a request or access token.

GetTokenType ( string token ) : TokenType

Classifies a token as a request token or an access token.

InMemoryTokenManager ( string consumerKey, string consumerSecret ) : System

Initializes a new instance of the InMemoryTokenManager class.

StoreNewRequestToken ( DotNetOpenAuth.OAuth.Messages.UnauthorizedTokenRequest request, ITokenSecretContainingMessage response ) : void

Stores a newly generated unauthorized request token, secret, and optional application-specific parameters for later recall.

Request tokens stored by this method SHOULD NOT associate any user account with this token. It usually opens up security holes in your application to do so. Instead, you associate a user account with access tokens (not request tokens) in the ExpireRequestTokenAndStoreNewAccessToken method.

StoreOpenIdAuthorizedRequestToken ( string consumerKey, DotNetOpenAuth.OpenId.Extensions.OAuth.AuthorizationApprovedResponse authorization ) : void

Stores a new request token obtained over an OpenID request.

The token secret is the empty string.

Tokens stored by this method should be short-lived to mitigate possible security threats. Their lifetime should be sufficient for the relying party to receive the positive authentication assertion and immediately send a follow-up request for the access token.

Method Details

ExpireRequestTokenAndStoreNewAccessToken() public method

Deletes a request token and its associated secret and stores a new access token and secret.

Any scope of granted privileges associated with the request token from the original call to StoreNewRequestToken should be carried over to the new Access Token.

To associate a user account with the new access token, HttpContext.Current.User may be useful in an ASP.NET web application within the implementation of this method. Alternatively you may store the access token here without associating with a user account, and wait until WebConsumer.ProcessUserAuthorization() or DesktopConsumer.ProcessUserAuthorization(string, string) return the access token to associate the access token with a user account at that point.

public ExpireRequestTokenAndStoreNewAccessToken ( string consumerKey, string requestToken, string accessToken, string accessTokenSecret ) : void
consumerKey string The Consumer that is exchanging its request token for an access token.
requestToken string The Consumer's request token that should be deleted/expired.
accessToken string The new access token that is being issued to the Consumer.
accessTokenSecret string The secret associated with the newly issued access token.
return void

GetTokenSecret() public method

Gets the Token Secret given a request or access token.
Thrown if the secret cannot be found for the given token.
public GetTokenSecret ( string token ) : string
token string The request or access token.
return string

GetTokenType() public method

Classifies a token as a request token or an access token.
public GetTokenType ( string token ) : TokenType
token string The token to classify.
return TokenType

InMemoryTokenManager() public method

Initializes a new instance of the InMemoryTokenManager class.
public InMemoryTokenManager ( string consumerKey, string consumerSecret ) : System
consumerKey string The consumer key.
consumerSecret string The consumer secret.
return System

StoreNewRequestToken() public method

Stores a newly generated unauthorized request token, secret, and optional application-specific parameters for later recall.
Request tokens stored by this method SHOULD NOT associate any user account with this token. It usually opens up security holes in your application to do so. Instead, you associate a user account with access tokens (not request tokens) in the ExpireRequestTokenAndStoreNewAccessToken method.
Thrown if the consumer key is not registered, or a required parameter was not found in the parameters collection.
public StoreNewRequestToken ( DotNetOpenAuth.OAuth.Messages.UnauthorizedTokenRequest request, ITokenSecretContainingMessage response ) : void
request DotNetOpenAuth.OAuth.Messages.UnauthorizedTokenRequest The request message that resulted in the generation of a new unauthorized request token.
response ITokenSecretContainingMessage The response message that includes the unauthorized request token.
return void

StoreOpenIdAuthorizedRequestToken() public method

Stores a new request token obtained over an OpenID request.

The token secret is the empty string.

Tokens stored by this method should be short-lived to mitigate possible security threats. Their lifetime should be sufficient for the relying party to receive the positive authentication assertion and immediately send a follow-up request for the access token.

public StoreOpenIdAuthorizedRequestToken ( string consumerKey, DotNetOpenAuth.OpenId.Extensions.OAuth.AuthorizationApprovedResponse authorization ) : void
consumerKey string The consumer key.
authorization DotNetOpenAuth.OpenId.Extensions.OAuth.AuthorizationApprovedResponse The authorization message carrying the request token and authorized access scope.
return void