C# Class RelyingPartyLogic.OAuthAuthorizationServer

Provides OAuth 2.0 authorization server information to DotNetOpenAuth.
Inheritance: IAuthorizationServerHost
显示文件 Open project: OneCare/dotnetopenid

Public Methods

Method Description
CanBeAutoApproved ( DotNetOpenAuth.OAuth2.Messages.EndUserAuthorizationRequest authorizationRequest ) : bool
GetAccessTokenParameters ( IAccessTokenRequest accessTokenRequestMessage ) : DotNetOpenAuth.OAuth2.AccessTokenParameters

Obtains parameters to go into the formulation of an access token.
GetClient ( string clientIdentifier ) : IClientDescription

Gets the client with a given identifier.
IsAuthorizationValid ( IAuthorizationDescription authorization ) : bool

Determines whether a described authorization is (still) valid.

When establishing that an authorization is still valid, it's very important to only match on recorded authorizations that meet these criteria:

1) The client identifier matches. 2) The user account matches. 3) The scope on the recorded authorization must include all scopes in the given authorization. 4) The date the recorded authorization was issued must be no later that the date the given authorization was issued.

One possible scenario is where the user authorized a client, later revoked authorization, and even later reinstated authorization. This subsequent recorded authorization would not satisfy requirement #4 in the above list. This is important because the revocation the user went through should invalidate all previously issued tokens as a matter of security in the event the user was revoking access in order to sever authorization on a stolen account or piece of hardware in which the tokens were stored.

IsResourceOwnerCredentialValid ( string userName, string password ) : bool

Determines whether a given set of resource owner credentials is valid based on the authorization server's user database.
OAuthAuthorizationServer ( ) : System

Initializes a new instance of the OAuthAuthorizationServer class.

Private Methods

Method Description
IsAuthorizationValid ( HashSet requestedScopes, string clientIdentifier, System.DateTime issuedUtc, string username ) : bool

Method Details

CanBeAutoApproved() public method

public CanBeAutoApproved ( DotNetOpenAuth.OAuth2.Messages.EndUserAuthorizationRequest authorizationRequest ) : bool
authorizationRequest DotNetOpenAuth.OAuth2.Messages.EndUserAuthorizationRequest
return bool

GetAccessTokenParameters() public method

Obtains parameters to go into the formulation of an access token.
public GetAccessTokenParameters ( IAccessTokenRequest accessTokenRequestMessage ) : DotNetOpenAuth.OAuth2.AccessTokenParameters
accessTokenRequestMessage IAccessTokenRequest Details regarding the resources that the access token will grant access to, and the identity of the client /// that will receive that access. /// Based on this information the receiving resource server can be determined and the lifetime of the access /// token can be set based on the sensitivity of the resources.
return DotNetOpenAuth.OAuth2.AccessTokenParameters

GetClient() public method

Gets the client with a given identifier.
Thrown when no client with the given identifier is registered with this authorization server.
public GetClient ( string clientIdentifier ) : IClientDescription
clientIdentifier string The client identifier.
return IClientDescription

IsAuthorizationValid() public method

Determines whether a described authorization is (still) valid.

When establishing that an authorization is still valid, it's very important to only match on recorded authorizations that meet these criteria:

1) The client identifier matches. 2) The user account matches. 3) The scope on the recorded authorization must include all scopes in the given authorization. 4) The date the recorded authorization was issued must be no later that the date the given authorization was issued.

One possible scenario is where the user authorized a client, later revoked authorization, and even later reinstated authorization. This subsequent recorded authorization would not satisfy requirement #4 in the above list. This is important because the revocation the user went through should invalidate all previously issued tokens as a matter of security in the event the user was revoking access in order to sever authorization on a stolen account or piece of hardware in which the tokens were stored.

public IsAuthorizationValid ( IAuthorizationDescription authorization ) : bool
authorization IAuthorizationDescription The authorization.
return bool

IsResourceOwnerCredentialValid() public method

Determines whether a given set of resource owner credentials is valid based on the authorization server's user database.
May be thrown if the authorization server does not support the resource owner password credential grant type.
public IsResourceOwnerCredentialValid ( string userName, string password ) : bool
userName string Username on the account.
password string The user's password.
return bool

OAuthAuthorizationServer() public method

Initializes a new instance of the OAuthAuthorizationServer class.
public OAuthAuthorizationServer ( ) : System
return System