| Index: Src/GoogleApis.Auth/OAuth2/AuthorizationCodeWebApp.cs |
| =================================================================== |
| new file mode 100644 |
| --- /dev/null |
| b/Src/GoogleApis.Auth/OAuth2/AuthorizationCodeWebApp.cs |
| @@ -0,0 1,127 @@ |
| /* |
| Copyright 2013 Google Inc |
| Licensed under the Apache License, Version 2.0 (the "License"); |
| you may not use this file except in compliance with the License. |
| You may obtain a copy of the License at |
| http://www.apache.org/licenses/LICENSE-2.0 |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| */ |
| using System; |
| using System.Threading; |
| using System.Threading.Tasks; |
| using Google.Apis.Auth.OAuth2.Requests; |
| namespace Google.Apis.Auth.OAuth2 |
| { |
| /// <summary> |
| /// Thread safe OAuth 2.0 authorization code flow for a web application that persists end-user credentials. |
| /// </summary> |
| public class AuthorizationCodeWebApp |
| { |
| /// <summary> |
| /// The state key. As part of making the request for authorization code we save the original request to verify |
| /// that this server create the original request. |
| /// </summary> |
| public const string StateKey = "oauth_"; |
| /// <summary>The length of the random number which will be added to the end of the state parameter.</summary> |
| public const int StateRandomLength = 8; |
| /// <summary> |
| /// AuthResult which contains the user's credentials if it was loaded successfully from the store. Otherwise |
| /// it contains the redirect URI for the authorization server. |
| /// </summary> |
| public class AuthResult |
| { |
| /// <summary> |
| /// Gets or sets the user's credentials or <c>null</c> in case the end user needs to authorize. |
| /// </summary> |
| public UserCredential Credential { get; set; } |
| /// <summary> |
| /// Gets or sets the redirect URI to for the user to authorize against the authorization server or |
| /// <c>null</c> in case the <see cref="Google.Apis.Auth.OAuth2.UserCredential"/> was loaded from the data |
| /// store. |
| /// </summary> |
| public string RedirectUri { get; set; } |
| } |
| private readonly IAuthorizationCodeFlow flow; |
| private readonly string redirectUri; |
| private readonly string state; |
| /// <summary>Gets the authorization code flow.</summary> |
| public IAuthorizationCodeFlow Flow |
| { |
| get { return flow; } |
| } |
| /// <summary>Gets the OAuth2 callback redirect URI.</summary> |
| public string RedirectUri |
| { |
| get { return redirectUri; } |
| } |
| /// <summary>Gets the state which is used to navigate back to the page that started the OAuth flow.</summary> |
| public string State |
| { |
| get { return state; } |
| } |
| /// <summary> |
| /// Constructs a new authorization code installed application with the given flow and code receiver. |
| /// </summary> |
| public AuthorizationCodeWebApp(IAuthorizationCodeFlow flow, string redirectUri, string state) |
| { |
| // TODO(peleyal): should we provide a way to disable to random number in the end of the state parameter? |
| this.flow = flow; |
| this.redirectUri = redirectUri; |
| this.state = state; |
| } |
| /// <summary>Authorizes the web application to access user's protected data.</summary> |
| /// <param name="userId">User identifier</param> |
| /// <param name="taskCancellationToken">Cancellation token to cancel an operation</param> |
| /// <returns> |
| /// Auth result object which contains the user's credential or redirect URI for the authorization server |
| /// </returns> |
| public async Task<AuthResult> Authorize(string userId, CancellationToken taskCancellationToken) |
| { |
| // Try to load a token from the data store. |
| var token = await Flow.LoadTokenAsync(userId, taskCancellationToken).ConfigureAwait(false); |
| // If the stored token is null or it doesn't have a refresh token and the access token is expired, we need |
| // to retrieve a new access token. |
| if (token == null || (token.RefreshToken == null && token.IsExpired(flow.Clock))) |
| { |
| // Create a authorization code request. |
| AuthorizationCodeRequestUrl codeRequest = Flow.CreateAuthorizationCodeRequest(redirectUri); |
| // Add a random number to the end of the state so we can indicate the original request was made by this |
| // call. |
| var oauthState = state; |
| if (Flow.DataStore != null) |
| { |
| var rndString = new string('9', StateRandomLength); |
| var random = new Random().Next(int.Parse(rndString)).ToString("D" StateRandomLength); |
| oauthState = random; |
| await Flow.DataStore.StoreAsync(StateKey userId, oauthState); |
| } |
| codeRequest.State = oauthState; |
| return new AuthResult { RedirectUri = codeRequest.Build().ToString() }; |
| } |
| return new AuthResult { Credential = new UserCredential(flow, userId, token) }; |
| } |
| } |
| } |
