Index: Src/GoogleApis.Auth/OAuth2/AuthorizationCodeWebApp.cs |
=================================================================== |
new file mode 100644 |
--- /dev/null |
b/Src/GoogleApis.Auth/OAuth2/AuthorizationCodeWebApp.cs |
@@ -0,0 1,127 @@ |
/* |
Copyright 2013 Google Inc |
Licensed under the Apache License, Version 2.0 (the "License"); |
you may not use this file except in compliance with the License. |
You may obtain a copy of the License at |
http://www.apache.org/licenses/LICENSE-2.0 |
Unless required by applicable law or agreed to in writing, software |
distributed under the License is distributed on an "AS IS" BASIS, |
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
See the License for the specific language governing permissions and |
limitations under the License. |
*/ |
using System; |
using System.Threading; |
using System.Threading.Tasks; |
using Google.Apis.Auth.OAuth2.Requests; |
namespace Google.Apis.Auth.OAuth2 |
{ |
/// <summary> |
/// Thread safe OAuth 2.0 authorization code flow for a web application that persists end-user credentials. |
/// </summary> |
public class AuthorizationCodeWebApp |
{ |
/// <summary> |
/// The state key. As part of making the request for authorization code we save the original request to verify |
/// that this server create the original request. |
/// </summary> |
public const string StateKey = "oauth_"; |
/// <summary>The length of the random number which will be added to the end of the state parameter.</summary> |
public const int StateRandomLength = 8; |
/// <summary> |
/// AuthResult which contains the user's credentials if it was loaded successfully from the store. Otherwise |
/// it contains the redirect URI for the authorization server. |
/// </summary> |
public class AuthResult |
{ |
/// <summary> |
/// Gets or sets the user's credentials or <c>null</c> in case the end user needs to authorize. |
/// </summary> |
public UserCredential Credential { get; set; } |
/// <summary> |
/// Gets or sets the redirect URI to for the user to authorize against the authorization server or |
/// <c>null</c> in case the <see cref="Google.Apis.Auth.OAuth2.UserCredential"/> was loaded from the data |
/// store. |
/// </summary> |
public string RedirectUri { get; set; } |
} |
private readonly IAuthorizationCodeFlow flow; |
private readonly string redirectUri; |
private readonly string state; |
/// <summary>Gets the authorization code flow.</summary> |
public IAuthorizationCodeFlow Flow |
{ |
get { return flow; } |
} |
/// <summary>Gets the OAuth2 callback redirect URI.</summary> |
public string RedirectUri |
{ |
get { return redirectUri; } |
} |
/// <summary>Gets the state which is used to navigate back to the page that started the OAuth flow.</summary> |
public string State |
{ |
get { return state; } |
} |
/// <summary> |
/// Constructs a new authorization code installed application with the given flow and code receiver. |
/// </summary> |
public AuthorizationCodeWebApp(IAuthorizationCodeFlow flow, string redirectUri, string state) |
{ |
// TODO(peleyal): should we provide a way to disable to random number in the end of the state parameter? |
this.flow = flow; |
this.redirectUri = redirectUri; |
this.state = state; |
} |
/// <summary>Authorizes the web application to access user's protected data.</summary> |
/// <param name="userId">User identifier</param> |
/// <param name="taskCancellationToken">Cancellation token to cancel an operation</param> |
/// <returns> |
/// Auth result object which contains the user's credential or redirect URI for the authorization server |
/// </returns> |
public async Task<AuthResult> Authorize(string userId, CancellationToken taskCancellationToken) |
{ |
// Try to load a token from the data store. |
var token = await Flow.LoadTokenAsync(userId, taskCancellationToken).ConfigureAwait(false); |
// If the stored token is null or it doesn't have a refresh token and the access token is expired, we need |
// to retrieve a new access token. |
if (token == null || (token.RefreshToken == null && token.IsExpired(flow.Clock))) |
{ |
// Create a authorization code request. |
AuthorizationCodeRequestUrl codeRequest = Flow.CreateAuthorizationCodeRequest(redirectUri); |
// Add a random number to the end of the state so we can indicate the original request was made by this |
// call. |
var oauthState = state; |
if (Flow.DataStore != null) |
{ |
var rndString = new string('9', StateRandomLength); |
var random = new Random().Next(int.Parse(rndString)).ToString("D" StateRandomLength); |
oauthState = random; |
await Flow.DataStore.StoreAsync(StateKey userId, oauthState); |
} |
codeRequest.State = oauthState; |
return new AuthResult { RedirectUri = codeRequest.Build().ToString() }; |
} |
return new AuthResult { Credential = new UserCredential(flow, userId, token) }; |
} |
} |
} |