| Index: Src/GoogleApis.Auth/OAuth2/UserCredential.cs |
| =================================================================== |
| new file mode 100644 |
| --- /dev/null |
| b/Src/GoogleApis.Auth/OAuth2/UserCredential.cs |
| @@ -0,0 1,140 @@ |
| /* |
| Copyright 2013 Google Inc |
| Licensed under the Apache License, Version 2.0 (the "License"); |
| you may not use this file except in compliance with the License. |
| You may obtain a copy of the License at |
| http://www.apache.org/licenses/LICENSE-2.0 |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| */ |
| using System; |
| using System.Net; |
| using System.Net.Http; |
| using System.Threading; |
| using System.Threading.Tasks; |
| using Google.Apis.Auth.OAuth2.Responses; |
| using Google.Apis.Http; |
| using Google.Apis.Logging; |
| namespace Google.Apis.Auth.OAuth2 |
| { |
| /// <summary> |
| /// OAuth 2.0 credential for accessing protected resources using an access token, as well as optionally refreshing |
| /// the access token when it expires using a refresh token. |
| /// </summary> |
| public class UserCredential : IHttpExecuteInterceptor, IHttpUnsuccessfulResponseHandler, |
| IConfigurableHttpClientInitializer |
| { |
| private static readonly ILogger Logger = ApplicationContext.Logger.ForType<UserCredential>(); |
| private TokenResponse token; |
| private object lockObject = new object(); |
| public TokenResponse Token |
| { |
| get |
| { |
| lock (lockObject) |
| { |
| return token; |
| } |
| } |
| private set |
| { |
| lock (lockObject) |
| { |
| token = value; |
| } |
| } |
| } |
| private readonly IAuthorizationCodeFlow flow; |
| private readonly string userId; |
| /// <summary>Constructs a new credential instance.</summary> |
| /// <param name="flow">Authorization code flow</param> |
| /// <param name="userId">User identifier</param> |
| /// <param name="token">An initial token for the user</param> |
| public UserCredential(IAuthorizationCodeFlow flow, string userId, TokenResponse token) |
| { |
| this.flow = flow; |
| this.userId = userId; |
| this.token = token; |
| } |
| /// <summary> |
| /// Default implementation is to try to refresh the access token if there is no access token or if we are 1 |
| /// minute away from expiration. If token server is unavailable, it will try to use the access token even if |
| /// has expired. If successful, it will call <seealso cref="IAccessMethod.Intercept"/>. |
| /// </summary> |
| public async Task InterceptAsync(HttpRequestMessage request, CancellationToken taskCancellationToken) |
| { |
| if (Token.IsExpired(flow.Clock)) |
| { |
| Logger.Debug("Token has expired, trying to refresh it."); |
| if (!await RefreshTokenAsync(taskCancellationToken).ConfigureAwait(false)) |
| { |
| throw new InvalidOperationException("The access token has expired but we can't refresh it"); |
| } |
| } |
| flow.AccessMethod.Intercept(request, Token.AccessToken); |
| } |
| /// <summary> |
| /// Refreshes the token by calling to <seealso cref="IAuthorizationCodeFlow.RefreshTokenAsync"/>. Then it |
| /// updates the <see cref="TokenResponse"/> with the new token instance. |
| /// </summary> |
| /// <param name="taskCancellationToken">Cancellation token to cancel an operation</param> |
| /// <returns><c>true</c> if the token was refreshed</returns> |
| private async Task<bool> RefreshTokenAsync(CancellationToken taskCancellationToken) |
| { |
| if (Token.RefreshToken == null) |
| { |
| Logger.Warning("Refresh token is null, can't refresh the token!"); |
| return false; |
| } |
| // It's possible that two concurrent calls will be made to refresh the token, in that case the last one |
| // will win. |
| var newToken = await flow.RefreshTokenAsync(userId, Token.RefreshToken, taskCancellationToken) |
| .ConfigureAwait(false); |
| Logger.Info("Access token was refreshed successfully"); |
| if (newToken.RefreshToken == null) |
| { |
| newToken.RefreshToken = Token.RefreshToken; |
| } |
| Token = newToken; |
| return true; |
| } |
| public async Task<bool> HandleResponseAsync(HandleUnsuccessfulResponseArgs args) |
| { |
| // TODO(peleyal): check WWW-Authenticate header |
| if (args.Response.StatusCode == HttpStatusCode.Unauthorized) |
| { |
| return !Object.Equals(Token.AccessToken, flow.AccessMethod.GetAccessToken(args.Request)) |
| || await RefreshTokenAsync(args.CancellationToken).ConfigureAwait(false); |
| } |
| return false; |
| } |
| public void Initialize(ConfigurableHttpClient httpClient) |
| { |
| httpClient.MessageHandler.ExecuteInterceptors.Add(this); |
| httpClient.MessageHandler.UnsuccessfulResponseHandlers.Add(this); |
| } |
| } |
| } |
