Index: Src/GoogleApis.Auth/OAuth2/AuthorizationCodeWebApp.cs |
=================================================================== |
new file mode 100644 |
--- /dev/null |
+++ b/Src/GoogleApis.Auth/OAuth2/AuthorizationCodeWebApp.cs |
@@ -0,0 +1,127 @@ |
+/* |
+Copyright 2013 Google Inc |
+ |
+Licensed under the Apache License, Version 2.0 (the "License"); |
+you may not use this file except in compliance with the License. |
+You may obtain a copy of the License at |
+ |
+ http://www.apache.org/licenses/LICENSE-2.0 |
+ |
+Unless required by applicable law or agreed to in writing, software |
+distributed under the License is distributed on an "AS IS" BASIS, |
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
+See the License for the specific language governing permissions and |
+limitations under the License. |
+*/ |
+ |
+using System; |
+using System.Threading; |
+using System.Threading.Tasks; |
+ |
+using Google.Apis.Auth.OAuth2.Requests; |
+ |
+namespace Google.Apis.Auth.OAuth2 |
+{ |
+ /// <summary> |
+ /// Thread safe OAuth 2.0 authorization code flow for a web application that persists end-user credentials. |
+ /// </summary> |
+ public class AuthorizationCodeWebApp |
+ { |
+ /// <summary> |
+ /// The state key. As part of making the request for authorization code we save the original request to verify |
+ /// that this server create the original request. |
+ /// </summary> |
+ public const string StateKey = "oauth_"; |
+ |
+ /// <summary>The length of the random number which will be added to the end of the state parameter.</summary> |
+ public const int StateRandomLength = 8; |
+ |
+ /// <summary> |
+ /// AuthResult which contains the user's credentials if it was loaded successfully from the store. Otherwise |
+ /// it contains the redirect URI for the authorization server. |
+ /// </summary> |
+ public class AuthResult |
+ { |
+ /// <summary> |
+ /// Gets or sets the user's credentials or <c>null</c> in case the end user needs to authorize. |
+ /// </summary> |
+ public UserCredential Credential { get; set; } |
+ |
+ /// <summary> |
+ /// Gets or sets the redirect URI to for the user to authorize against the authorization server or |
+ /// <c>null</c> in case the <see cref="Google.Apis.Auth.OAuth2.UserCredential"/> was loaded from the data |
+ /// store. |
+ /// </summary> |
+ public string RedirectUri { get; set; } |
+ } |
+ |
+ private readonly IAuthorizationCodeFlow flow; |
+ private readonly string redirectUri; |
+ private readonly string state; |
+ |
+ /// <summary>Gets the authorization code flow.</summary> |
+ public IAuthorizationCodeFlow Flow |
+ { |
+ get { return flow; } |
+ } |
+ |
+ /// <summary>Gets the OAuth2 callback redirect URI.</summary> |
+ public string RedirectUri |
+ { |
+ get { return redirectUri; } |
+ } |
+ |
+ /// <summary>Gets the state which is used to navigate back to the page that started the OAuth flow.</summary> |
+ public string State |
+ { |
+ get { return state; } |
+ } |
+ |
+ /// <summary> |
+ /// Constructs a new authorization code installed application with the given flow and code receiver. |
+ /// </summary> |
+ public AuthorizationCodeWebApp(IAuthorizationCodeFlow flow, string redirectUri, string state) |
+ { |
+ // TODO(peleyal): should we provide a way to disable to random number in the end of the state parameter? |
+ this.flow = flow; |
+ this.redirectUri = redirectUri; |
+ this.state = state; |
+ } |
+ |
+ /// <summary>Authorizes the web application to access user's protected data.</summary> |
+ /// <param name="userId">User identifier</param> |
+ /// <param name="taskCancellationToken">Cancellation token to cancel an operation</param> |
+ /// <returns> |
+ /// Auth result object which contains the user's credential or redirect URI for the authorization server |
+ /// </returns> |
+ public async Task<AuthResult> Authorize(string userId, CancellationToken taskCancellationToken) |
+ { |
+ // Try to load a token from the data store. |
+ var token = await Flow.LoadTokenAsync(userId, taskCancellationToken).ConfigureAwait(false); |
+ |
+ // If the stored token is null or it doesn't have a refresh token and the access token is expired, we need |
+ // to retrieve a new access token. |
+ if (token == null || (token.RefreshToken == null && token.IsExpired(flow.Clock))) |
+ { |
+ // Create a authorization code request. |
+ AuthorizationCodeRequestUrl codeRequest = Flow.CreateAuthorizationCodeRequest(redirectUri); |
+ |
+ // Add a random number to the end of the state so we can indicate the original request was made by this |
+ // call. |
+ var oauthState = state; |
+ if (Flow.DataStore != null) |
+ { |
+ var rndString = new string('9', StateRandomLength); |
+ var random = new Random().Next(int.Parse(rndString)).ToString("D" + StateRandomLength); |
+ oauthState += random; |
+ await Flow.DataStore.StoreAsync(StateKey + userId, oauthState); |
+ } |
+ codeRequest.State = oauthState; |
+ |
+ return new AuthResult { RedirectUri = codeRequest.Build().ToString() }; |
+ } |
+ |
+ return new AuthResult { Credential = new UserCredential(flow, userId, token) }; |
+ } |
+ } |
+} |