Left: | ||
Right: |
OLD | NEW |
---|---|
(Empty) | |
1 /* | |
2 Copyright 2013 Google Inc | |
3 | |
4 Licensed under the Apache License, Version 2.0 (the "License"); | |
5 you may not use this file except in compliance with the License. | |
6 You may obtain a copy of the License at | |
7 | |
8 http://www.apache.org/licenses/LICENSE-2.0 | |
9 | |
10 Unless required by applicable law or agreed to in writing, software | |
11 distributed under the License is distributed on an "AS IS" BASIS, | |
12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
13 See the License for the specific language governing permissions and | |
14 limitations under the License. | |
15 */ | |
16 | |
17 using System; | |
18 using System.Threading.Tasks; | |
19 | |
20 using Google.Apis.Auth.OAuth2.Responses; | |
21 using Google.Apis.Util.Store; | |
22 | |
23 namespace Google.Apis.Auth.OAuth2.Web | |
24 { | |
25 /// <summary>Auth Utility methods for web development.</summary> | |
26 public class AuthWebUtility | |
27 { | |
28 /// <summary>Extracts the redirect URI from the state OAuth2 parameter.< /summary> | |
29 /// <remarks> | |
30 /// In case the data store is not <c>null</c>, this method verifies that the state parameter which was returned | |
class
2013/10/09 19:27:57
"In case the data store is not <c>null</a>"
shoul
peleyal
2013/10/10 19:44:31
Done.
| |
31 /// from the authorization server is the same as the one we set before r edirecting to the authorization server. | |
32 /// </remarks> | |
33 /// <param name="dataStore">The data store which contains the original s tate parameter.</param> | |
34 /// <param name="userId">User identifier.</param> | |
35 /// <param name="state"> | |
36 /// The authorization state parameter which we got back from the authori zation server. | |
37 /// </param> | |
38 /// <returns>Redirect URI to the address which initializes the authoriza tion code flow.</returns> | |
39 public static async Task<string> ExtracRedirectFromState(IDataStore data Store, string userId, string state) | |
40 { | |
41 var oauthState = state; | |
42 if (dataStore != null) | |
43 { | |
44 var userKey = AuthorizationCodeWebApp.StateKey + userId; | |
45 var expectedState = await dataStore.GetAsync<string>(userKey); | |
46 | |
47 // Check that the random number in the end of the state paramete r equals to the one that we stored in· | |
class
2013/10/09 19:27:57
Note that state could be a string. Although the do
peleyal
2013/10/10 19:44:31
Done.
| |
48 // the datastore. | |
49 if (!Object.Equals(oauthState, expectedState)) | |
50 { | |
51 throw new TokenResponseException(new TokenErrorResponse | |
52 { | |
53 Error = "State is invalid" | |
54 }); | |
55 } | |
56 await dataStore.DeleteAsync<string>(userKey); | |
57 oauthState = oauthState.Substring(0, oauthState.Length - Authori zationCodeWebApp.StateRandomLength); | |
58 } | |
59 | |
60 return oauthState; | |
61 } | |
62 } | |
63 } | |
OLD | NEW |