Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(510)

Delta Between Two Patch Sets: Src/GoogleApis.Auth/OAuth2/Web/AuthWebUtility.cs

Issue 14341043: Issue 351: Reimplement OAuth2 (Step 4): ServiceAccount and MVC (Closed) Base URL: https://google-api-dotnet-client.googlecode.com/hg/
Left Patch Set: Created 10 years, 5 months ago
Right Patch Set: Gus comments Created 10 years, 5 months ago
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
Right: Side by side diff | Download
« no previous file with change/comment | « Src/GoogleApis.Auth/OAuth2/UserCredential.cs ('k') | Src/GoogleApis.Auth/OAuth2/Web/AuthorizationCodeWebApp.cs » ('j') | no next file with change/comment »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
LEFTRIGHT
(no file at all)
1 /*
2 Copyright 2013 Google Inc
3
4 Licensed under the Apache License, Version 2.0 (the "License");
5 you may not use this file except in compliance with the License.
6 You may obtain a copy of the License at
7
8 http://www.apache.org/licenses/LICENSE-2.0
9
10 Unless required by applicable law or agreed to in writing, software
11 distributed under the License is distributed on an "AS IS" BASIS,
12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 See the License for the specific language governing permissions and
14 limitations under the License.
15 */
16
17 using System;
18 using System.Threading.Tasks;
19
20 using Google.Apis.Auth.OAuth2.Responses;
21 using Google.Apis.Util.Store;
22
23 namespace Google.Apis.Auth.OAuth2.Web
24 {
25 /// <summary>Auth Utility methods for web development.</summary>
26 public class AuthWebUtility
27 {
28 /// <summary>Extracts the redirect URI from the state OAuth2 parameter.< /summary>
29 /// <remarks>
30 /// If the data store is not <c>null</c>, this method verifies that the state parameter which was returned
31 /// from the authorization server is the same as the one we set before r edirecting to the authorization server.
32 /// </remarks>
33 /// <param name="dataStore">The data store which contains the original s tate parameter.</param>
34 /// <param name="userId">User identifier.</param>
35 /// <param name="state">
36 /// The authorization state parameter which we got back from the authori zation server.
37 /// </param>
38 /// <returns>Redirect URI to the address which initializes the authoriza tion code flow.</returns>
39 public static async Task<string> ExtracRedirectFromState(IDataStore data Store, string userId, string state)
40 {
41 var oauthState = state;
42 if (dataStore != null)
43 {
44 var userKey = AuthorizationCodeWebApp.StateKey + userId;
45 var expectedState = await dataStore.GetAsync<string>(userKey);
46
47 // Verify that the stored state is equal to the one we got back from the authorization server.
48 if (!Object.Equals(oauthState, expectedState))
49 {
50 throw new TokenResponseException(new TokenErrorResponse
51 {
52 Error = "State is invalid"
53 });
54 }
55 await dataStore.DeleteAsync<string>(userKey);
56 oauthState = oauthState.Substring(0, oauthState.Length - Authori zationCodeWebApp.StateRandomLength);
57 }
58
59 return oauthState;
60 }
61 }
62 }
LEFTRIGHT

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b