-
Notifications
You must be signed in to change notification settings - Fork 534
/
Copy pathAuthorizationCodeWebApp.cs
141 lines (121 loc) · 5.93 KB
/
AuthorizationCodeWebApp.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
/*
Copyright 2013 Google Inc
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
using System;
using System.Threading;
using System.Threading.Tasks;
using Google.Apis.Auth.OAuth2.Flows;
using Google.Apis.Auth.OAuth2.Requests;
using Google.Apis.Auth.OAuth2.Responses;
namespace Google.Apis.Auth.OAuth2.Web
{
/// <summary>
/// Thread safe OAuth 2.0 authorization code flow for a web application that persists end-user credentials.
/// </summary>
public class AuthorizationCodeWebApp
{
/// <summary>
/// The state key. As part of making the request for authorization code we save the original request to verify
/// that this server create the original request.
/// </summary>
public const string StateKey = "oauth_";
/// <summary>The length of the random number which will be added to the end of the state parameter.</summary>
public const int StateRandomLength = 8;
/// <summary>
/// AuthResult which contains the user's credentials if it was loaded successfully from the store. Otherwise
/// it contains the redirect URI for the authorization server.
/// </summary>
public class AuthResult
{
/// <summary>
/// Gets or sets the user's credentials or <c>null</c> in case the end user needs to authorize.
/// </summary>
public UserCredential Credential { get; set; }
/// <summary>
/// Gets or sets the redirect URI to for the user to authorize against the authorization server or
/// <c>null</c> in case the <see cref="Google.Apis.Auth.OAuth2.UserCredential"/> was loaded from the data
/// store.
/// </summary>
public string RedirectUri { get; set; }
}
private readonly IAuthorizationCodeFlow flow;
private readonly string redirectUri;
private readonly string state;
/// <summary>Gets the authorization code flow.</summary>
public IAuthorizationCodeFlow Flow
{
get { return flow; }
}
/// <summary>Gets the OAuth2 callback redirect URI.</summary>
public string RedirectUri
{
get { return redirectUri; }
}
/// <summary>Gets the state which is used to navigate back to the page that started the OAuth flow.</summary>
public string State
{
get { return state; }
}
/// <summary>
/// Constructs a new authorization code installed application with the given flow and code receiver.
/// </summary>
public AuthorizationCodeWebApp(IAuthorizationCodeFlow flow, string redirectUri, string state)
{
// TODO(peleyal): Provide a way to disable to random number in the end of the state parameter.
this.flow = flow;
this.redirectUri = redirectUri;
this.state = state;
}
/// <summary>Asynchronously authorizes the web application to access user's protected data.</summary>
/// <param name="userId">User identifier</param>
/// <param name="taskCancellationToken">Cancellation token to cancel an operation</param>
/// <returns>
/// Auth result object which contains the user's credential or redirect URI for the authorization server
/// </returns>
public async Task<AuthResult> AuthorizeAsync(string userId, CancellationToken taskCancellationToken)
{
// Try to load a token from the data store.
var token = await Flow.LoadTokenAsync(userId, taskCancellationToken).ConfigureAwait(false);
// Check if a new authorization code is needed.
if (ShouldRequestAuthorizationCode(token))
{
// Create an authorization code request.
AuthorizationCodeRequestUrl codeRequest = Flow.CreateAuthorizationCodeRequest(redirectUri);
// Add a random number to the end of the state so we can indicate the original request was made by this
// call.
var oauthState = state;
if (Flow.DataStore != null)
{
var rndString = new string('9', StateRandomLength);
var random = new Random().Next(int.Parse(rndString)).ToString("D" + StateRandomLength);
oauthState += random;
await Flow.DataStore.StoreAsync(StateKey + userId, oauthState).ConfigureAwait(false);
}
codeRequest.State = oauthState;
return new AuthResult { RedirectUri = codeRequest.Build().AbsoluteUri };
}
return new AuthResult { Credential = new UserCredential(flow, userId, token) };
}
/// <summary>
/// Determines the need for retrieval of a new authorization code, based on the given token and the
/// authorization code flow.
/// </summary>
public bool ShouldRequestAuthorizationCode(TokenResponse token)
{
// TODO: This code should be shared between this class and AuthorizationCodeInstalledApp.
// If the flow includes a parameter that requires a new token, if the stored token is null or it doesn't
// have a refresh token and the access token is expired we need to retrieve a new authorization code.
return Flow.ShouldForceTokenRetrieval() || token == null || (token.RefreshToken == null
&& token.ShouldBeRefreshed(flow.Clock));
}
}
}