-
-
Save tugberkugurlu/3868580 to your computer and use it in GitHub Desktop.
A production useless version of an OAuth request
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| namespace OAuthDemo.Controllers | |
| { | |
| public static class SecurityConfig | |
| { | |
| public static void Configure(HttpConfiguration httpConfiguration) | |
| { | |
| var config = new AuthenticationConfiguration(); | |
| config.DefaultAuthenticationScheme = "Basic"; | |
| // The Client will authenticate with Basic authentication | |
| // You could also auth with client_id / client_secret in the request body | |
| // (if you're into that sort of thing) | |
| config.AddBasicAuthentication((username, password) | |
| => username == "oauthclient" && password == "secret"); | |
| httpConfiguration.MessageHandlers.Add( | |
| new AuthenticationHandler(config)); | |
| } | |
| } | |
| public class AccessTokenRequest | |
| { | |
| public string GrantType | |
| { | |
| get | |
| { | |
| return "password"; | |
| } | |
| } | |
| /// <summary> | |
| /// REQUIRED. The resource owner username. | |
| /// </summary> | |
| public string Username { get; set; } | |
| /// <summary> | |
| /// REQUIRED. The resource owner password. | |
| /// </summary> | |
| public string Password { get; set; } | |
| /// <summary> | |
| /// OPTIONAL. The scope of the access request as described by | |
| /// http://tools.ietf.org/html/draft-ietf-oauth-v2-31#section-3.3 | |
| /// </summary> | |
| public string Scope { get; set; } | |
| } | |
| public class AccessTokenResponse | |
| { | |
| /// <summary> | |
| /// REQUIRED. The access token issued by the authorization server. | |
| /// </summary> | |
| [JsonProperty(PropertyName="access_token")] | |
| public string AccessToken { get; set; } | |
| /// <summary> | |
| /// REQUIRED. The type of the token issued as described in | |
| /// http://tools.ietf.org/html/draft-ietf-oauth-v2-31#section-7.1. | |
| /// Value is case insensitive. | |
| /// </summary> | |
| [JsonProperty(PropertyName = "token_type")] | |
| public string TokenType { get; set; } | |
| /// <summary> | |
| /// RECOMMENDED. The lifetime in seconds of the access token. | |
| /// </summary> | |
| [JsonProperty(PropertyName = "expires_in")] | |
| public int ExpiresIn { get; set; } | |
| /// <summary> | |
| /// OPTIONAL. The refresh token, which can be used to obtain new | |
| /// access tokens using the same authorization grant as described | |
| /// in http://tools.ietf.org/html/draft-ietf-oauth-v2-31#section-6. | |
| /// </summary> | |
| [JsonProperty(PropertyName = "refresh_token")] | |
| public string RefreshToken { get; set; } | |
| /// <summary> | |
| /// OPTIONAL, if identical to the scope requested by the client, | |
| /// otherwise REQUIRED. The scope of the access token as described | |
| /// by http://tools.ietf.org/html/draft-ietf-oauth-v2-31#section-3.3. | |
| /// </summary> | |
| [JsonProperty(PropertyName = "scope")] | |
| public string Scope { get; set; } | |
| } | |
| [Authorize] // Client authenticates using Basic auth | |
| public class AuthorizeController : ApiController | |
| { | |
| public AccessTokenResponse Post(AccessTokenRequest request) | |
| { | |
| if (!ModelState.IsValid) | |
| { | |
| throw new HttpResponseException( | |
| new HttpResponseMessage(HttpStatusCode.BadRequest)); | |
| } | |
| // TODO validate Resource Owner credentials | |
| return new AccessTokenResponse | |
| { | |
| AccessToken = "2YotnFZFEjr1zCsicMWpAA", | |
| TokenType = "bearer", | |
| ExpiresIn = TimeSpan.FromHours(1).Seconds, | |
| Scope = "profile" | |
| }; | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment