Add support for scopes and for refreshing a token.

Author: willsmythe

.gitignore

@@ -5,6 +5,8 @@
 *.suo
 *.user
 *.sln.docstates
+*.sln.ide/
+OAuthSample/Properties/PublishProfiles/
 
 # Build results
 

OAuthSample/Controllers/HomeController.cs

@@ -12,6 +12,7 @@ public ActionResult Index()
         {
             ViewBag.AppId = System.Configuration.ConfigurationManager.AppSettings["AppId"];
             ViewBag.CallbackUrl = System.Configuration.ConfigurationManager.AppSettings["CallbackUrl"];
+            ViewBag.Scope = System.Configuration.ConfigurationManager.AppSettings["Scope"];
 
             return View();
         }

OAuthSample/Controllers/OAuthController.cs

@@ -17,7 +17,7 @@ public class OAuthController : Controller
         // GET: /OAuth/
         public ActionResult Index()
         {
-            
+
             return View();
 
         }
@@ -27,89 +27,118 @@ public ActionResult RequestToken(string code, string status)
             return new RedirectResult(GenerateAuthorizeUrl());
         }
 
-        public ActionResult Callback(string code, string state)
+        public ActionResult RefreshToken(string refreshToken)
         {
-            var error = String.Empty;
-            var strResponseData = String.Empty;
-            var strPostData = String.Empty;
+            TokenModel token = new TokenModel();
+            String error = null;
 
-            if(!String.IsNullOrEmpty(code))
+            if (!String.IsNullOrEmpty(refreshToken))
             {
-                strPostData = GeneratePostData(code);
+                error = PerformTokenRequest(GenerateRefreshPostData(refreshToken), out token);
+                if (String.IsNullOrEmpty(error))
+                {
+                    ViewBag.Token = token;
+                }
+            }
+
+            ViewBag.Error = error;
 
-                HttpWebRequest webRequest = (HttpWebRequest)WebRequest.Create(
-                    ConfigurationManager.AppSettings["TokenUrl"]
-                    );
+            return View("TokenView");
+        }
 
-                webRequest.Method = "POST";
-                webRequest.ContentLength = strPostData.Length;
-                webRequest.ContentType = "application/x-www-form-urlencoded";
+        public ActionResult Callback(string code, string state)
+        {
+            TokenModel token = new TokenModel();
+            String error = null;
 
-                using (StreamWriter swRequestWriter = new StreamWriter(webRequest.GetRequestStream()))
+            if (!String.IsNullOrEmpty(code))
+            {
+                error = PerformTokenRequest(GenerateRequestPostData(code), out token);
+                if (String.IsNullOrEmpty(error))
                 {
-                    swRequestWriter.Write(strPostData);
+                    ViewBag.Token = token;
                 }
+            }
 
-                try
-                {
-                    HttpWebResponse hwrWebResponse = (HttpWebResponse)webRequest.GetResponse();
+            ViewBag.Error = error;
 
-                    if (hwrWebResponse.StatusCode == HttpStatusCode.OK)
-                    {
-                        using (StreamReader srResponseReader = new StreamReader(hwrWebResponse.GetResponseStream()))
-                        {
-                            strResponseData = srResponseReader.ReadToEnd();
-                        }
+            return View("TokenView");
+        }
 
-                        TokenModel token = JsonConvert.DeserializeObject<TokenModel>(strResponseData);
+        private String PerformTokenRequest(String postData, out TokenModel token)
+        {
+            var error = String.Empty;
+            var strResponseData = String.Empty;
 
-                        ViewBag.Token = token;
+            HttpWebRequest webRequest = (HttpWebRequest)WebRequest.Create(
+                ConfigurationManager.AppSettings["TokenUrl"]
+                );
 
-                        return View("TokenView");
-                    }
-                }
-                catch (WebException wex)
-                {
-                    error = "<strong>Request Issue:</strong> " + wex.Message.ToString();
-                }
-                catch (Exception ex)
+            webRequest.Method = "POST";
+            webRequest.ContentLength = postData.Length;
+            webRequest.ContentType = "application/x-www-form-urlencoded";
+
+            using (StreamWriter swRequestWriter = new StreamWriter(webRequest.GetRequestStream()))
+            {
+                swRequestWriter.Write(postData);
+            }
+
+            try
+            {
+                HttpWebResponse hwrWebResponse = (HttpWebResponse)webRequest.GetResponse();
+
+                if (hwrWebResponse.StatusCode == HttpStatusCode.OK)
                 {
-                    error = "<strong>Issue:</strong> " + ex.Message.ToString();
+                    using (StreamReader srResponseReader = new StreamReader(hwrWebResponse.GetResponseStream()))
+                    {
+                        strResponseData = srResponseReader.ReadToEnd();
+                    }
+
+                    token = JsonConvert.DeserializeObject<TokenModel>(strResponseData);
+                    return null;
                 }
             }
-            else
+            catch (WebException wex)
             {
-                error = "<strong>Issue:</strong> Empty authorization code";
+                error = "Request Issue: " + wex.Message;
+            }
+            catch (Exception ex)
+            {
+                error = "Issue: " + ex.Message;
             }
 
-            TokenModel emptyToken = new TokenModel();
-            emptyToken.Error = error;
-
-            ViewBag.Token = emptyToken;
-
-            return View("TokenView");
+            token = new TokenModel();
+            return error;
         }
 
         public String GenerateAuthorizeUrl()
         {
-            //TODO: Add some form of state manager
-            return String.Format("{0}?client_id={1}&response_type=Assertion&state={2}&scope=preview_api_all%20preview_msdn_licensing&redirect_uri={3}",
+            return String.Format("{0}?client_id={1}&response_type=Assertion&state={2}&scope={3}&redirect_uri={4}",
                 ConfigurationManager.AppSettings["AuthUrl"],
                 ConfigurationManager.AppSettings["AppId"],
                 "state",
+                ConfigurationManager.AppSettings["Scope"],
                 ConfigurationManager.AppSettings["CallbackUrl"]
                 );
         }
 
-        public string GeneratePostData(string code)
+        public string GenerateRequestPostData(string code)
         {
             return string.Format("client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&client_assertion={0}&grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion={1}&redirect_uri={2}",
                 HttpUtility.UrlEncode(ConfigurationManager.AppSettings["AppSecret"]),
                 HttpUtility.UrlEncode(code),
                 ConfigurationManager.AppSettings["CallbackUrl"]
                 );
-
         }
 
-	}
+        public string GenerateRefreshPostData(string refreshToken)
+        {
+            return string.Format("client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&client_assertion={0}&grant_type=refresh_token&assertion={1}&redirect_uri={2}",
+                HttpUtility.UrlEncode(ConfigurationManager.AppSettings["AppSecret"]),
+                HttpUtility.UrlEncode(refreshToken),
+                ConfigurationManager.AppSettings["CallbackUrl"]
+                );
+
+        }
+    }
 }

OAuthSample/Models/TokenModel.cs

@@ -23,7 +23,6 @@ public TokenModel()
         [JsonProperty(PropertyName = "refresh_token")]
         public String refreshToken { get; set; }
 
-        public String Error { get; set; }
     }
 
 }

OAuthSample/Properties/PublishProfiles/vsoalmoauth-tfsallin.pubxml

@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+This file is used by the publish/package process of your Web project. You can customize the behavior of this process
+by editing this MSBuild file. In order to learn more about this please visit http://go.microsoft.com/fwlink/?LinkID=208121. 
+-->
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <WebPublishMethod>MSDeploy</WebPublishMethod>
+    <LastUsedBuildConfiguration>Release</LastUsedBuildConfiguration>
+    <LastUsedPlatform>Any CPU</LastUsedPlatform>
+    <SiteUrlToLaunchAfterPublish>http://vsoalmoauth-tfsallin.azurewebsites.net</SiteUrlToLaunchAfterPublish>
+    <LaunchSiteAfterPublish>True</LaunchSiteAfterPublish>
+    <ExcludeApp_Data>False</ExcludeApp_Data>
+    <MSDeployServiceURL>vsoalmoauth-tfsallin.scm.azurewebsites.net:443</MSDeployServiceURL>
+    <DeployIisAppPath>vsoalmoauth-tfsallin</DeployIisAppPath>
+    <RemoteSitePhysicalPath />
+    <SkipExtraFilesOnServer>True</SkipExtraFilesOnServer>
+    <MSDeployPublishMethod>WMSVC</MSDeployPublishMethod>
+    <EnableMSDeployBackup>True</EnableMSDeployBackup>
+    <UserName>$vsoalmoauth-tfsallin</UserName>
+    <_SavePWD>True</_SavePWD>
+    <_DestinationType>AzureWebSite</_DestinationType>
+  </PropertyGroup>
+</Project>

OAuthSample/VSOClientOAuthSample.csproj

@@ -16,10 +16,10 @@
     <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
     <MvcBuildViews>false</MvcBuildViews>
     <UseIISExpress>true</UseIISExpress>
-    <IISExpressSSLPort />
-    <IISExpressAnonymousAuthentication />
-    <IISExpressWindowsAuthentication />
-    <IISExpressUseClassicPipelineMode />
+    <IISExpressSSLPort>44300</IISExpressSSLPort>
+    <IISExpressAnonymousAuthentication>enabled</IISExpressAnonymousAuthentication>
+    <IISExpressWindowsAuthentication>disabled</IISExpressWindowsAuthentication>
+    <IISExpressUseClassicPipelineMode>false</IISExpressUseClassicPipelineMode>
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
     <DebugSymbols>true</DebugSymbols>

OAuthSample/Views/Home/Index.cshtml

@@ -1,11 +1,18 @@
 @{
     ViewBag.Title = "Visual Studio Online OAuth Client Sample";
+
+    var missingMsg = "Not set - update web.config";
+    var appIdVal = !String.IsNullOrEmpty(ViewBag.AppId) ? ViewBag.AppId : missingMsg;
+    var scopeVal = !String.IsNullOrEmpty(ViewBag.Scope) ? ViewBag.Scope : missingMsg;
+    var callbackUrlVal = !String.IsNullOrEmpty(ViewBag.CallbackUrl) ? ViewBag.CallbackUrl : missingMsg;
 }
 
+
+
 <div class="jumbotron">
     <h1>Visual Studio Online OAuth Client Sample</h1>
     <p class="lead">This app shows how to authorize a user to authorize an app and then to request an access token to access Visual Studio Online on their behalf.</p>
-    <p><a href="/oauth/requesttoken" class="btn btn-primary btn-large">Start &raquo;</a></p>
+    <p><a href="/oauth/requesttoken" class="btn btn-primary btn-large"  >Start &raquo;</a></p>
 </div>
 
 <div class="row">
@@ -15,10 +22,11 @@
             Before you start, make sure to:
             <ol>
                 <li><a href="https://app.vssps.visualstudio.com/app/register">Register</a> a client app with Visual Studio Online</li>
-                <li>Update the web.config of this web app and set the App ID, App Secret, and Callback URL set in the registered app. The callback URL should be https://<i>site</i>/oauth/callback
+                <li>Update the web.config of this web app and set the App ID, Scope, App Secret, and Callback URL set in the registered app. The callback URL should be https://<i>site</i>/oauth/callback
                     <ul>
-                        <li>App ID: <strong>@ViewBag.AppId</strong></li>
-                        <li>Callback URL: <strong>@ViewBag.CallbackUrl</strong></li>
+                        <li>App ID: <strong>@appIdVal</strong></li>
+                        <li>Scope: <strong>@scopeVal</strong></li>
+                        <li>Callback URL: <strong>@callbackUrlVal</strong></li>
                     </ul>
                 </li>
             </ol>

OAuthSample/Views/OAuth/TokenView.cshtml

@@ -2,12 +2,64 @@
     ViewBag.Title = "Details";
 }
 
+<style>
+
+    input[type=text], textarea {
+        font-family: monospace;
+        margin-bottom: 20px;
+        max-width: 660px;
+    }
+
+    #expiration {
+        max-width: 6em;
+    }
+
+</style>
+
 <h2>Token details</h2>
 
-<p><strong>Access token: </strong>@ViewBag.Token.accessToken</p>
-<p><strong>Token type: </strong>@ViewBag.Token.tokenType</p>
-<p><strong>Expires in: </strong>@ViewBag.Token.expiresIn (seconds)</p>
-<p><strong>Refresh token: </strong>@ViewBag.Token.refreshToken</p>
+@if (!String.IsNullOrEmpty(ViewBag.Error))
+{
+    <p>@ViewBag.Error</p>
+}
+else
+{
+    <script>
+        var expiration = @ViewBag.Token.expiresIn;
+
+        var startTime = Math.floor(Date.now() / 1000);
+        var timer = window.setInterval(updateExpiration, 1000);
+        function updateExpiration() {
+             var val = Math.max(0, expiration - (Math.floor(Date.now() / 1000) - startTime));
+             document.getElementById("expiration").value = val;
+
+             if (val == 0) {
+                 window.clearInterval(timer);
+             }
+        }
+
+        function selectAll(e)
+        {
+            e.focus();
+            e.select();
+        }
 
-<p>@ViewBag.Token.Error</p>
+    </script>
+
+    <form method="post" action="/oauth/refreshtoken">
+
+        <p>Access token:</p>
+        <textarea rows="6" cols="80" onfocus="selectAll(this)" onclick="selectAll(this)" readonly="readonly" >@ViewBag.Token.accessToken</textarea>
+
+        <p>Refresh token:</p>
+        <textarea rows="6" cols="80" name="refreshToken" onfocus="selectAll(this)" onclick="selectAll(this)" readonly="readonly">@ViewBag.Token.refreshToken</textarea>
+
+        <p>Expiration (seconds):</p>
+        <input type="text" id="expiration" value="@ViewBag.Token.expiresIn" readonly />
+
+        <p><input type="submit" value="Refresh Token" /></p>
+
+    </form>
+}
 
+<p><a href="/">Return to start</a></p>

OAuthSample/Web.config

@@ -11,11 +11,12 @@
     <add key="UnobtrusiveJavaScriptEnabled" value="true" />
 
     <!-- App Settings for OAuth-->
-    <add key="AppId" value="(not set)"/>
-    <add key="AppSecret" value="(not set)"/>
+    <add key="AppId" value=""/>
+    <add key="AppSecret" value=""/>
+    <add key="Scope" value=""/>
     <add key="AuthUrl" value="https://app.vssps.visualstudio.com/oauth2/authorize"/>
     <add key="TokenUrl" value="https://app.vssps.visualstudio.com/oauth2/token"/>
-    <add key="CallbackUrl" value="https://(not set).azurewebsites.net/oauth/callback"/>
+    <add key="CallbackUrl" value=""/>
   </appSettings>
   <system.web>
     <compilation debug="true" targetFramework="4.5" />