Update console application

- Follow .NET naming conventions
- Await tasks appropriately
- Remove client ID and client secret from source code

Author: jskeet

OAuthConsoleApp/OAuthConsoleApp/Program.cs

@@ -1,4 +1,4 @@
-// Copyright 2016 Google Inc.
+// Copyright 2016 Google Inc.
 // 
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -12,23 +12,34 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+using Newtonsoft.Json;
 using System;
 using System.Collections.Generic;
-using System.Text;
-using System.Threading.Tasks;
-using Newtonsoft.Json;
+using System.Diagnostics;
 using System.IO;
 using System.Net;
 using System.Net.Sockets;
-using System.Security.Cryptography;
 using System.Runtime.InteropServices;
+using System.Security.Cryptography;
+using System.Text;
+using System.Threading.Tasks;
 
 namespace OAuthConsoleApp
 {
     class Program
     {
-        static void Main(string[] args)
+        const string AuthorizationEndpoint = "https://accounts.google.com/o/oauth2/v2/auth";
+
+        static async Task<int> Main(string[] args)
         {
+            if (args.Length != 2)
+            {
+                Console.WriteLine("Required command line arguments: client-id client-secret");
+                return 1;
+            }
+            string clientId = args[0];
+            string clientSecret = args[1];
+            
             Console.WriteLine("+-----------------------+");
             Console.WriteLine("|  Sign in with Google  |");
             Console.WriteLine("+-----------------------+");
@@ -37,18 +48,13 @@ static void Main(string[] args)
             Console.ReadKey();
 
             Program p = new Program();
-            p.doOAuth();
+            await p.DoOAuthAsync(clientId, clientSecret);
 
+            Console.WriteLine("Press any key to exit...");
             Console.ReadKey();
+            return 0;
         }
 
-        // client configuration
-        const string clientID = "581786658708-elflankerquo1a6vsckabbhn25hclla0.apps.googleusercontent.com";
-        const string clientSecret = "3f6NggMbPtrmIBpgx-MK2xXK";
-        const string authorizationEndpoint = "https://accounts.google.com/o/oauth2/v2/auth";
-        const string tokenEndpoint = "https://www.googleapis.com/oauth2/v4/token";
-        const string userInfoEndpoint = "https://www.googleapis.com/oauth2/v3/userinfo";
-
         // ref http://stackoverflow.com/a/3978040
         public static int GetRandomUnusedPort()
         {
@@ -59,35 +65,35 @@ public static int GetRandomUnusedPort()
             return port;
         }
 
-        private async void doOAuth()
+        private async Task DoOAuthAsync(string clientId, string clientSecret)
         {
             // Generates state and PKCE values.
-            string state = randomDataBase64url(32);
-            string code_verifier = randomDataBase64url(32);
-            string code_challenge = base64urlencodeNoPadding(sha256(code_verifier));
-            const string code_challenge_method = "S256";
+            string state = GenerateRandomDataBase64url(32);
+            string codeVerifier = GenerateRandomDataBase64url(32);
+            string codeChallenge = Base64UrlEncodeNoPadding(Sha256Ascii(codeVerifier));
+            const string codeChallengeMethod = "S256";
 
             // Creates a redirect URI using an available port on the loopback address.
-            string redirectURI = string.Format("http://{0}:{1}/", IPAddress.Loopback, GetRandomUnusedPort());
-            output("redirect URI: " + redirectURI);
+            string redirectUri = $"http://{IPAddress.Loopback}:{GetRandomUnusedPort()}/";
+            Log("redirect URI: " + redirectUri);
 
             // Creates an HttpListener to listen for requests on that redirect URI.
             var http = new HttpListener();
-            http.Prefixes.Add(redirectURI);
-            output("Listening..");
+            http.Prefixes.Add(redirectUri);
+            Log("Listening..");
             http.Start();
 
             // Creates the OAuth 2.0 authorization request.
             string authorizationRequest = string.Format("{0}?response_type=code&scope=openid%20profile&redirect_uri={1}&client_id={2}&state={3}&code_challenge={4}&code_challenge_method={5}",
-                authorizationEndpoint,
-                System.Uri.EscapeDataString(redirectURI),
-                clientID,
+                AuthorizationEndpoint,
+                Uri.EscapeDataString(redirectUri),
+                clientId,
                 state,
-                code_challenge,
-                code_challenge_method);
+                codeChallenge,
+                codeChallengeMethod);
 
             // Opens request in the browser.
-            System.Diagnostics.Process.Start(authorizationRequest);
+            Process.Start(authorizationRequest);
 
             // Waits for the OAuth authorization response.
             var context = await http.GetContextAsync();
@@ -97,71 +103,71 @@ private async void doOAuth()
 
             // Sends an HTTP response to the browser.
             var response = context.Response;
-            string responseString = string.Format("Please return to the app.");
-            var buffer = System.Text.Encoding.UTF8.GetBytes(responseString);
+            string responseString = "Please return to the app.";
+            byte[] buffer = Encoding.UTF8.GetBytes(responseString);
             response.ContentLength64 = buffer.Length;
             var responseOutput = response.OutputStream;
-            Task responseTask = responseOutput.WriteAsync(buffer, 0, buffer.Length).ContinueWith((task) =>
-            {
-                responseOutput.Close();
-                http.Stop();
-                Console.WriteLine("HTTP server stopped.");
-            });
+            await responseOutput.WriteAsync(buffer, 0, buffer.Length);
+            responseOutput.Close();
+            http.Stop();
+            Log("HTTP server stopped.");
 
             // Checks for errors.
-            if (context.Request.QueryString.Get("error") != null)
+            string error = context.Request.QueryString.Get("error");
+            if (error is object)
             {
-                output(String.Format("OAuth authorization error: {0}.", context.Request.QueryString.Get("error")));
+                Log($"OAuth authorization error: {error}.");
                 return;
             }
-            if (context.Request.QueryString.Get("code") == null
-                || context.Request.QueryString.Get("state") == null)
+            if (context.Request.QueryString.Get("code") is null
+                || context.Request.QueryString.Get("state") is null)
             {
-                output("Malformed authorization response. " + context.Request.QueryString);
+                Log($"Malformed authorization response. {context.Request.QueryString}");
                 return;
             }
 
             // extracts the code
             var code = context.Request.QueryString.Get("code");
-            var incoming_state = context.Request.QueryString.Get("state");
+            var incomingState = context.Request.QueryString.Get("state");
 
             // Compares the receieved state to the expected value, to ensure that
             // this app made the request which resulted in authorization.
-            if (incoming_state != state)
+            if (incomingState != state)
             {
-                output(String.Format("Received request with invalid state ({0})", incoming_state));
+                Log($"Received request with invalid state ({incomingState})");
                 return;
             }
-            output("Authorization code: " + code);
+            Log("Authorization code: " + code);
 
             // Starts the code exchange at the Token Endpoint.
-            performCodeExchange(code, code_verifier, redirectURI);
+            await ExchangeCodeForTokensAsync(code, codeVerifier, redirectUri, clientId, clientSecret);
         }
 
-        async void performCodeExchange(string code, string code_verifier, string redirectURI)
+        async Task ExchangeCodeForTokensAsync(string code, string codeVerifier, string redirectUri, string clientId, string clientSecret)
         {
-            output("Exchanging code for tokens...");
+            Log("Exchanging code for tokens...");
 
             // builds the  request
-            string tokenRequestURI = "https://www.googleapis.com/oauth2/v4/token";
+            string tokenRequestUri = "https://www.googleapis.com/oauth2/v4/token";
             string tokenRequestBody = string.Format("code={0}&redirect_uri={1}&client_id={2}&code_verifier={3}&client_secret={4}&scope=&grant_type=authorization_code",
                 code,
-                System.Uri.EscapeDataString(redirectURI),
-                clientID,
-                code_verifier,
+                Uri.EscapeDataString(redirectUri),
+                clientId,
+                codeVerifier,
                 clientSecret
                 );
 
             // sends the request
-            HttpWebRequest tokenRequest = (HttpWebRequest)WebRequest.Create(tokenRequestURI);
+            HttpWebRequest tokenRequest = (HttpWebRequest)WebRequest.Create(tokenRequestUri);
             tokenRequest.Method = "POST";
             tokenRequest.ContentType = "application/x-www-form-urlencoded";
             tokenRequest.Accept = "Accept=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8";
-            byte[] _byteVersion = Encoding.ASCII.GetBytes(tokenRequestBody);
-            tokenRequest.ContentLength = _byteVersion.Length;
-            Stream stream = tokenRequest.GetRequestStream();
-            await stream.WriteAsync(_byteVersion, 0, _byteVersion.Length);
-            stream.Close();
+            byte[] tokenRequestBodyBytes = Encoding.ASCII.GetBytes(tokenRequestBody);
+            tokenRequest.ContentLength = tokenRequestBodyBytes.Length;
+            using (Stream requestStream = tokenRequest.GetRequestStream())
+            {
+                await requestStream.WriteAsync(tokenRequestBodyBytes, 0, tokenRequestBodyBytes.Length);
+            }
 
             try
             {
@@ -176,8 +182,8 @@ async void performCodeExchange(string code, string code_verifier, string redirec
                     // converts to dictionary
                     Dictionary<string, string> tokenEndpointDecoded = JsonConvert.DeserializeObject<Dictionary<string, string>>(responseText);
 
-                    string access_token = tokenEndpointDecoded["access_token"];
-                    userinfoCall(access_token);
+                    string accessToken = tokenEndpointDecoded["access_token"];
+                    await RequestUserInfoAsync(accessToken);
                 }
             }
             catch (WebException ex)
@@ -187,31 +193,30 @@ async void performCodeExchange(string code, string code_verifier, string redirec
                     var response = ex.Response as HttpWebResponse;
                     if (response != null)
                     {
-                        output("HTTP: " + response.StatusCode);
+                        Log("HTTP: " + response.StatusCode);
                         using (StreamReader reader = new StreamReader(response.GetResponseStream()))
                         {
                             // reads response body
                             string responseText = await reader.ReadToEndAsync();
-                            output(responseText);
+                            Log(responseText);
                         }
                     }
 
                 }
             }
         }
 
-
-        async void userinfoCall(string access_token)
+        private async Task RequestUserInfoAsync(string accessToken)
         {
-            output("Making API Call to Userinfo...");
+            Log("Making API Call to Userinfo...");
 
             // builds the  request
-            string userinfoRequestURI = "https://www.googleapis.com/oauth2/v3/userinfo";
+            string userinfoRequestUri = "https://www.googleapis.com/oauth2/v3/userinfo";
 
             // sends the request
-            HttpWebRequest userinfoRequest = (HttpWebRequest)WebRequest.Create(userinfoRequestURI);
+            HttpWebRequest userinfoRequest = (HttpWebRequest)WebRequest.Create(userinfoRequestUri);
             userinfoRequest.Method = "GET";
-            userinfoRequest.Headers.Add(string.Format("Authorization: Bearer {0}", access_token));
+            userinfoRequest.Headers.Add(string.Format("Authorization: Bearer {0}", accessToken));
             userinfoRequest.ContentType = "application/x-www-form-urlencoded";
             userinfoRequest.Accept = "Accept=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8";
 
@@ -221,15 +226,15 @@ async void userinfoCall(string access_token)
             {
                 // reads response body
                 string userinfoResponseText = await userinfoResponseReader.ReadToEndAsync();
-                output(userinfoResponseText);
+                Log(userinfoResponseText);
             }
         }
 
         /// 
         /// Appends the given string to the on-screen log, and the debug console.
         /// 
-        /// string to be appended
-        public void output(string output)
+        /// String to be logged
+        private void Log(string output)
         {
             Console.WriteLine(output);
         }
@@ -239,32 +244,32 @@ public void output(string output)
         /// 
         /// Input length (nb. output will be longer)
         /// 
-        public static string randomDataBase64url(uint length)
+        private static string GenerateRandomDataBase64url(uint length)
         {
             RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
             byte[] bytes = new byte[length];
             rng.GetBytes(bytes);
-            return base64urlencodeNoPadding(bytes);
+            return Base64UrlEncodeNoPadding(bytes);
         }
 
         /// 
-        /// Returns the SHA256 hash of the input string.
+        /// Returns the SHA256 hash of the input string, which is assumed to be ASCII.
         /// 
-        /// 
-        /// 
-        public static byte[] sha256(string inputStirng)
+        private static byte[] Sha256Ascii(string text)
         {
-            byte[] bytes = Encoding.ASCII.GetBytes(inputStirng);
-            SHA256Managed sha256 = new SHA256Managed();
-            return sha256.ComputeHash(bytes);
+            byte[] bytes = Encoding.ASCII.GetBytes(text);
+            using (SHA256Managed sha256 = new SHA256Managed())
+            {
+                return sha256.ComputeHash(bytes);
+            }
         }
 
         /// 
         /// Base64url no-padding encodes the given input buffer.
         /// 
         /// 
         /// 
-        public static string base64urlencodeNoPadding(byte[] buffer)
+        private static string Base64UrlEncodeNoPadding(byte[] buffer)
         {
             string base64 = Convert.ToBase64String(buffer);