As part of the restructuring work of IdentityModel, I separated the HTTP and OAuth2 client bits into a separate project. The nice side effect of this is that the client library is now portable and can be used in .NET 4.5, WinRT, Windows Phone 8 and Xamarin.

What’s inside?

OAuth2 token requests
The OAuth2Client class assists in making requests to a OAuth2 token endpoint. It supports code, password, refresh token, client credentials and assertion grants, e.g.:

private async Task<TokenResponse> RequestTokenAsync(
  string userName, string password)

{

    var client = new OAuth2Client(

        new Uri(_baseAddress + “/token”),

        “clientId”,

        “clientSecret”);

    return await client.RequestResourceOwnerPasswordAsync(userName, password);

}

Besides scope, you can also pass arbitrary additional parameters.

Creating authorize request URLs
Another helper creates URLs for authorize requests – in particular for the code and implicit flow:

var client = new OAuth2Client(endpoint);

var startUri = client.CreateImplicitFlowUrl(

    clientId,

    scope,

    callbackUri.AbsoluteUri);

Parsing authorize and token responses
We can also help parsing responses coming back from authorize and token endpoints, following example is part of an implicit flow client (parsing the redirect URI of a web view):

private string GetToken(string redirectUri)

{

    var response = new AuthorizeResponse(redirectUri);

    return response.AccessToken;

}

Again these classes support additional response parameters that are not part of the core spec.

Extensions methods
The library also includes extensions methods for HttpClient to set bearer and basic authentication authorization headers and helpers to deal with epoch time (the time format used in OAuth2 expires_in responses).

var client = new HttpClient { BaseAddress = _baseAddress };

client.SetBearerToken(token);

var response = await client.GetStringAsync(“api/identity”);

Give it a try and give us feedback! The source code can be found here – and the nuget here.