Fixed bug where we were looking up access tokens as if they were requ…

…est tokens.

src/DotNetOpenAuth.Test/OAuth/ChannelElements/OAuthChannelTests.cs

@@ -47,22 +47,22 @@ public void CtorNullSigner() {
 
 		[TestMethod, ExpectedException(typeof(ArgumentNullException))]
 		public void CtorNullStore() {
-			new OAuthChannel(this.signingElement, null, new InMemoryTokenManager(), new TestMessageFactory());
+			new OAuthChannel(new RsaSha1SigningBindingElement(new InMemoryTokenManager()), null, new InMemoryTokenManager(), new TestMessageFactory());
 		}
 
 		[TestMethod, ExpectedException(typeof(ArgumentNullException))]
 		public void CtorNullTokenManager() {
-			new OAuthChannel(this.signingElement, this.nonceStore, null, new TestMessageFactory());
+			new OAuthChannel(new RsaSha1SigningBindingElement(new InMemoryTokenManager()), this.nonceStore, null, new TestMessageFactory());
 		}
 
 		[TestMethod]
 		public void CtorSimpleConsumer() {
-			new OAuthChannel(this.signingElement, this.nonceStore, (IConsumerTokenManager)new InMemoryTokenManager());
+			new OAuthChannel(new RsaSha1SigningBindingElement(new InMemoryTokenManager()), this.nonceStore, (IConsumerTokenManager)new InMemoryTokenManager());
 		}
 
 		[TestMethod]
 		public void CtorSimpleServiceProvider() {
-			new OAuthChannel(this.signingElement, this.nonceStore, (IServiceProviderTokenManager)new InMemoryTokenManager());
+			new OAuthChannel(new RsaSha1SigningBindingElement(new InMemoryTokenManager()), this.nonceStore, (IServiceProviderTokenManager)new InMemoryTokenManager());
 		}
 
 		[TestMethod]

src/DotNetOpenAuth/OAuth/ChannelElements/OAuthServiceProviderMessageFactory.cs

@@ -56,11 +56,7 @@ public virtual IDirectedProtocolMessage GetNewRequestMessage(MessageReceivingEnd
 			MessageBase message = null;
 			Protocol protocol = Protocol.V10; // default to assuming the less-secure 1.0 instead of 1.0a until we prove otherwise.
 			string token;
-			if (fields.TryGetValue("oauth_token", out token)) {
-				// Discern between 1.0 and 1.0a requests by checking on the consumer version we stored
-				// when the consumer first requested an unauthorized token.
-				protocol = Protocol.Lookup(this.tokenManager.GetRequestToken(token).ConsumerVersion);
-			}
+			fields.TryGetValue("oauth_token", out token);
 
 			if (fields.ContainsKey("oauth_consumer_key") && !fields.ContainsKey("oauth_token")) {
 				protocol = fields.ContainsKey("oauth_callback") ? Protocol.V10a : Protocol.V10;
@@ -71,11 +67,19 @@ public virtual IDirectedProtocolMessage GetNewRequestMessage(MessageReceivingEnd
 				// is in the token parameter.
 				bool tokenTypeIsAccessToken = this.tokenManager.GetTokenType(token) == TokenType.AccessToken;
 
-				message = tokenTypeIsAccessToken ?
-					(MessageBase)new AccessProtectedResourceRequest(recipient, protocol.Version) :
-					new AuthorizedTokenRequest(recipient, protocol.Version);
+				if (tokenTypeIsAccessToken) {
+					message = (MessageBase)new AccessProtectedResourceRequest(recipient, protocol.Version);
+				} else {
+					// Discern between 1.0 and 1.0a requests by checking on the consumer version we stored
+					// when the consumer first requested an unauthorized token.
+					protocol = Protocol.Lookup(this.tokenManager.GetRequestToken(token).ConsumerVersion);
+					message = new AuthorizedTokenRequest(recipient, protocol.Version);
+				}
 			} else {
 				// fail over to the message with no required fields at all.
+				if (token != null) {
+					protocol = Protocol.Lookup(this.tokenManager.GetRequestToken(token).ConsumerVersion);
+				}
 
 				// If a callback parameter is included, that suggests either the consumer
 				// is following OAuth 1.0 instead of 1.0a, or that a hijacker is trying