private async Task <IActionResult> AuthCodeFlow(PostTokenRequestBody body) { var scopes = body.scope.Split(' '); if (!scopes.Contains(CommonScope.OfflineAccess)) { scopes.Append(CommonScope.OfflineAccess); } var ssoToken = GetJwtBearerTokenFromRequest(); var token = await _authHandler.AcquireTokenByAuthorizationCode( scopes, body.redirect_uri, body.code, body.code_verifier, ssoToken) .ConfigureAwait(false); var result = new PostTokenResponse() { access_token = token.AccessToken, scope = string.Join(' ', token.Scopes), expires_on = token.ExpiresOn }; return(Ok(result)); }