private async Task <ValidationResult> ValidateAuthorizationCode(string code, TrustedDeviceAuthorizationCode authorizationCode, string codeVerifier, string deviceId, Client client)
{
// Validate that the current client is not trying to use an authorization code of a different client.
if (authorizationCode.ClientId != client.ClientId)
{
return(Error(OidcConstants.TokenErrors.InvalidGrant, "Authorization code is invalid."));
}
// Validate that the current device is not trying to use an authorization code of a different device.
if (authorizationCode.DeviceId != deviceId)
{
return(Error(OidcConstants.TokenErrors.InvalidGrant, "Authorization code is invalid."));
}
// Remove authorization code.
await CodeChallengeStore.RemoveAuthorizationCode(code);
// Validate code expiration.
if (authorizationCode.CreationTime.HasExceeded(authorizationCode.Lifetime, SystemClock.UtcNow.UtcDateTime))
{
return(Error(OidcConstants.TokenErrors.InvalidGrant, "Authorization code is invalid."));
}
if (authorizationCode.CreationTime.HasExceeded(client.AuthorizationCodeLifetime, SystemClock.UtcNow.UtcDateTime))
{
return(Error(OidcConstants.TokenErrors.InvalidGrant, "Authorization code is invalid."));
}
if (authorizationCode.RequestedScopes == null || !authorizationCode.RequestedScopes.Any())
{
return(Error(OidcConstants.TokenErrors.InvalidGrant, "Authorization code is invalid."));
}
var proofKeyParametersValidationResult = ValidateAuthorizationCodeWithProofKeyParameters(codeVerifier, authorizationCode);
if (proofKeyParametersValidationResult.IsError)
{
return(Error(proofKeyParametersValidationResult.Error, proofKeyParametersValidationResult.ErrorDescription));
}
return(Success());
}
