/// <summary>
/// handle authorize request
/// </summary>
protected virtual async Task HandleAuthorizeRequestAsync(HttpContext context)
{
var respType = context.Request.Query[OAuth2Consts.Form_ResponseType].FirstOrDefault();
var clientID = context.Request.Query[OAuth2Consts.Form_ClientID].FirstOrDefault();
var redirectURI = context.Request.Query[OAuth2Consts.Form_RedirectUri].FirstOrDefault();
var scopesStr = context.Request.Query[OAuth2Consts.Form_Scope].FirstOrDefault();
var state = context.Request.Query[OAuth2Consts.Form_State].FirstOrDefault();
//GetSurferID(context);
// verify client
var clientVerifyResult = await _clientValidator.VerifyClientAsync(
clientID : clientID
, responseType : respType
, redirectURI : redirectURI
, scopesStr : scopesStr
, state : state
);
if (!clientVerifyResult.IsSuccess)
{
await ErrorHandler(context.Response, HttpStatusCode.BadRequest, clientVerifyResult.MsgCode, clientVerifyResult.MsgCodeDescription);
return;
}
if (!context.User.Identity.IsAuthenticated)
{
// user not login, redirect to login page
await context.ChallengeAsync();
return;
}
switch (respType)
{
case OAuth2Consts.ResponseType_Code:
// authorization code
await AuthorizationCodeRequestHandler(context, clientVerifyResult.Result, scopesStr, redirectURI, state);
break;
case OAuth2Consts.ResponseType_Token:
// implicit
await ImplicitTokenRequestHandler(context, clientVerifyResult.Result, scopesStr, redirectURI, state);
break;
default:
await ErrorHandler(context.Response, HttpStatusCode.BadRequest, OAuth2Consts.Err_unsupported_response_type);
break;
}
}
