private async Task ValidateRequestAsync(IAuthorizationCodeTokenRequest request) { _request = request; if (_request.ClientId == Guid.Empty) { throw new InvalidClientException("Invalid client credentials."); } if (_request.Code == null) { throw new InvalidGrantException("Invalid authorization code."); } _code = await _authorizationCodeRepository.FindAsync(_request.Code); if (_code?.UserId == null || _code.IsExpired) { throw new InvalidGrantException("Invalid authorization code."); } // If someone tries to use the same authorization code twice, disable the access token. if (_code.Used) { if (_code.AccessToken != null) { _code.AccessToken.Disabled = true; await _accessTokenRepository.SaveAsync(); } throw new InvalidGrantException("Invalid authorization code."); } if (_code.ClientId != _request.ClientId) { throw new InvalidGrantException("Invalid client id."); } _application = await _findApplicationService.FindByClientIdAsync(request.ClientId); if (_application.Type == ClientTypes.Confidential) { await _authenticateClientService.AuthenticateAsync(request.ClientId, request.ClientSecret); } _redirectUri = request.RedirectUri ?? _application.RedirectUri; if (_redirectUri != _application.RedirectUri) { throw new InvalidGrantException("The provided redirect URI does not match the one on record."); } }
private async Task ValidateRequestAsync(IAuthorizationRequest request) { _request = request; if (_request.ResponseType != "code") { throw new UnsupportedResponseTypeException("The only supported response type is 'code'."); } var application = await _findApplicationService.FindByClientIdAsync(_request.ClientId); if (application == null) { throw new InvalidClientException("No application with that client ID could be found.", request.State); } // Make sure the provided scopes actually exists within this application. if (_request.Scope != null) { var scopes = _request.Scope.Split(" "); foreach (var scope in scopes) { var allScopes = InbuiltScopes.All.Concat(application.Scopes.Select(s => s.Name)); if (!allScopes.Contains(scope)) { throw new InvalidScopeException("The provided scope is invalid.", request.State); } } } // Make sure the provided redirect uri is identical to the registered redirect uri. var redirectUri = _request.RedirectUri ?? application.RedirectUri; if (redirectUri != application.RedirectUri) { throw new InvalidGrantException("The provided redirect URI does not match the one on record.", request.State); } }