public async Task <IActionResult> Activate(string id)
        {
            if (string.IsNullOrEmpty(id))
            {
                throw new InvalidOperationException();
            }

            var user = await _userManager.FindByIdAsync(id);

            if (user == null)
            {
                throw new InvalidOperationException();
            }

            if (user.MigrationStatus == (int)MigrationStatus.NotMigrated)
            {
                throw new InvalidOperationException();
            }

            await _graphService.SetUserActivationStatusAsync(user.UserName, "Pending");

            var userClaims = await _userManager.GetClaimsAsync(user);

            var displayNameClaim = userClaims.First(c => c.Type == WingTipClaimTypes.DisplayNameClaimType);
            var nonce            = _passwordGenerator.GeneratePassword();
            var redeemUrl        = GenerateSignedRedeemUrl(user.UserName, nonce);

            _smtpService.SendActivationEmail(user.UserName, displayNameClaim.Value, redeemUrl);
            var existingNonceClaim = userClaims.FirstOrDefault(c => c.Type == WingTipClaimTypes.NonceClaimType);

            if (existingNonceClaim != null)
            {
                var removeClaimResult = await _userManager.RemoveClaimAsync(user, existingNonceClaim);

                if (!removeClaimResult.Succeeded)
                {
                    throw new InvalidOperationException(removeClaimResult.Errors.ToString());
                }
            }

            var newNonceClaim  = new Claim(WingTipClaimTypes.NonceClaimType, nonce);
            var addClaimResult = await _userManager.AddClaimAsync(user, newNonceClaim);

            if (!addClaimResult.Succeeded)
            {
                throw new InvalidOperationException(addClaimResult.Errors.ToString());
            }

            return(RedirectToAction("Index"));
        }
        public async Task <IActionResult> CheckNonce([FromForm] AccountCheckNonceRequest request)
        {
            if (request == null || string.IsNullOrWhiteSpace(request.UserName) || string.IsNullOrWhiteSpace(request.Nonce))
            {
                return(BadRequest());
            }

            var user = await _userManager.FindByNameAsync(request.UserName);

            // If the user does not exist, then return a bad request result.
            if (user == null)
            {
                return(BadRequest());
            }

            var userClaims = await _userManager.GetClaimsAsync(user);

            var nonceClaim = userClaims.FirstOrDefault(c => c.Type == NonceClaimType);

            if (nonceClaim != null && request.Nonce == nonceClaim.Value)
            {
                await _userManager.RemoveClaimAsync(user, nonceClaim);

                await _graphService.SetUserActivationStatusAsync(user.UserName, "Activated");

                return(Ok());
            }

            var errorResponse = new AccountCheckNonceErrorResponse
            {
                version     = "1.0.0",
                status      = (int)HttpStatusCode.Conflict,
                userMessage = "The activation link we sent you is old or it has already been used."
            };

            return(new ObjectResult(errorResponse)
            {
                StatusCode = (int)HttpStatusCode.Conflict
            });
        }