public AuthorizationResponse SVX_MakeAuthorizationResponse(AuthorizationRequest req, IdPAuthenticationEntry idpConc)
        {
            // In the real CodeEndpoint, we would request an
            // IdPAuthenticationEntry for req.SVX_sender, but SVX doesn't know
            // that, so we have to do a concrete check.
            SVX.VProgram_API.Assert(req.SVX_sender == idpConc.channel);

            // Copy/paste: [With this expression inlined below, BCT silently mistranslated the code.]
            var theParams = new AuthorizationCodeParams
            {
                redirect_uri = req.redirect_uri,
                userID       = idpConc.userID
            };
            var authorizationCode = authorizationCodeGenerator.Generate(theParams, SVX_Principal);

            return(new AuthorizationResponse
            {
                code = authorizationCode,
                state = req.state
            });
        }
        public virtual AccessTokenResponse SVX_MakeAccessTokenResponse(AccessTokenRequest req, AuthorizationCodeParams codeParamsHint)
        {
            // We should only get here with req.grant_type ==
            // "authorization_code", so we don't have to worry about modeling
            // what IdP does in any other case.
            if (req.grant_type != "authorization_code")
            {
                return(SVX.VProgram_API.Nondet <AccessTokenResponse>());
            }

            authorizationCodeGenerator.Verify(codeParamsHint, req.code);

            if (req.redirect_uri != codeParamsHint.redirect_uri)
            {
                throw new Exception("Authorization code RP mismatch");
            }

            var tokenParams = new AccessTokenParams
            {
                userID = codeParamsHint.userID
            };
            var token = accessTokenGenerator.Generate(tokenParams);

            return(new AccessTokenResponse
            {
                access_token = token
            });
        }