private async Task <TokenRequestValidationResult> RunValidationAsync(Func <NameValueCollection, Task <TokenRequestValidationResult> > validationFunc, NameValueCollection parameters)
{
// run standard validation
var result = await validationFunc(parameters);
if (result.IsError)
{
return(result);
}
// run custom validation
_logger.LogTrace("Calling into custom request validator: {type}", _customRequestValidator.GetType().FullName);
var customValidationContext = new CustomTokenRequestValidationContext {
Result = result
};
await _customRequestValidator.ValidateAsync(customValidationContext);
if (customValidationContext.Result.IsError)
{
if (customValidationContext.Result.Error.IsPresent())
{
LogError("Custom token request validator", new { error = customValidationContext.Result.Error });
}
else
{
LogError("Custom token request validator error");
}
return(customValidationContext.Result);
}
LogSuccess();
LicenseValidator.ValidateClient(customValidationContext.Result.ValidatedRequest.ClientId);
return(customValidationContext.Result);
}
public async Task <AuthorizeRequestValidationResult> ValidateAsync(NameValueCollection parameters, ClaimsPrincipal subject = null)
{
_logger.LogDebug("Start authorize request protocol validation");
var request = new ValidatedAuthorizeRequest
{
Options = _options,
IssuerName = await _issuerNameService.GetCurrentAsync(),
Subject = subject ?? Principal.Anonymous,
Raw = parameters ?? throw new ArgumentNullException(nameof(parameters))
};
// load client_id
// client_id must always be present on the request
var loadClientResult = await LoadClientAsync(request);
if (loadClientResult.IsError)
{
return(loadClientResult);
}
// load request object
var roLoadResult = await LoadRequestObjectAsync(request);
if (roLoadResult.IsError)
{
return(roLoadResult);
}
// validate request object
var roValidationResult = await ValidateRequestObjectAsync(request);
if (roValidationResult.IsError)
{
return(roValidationResult);
}
// validate client_id and redirect_uri
var clientResult = await ValidateClientAsync(request);
if (clientResult.IsError)
{
return(clientResult);
}
// state, response_type, response_mode
var mandatoryResult = ValidateCoreParameters(request);
if (mandatoryResult.IsError)
{
return(mandatoryResult);
}
// scope, scope restrictions and plausability, and resource indicators
var scopeResult = await ValidateScopeAndResourceAsync(request);
if (scopeResult.IsError)
{
return(scopeResult);
}
// nonce, prompt, acr_values, login_hint etc.
var optionalResult = await ValidateOptionalParametersAsync(request);
if (optionalResult.IsError)
{
return(optionalResult);
}
// custom validator
_logger.LogDebug("Calling into custom validator: {type}", _customValidator.GetType().FullName);
var context = new CustomAuthorizeRequestValidationContext
{
Result = new AuthorizeRequestValidationResult(request)
};
await _customValidator.ValidateAsync(context);
var customResult = context.Result;
if (customResult.IsError)
{
LogError("Error in custom validation", customResult.Error, request);
return(Invalid(request, customResult.Error, customResult.ErrorDescription));
}
_logger.LogTrace("Authorize request protocol validation successful");
LicenseValidator.ValidateClient(request.ClientId);
return(Valid(request));
}