Example #1
0
        /// <summary>
        /// Checks if consent is required.
        /// </summary>
        /// <param name="subject">The user.</param>
        /// <param name="client">The client.</param>
        /// <param name="scopes">The scopes.</param>
        /// <returns>
        /// Boolean if consent is required.
        /// </returns>
        /// <exception cref="System.ArgumentNullException">
        /// client
        /// or
        /// subject
        /// </exception>
        public virtual async Task <bool> RequiresConsentAsync(ClaimsPrincipal subject, Client client, IEnumerable <string> scopes)
        {
            if (client == null)
            {
                throw new ArgumentNullException(nameof(client));
            }
            if (subject == null)
            {
                throw new ArgumentNullException(nameof(subject));
            }

            if (!client.RequireConsent)
            {
                return(false);
            }

            // TODO: validate that this is a correct statement
            if (!client.AllowRememberConsent)
            {
                return(true);
            }

            if (scopes == null || !scopes.Any())
            {
                return(false);
            }

            // we always require consent for offline access if
            // the client has not disabled RequireConsent
            if (scopes.Contains(Constants.StandardScopes.OfflineAccess))
            {
                return(true);
            }

            var consent = await _grants.GetUserConsentAsync(subject.GetSubjectId(), client.ClientId);

            if (consent != null && consent.Scopes != null)
            {
                var intersect = scopes.Intersect(consent.Scopes);
                return(!(scopes.Count() == intersect.Count()));
            }

            return(true);
        }