public async Task <ActionResult> AuthorizeClient(OAuthAuthorizeViewModel model)
{
if (!this.ModelState.IsValid)
{
return(await Task.FromResult(this.View("Authorize", model)));
}
// Redirect user back to application with an error message if it rejects
if (!model.Grant)
{
return(await Task.FromResult(this.Redirect($"{model.RedirectUri}?error=access_denied&error_description=User does not grant access&state={model.State}")));
}
// Redirect user if it is no longer authenticated
if (!this.Authentication.User.Identity.IsAuthenticated)
{
this.Authentication.Challenge(DefaultAuthenticationTypes.ApplicationCookie);
return(await Task.FromResult(new HttpUnauthorizedResult()));
}
// Log in user with new authentication type
var identity = new SentinelIdentity(OAuthDefaults.AuthenticationType, this.Authentication.User.Identity);
this.Authentication.SignOut(OAuthDefaults.AuthenticationType);
this.Authentication.SignIn(identity.ToClaimsIdentity());
return(await Task.FromResult(new EmptyResult()));
}
public async Task <ActionResult> Authorize(OAuthAuthorizeViewModel model)
{
if (model == null)
{
throw new ArgumentNullException(nameof(model), "The request is invalid");
}
// Redirect to login page if user is not already logged in
if (!this.Authentication.User.Identity.IsAuthenticated)
{
this.Authentication.Challenge(DefaultAuthenticationTypes.ApplicationCookie);
return(new HttpUnauthorizedResult());
}
// Remove trailing slash if present
if (this.Request.Url != null && this.Request.Url.AbsolutePath.EndsWith("/"))
{
return
(this.Redirect(
$"{this.Request.Url.Scheme}://{this.Request.Url.Authority}{this.Request.Url.AbsolutePath.TrimEnd('/')}{this.Request.Url.Query}"));
}
var client = await this.clientManager.AuthenticateClientAsync(model.ClientId, model.RedirectUri);
if (client.Identity.IsAuthenticated)
{
return(this.View(model));
}
return(await Task.FromResult(this.Redirect($"{model.RedirectUri}?error=unauthorized_client&error_description=The client is invalid&state={model.State}")));
}
