/// <summary>
        /// Get inBloom token
        /// </summary>
        /// <param name="redirectUrl">url to redirect to after successful authentication</param>
        private ActionResult ProcessSecondPartOfOAuth(string redirectUrl)
        {
            // Now we have a code, we can run the second leg of OAuth process.
            string code = Request.QueryString["code"];

            // Set the authorization URL
            string sessionUrl = string.Format(INBLOOM_OAUTH_URL, INBLOOM_CLIENT_ID, INBLOOM_SHARED_SECRET, INBLOOM_REDIRECT_URL, code);

            var client = new HttpClient();
            var response = client.GetAsync(sessionUrl).Result;
            if (response.StatusCode == HttpStatusCode.OK)
            {
                string access_token = JObject.Parse(response.Content.ReadAsStringAsync().Result)["access_token"].ToString();
                // If we have a valid token, it'll be 38 chars long.  Let's add it to session if so.
                if (access_token.Length == 38)
                {
                    Session.Add("access_token", access_token);

                    //Get the current user session info
                    var ss = new SessionService(access_token);
                    var userSession = ss.Get().Result;
                    var staffId = ss.GetCurrentUserId().Result;

                    //Get edOrg through staff service because inBloom user session service call always comes back with a null edOrg
                    var staffService = new StaffService(access_token);
                    var staffOrg = staffService.GetStaffEducationOrganizationAssociations(staffId).Result;
                    
                    if(staffOrg.FirstOrDefault() != null)
                        userSession.edOrgId = staffOrg.FirstOrDefault().educationOrganizationReference;

                    Session.Add(INBLOOM_USER_SESSION, userSession);
                    Session.Add(INBLOOM_USER_ID, staffId);

                    // Redirect to app main page.
                    return Redirect(redirectUrl);
                }
            }

            //error logging into inBloom                
            return RedirectToAction("LoginError", new { code = "" });
        }
        /// <summary>
        /// Log user out of the current session
        /// </summary>
        /// <returns></returns>
        public async Task<ActionResult> Logout()
        {
            var token = Session["access_token"];
            if (token != null)
            {
                try
                {
                    var ss = new SessionService(token.ToString());
                    var result = await ss.Logout();
                    Session.Clear();
                    return Json(result, JsonRequestBehavior.AllowGet);
                }
                catch (Exception e)
                {
                    //logout fail
                    Session.Clear();
                    return Json(new LogOutResult { logout = false, msg = e.Message }, JsonRequestBehavior.AllowGet);
                }

            }
            else
            {
                //user is already logged out
                return Json(new LogOutResult { logout = true, msg = "There was no access token" }, JsonRequestBehavior.AllowGet);
            }            
        }