public async Task <ActionResult <TokenResponse> > ClaimAuthCode(AuthCodeClaimDTO authCodeClaimDTO) { authCodeClaimDTO.SecurityKey = CryptographyUtils.Base64Decode(authCodeClaimDTO.SecurityKey); var dbAuthCode = await applicationDbContext.UserAuthenticationCodes.FirstOrDefaultAsync(code => code.Token == authCodeClaimDTO.Token); if (dbAuthCode == null) { return(BadRequest()); } string md5Key = CryptographyUtils.ComputeSHA256Hash(authCodeClaimDTO.SecurityKey); if (dbAuthCode.SecurityKey.ToLower() != md5Key.ToLower()) { return(BadRequest()); } var user = await applicationDbContext.Users.Where(x => x.Id == dbAuthCode.UserId).FirstOrDefaultAsync(); string purpose = authCodeClaimDTO.Purpose == ApplicationConstants.ExternalLoginTokenPurposeName ? ApplicationConstants.ExternalLoginTokenPurposeName : authCodeClaimDTO.Purpose == ApplicationConstants.PersistentLoginTokenPurposeName ? ApplicationConstants.PersistentLoginTokenPurposeName : string.Empty; if (string.IsNullOrEmpty(purpose)) { return(BadRequest("Proposito incorrecto")); } bool result = await userManager.VerifyUserTokenAsync(user, ApplicationConstants.AuthCodeTokenProviderName, purpose, authCodeClaimDTO.Token); if (!result) { return(BadRequest()); } return(await BuildLoginToken(user.Email, authCodeClaimDTO.Purpose == ApplicationConstants.PersistentLoginTokenPurposeName)); }