public override async Task <object> AuthenticateAsync(IServiceBase authService, IAuthSession session, Authenticate request, CancellationToken token = default)
        {
            var tokens = this.Init(authService, ref session, request);
            var ctx    = CreateAuthContext(authService, session, tokens);

            //Transferring AccessToken/Secret from Mobile/Desktop App to Server
            if (request?.AccessToken != null)
            {
                if (VerifyAccessToken == null)
                {
                    throw new NotImplementedException($"VerifyAccessToken is not implemented by {Provider}");
                }

                if (!VerifyAccessToken(request.AccessToken))
                {
                    return(HttpError.Unauthorized($"AccessToken is not for the configured {Provider} App"));
                }

                var failedResult = await AuthenticateWithAccessTokenAsync(authService, session, tokens, request.AccessToken, token).ConfigAwait();

                var isHtml = authService.Request.IsHtml();
                if (failedResult != null)
                {
                    return(ConvertToClientError(failedResult, isHtml));
                }

                return(isHtml
                    ? authService.Redirect(SuccessRedirectUrlFilter(ctx, session.ReferrerUrl.SetParam("s", "1")))
                    : null); //return default AuthenticateResponse
            }

            var authServer = new AuthorizationServerDescription {
                AuthorizationEndpoint = new Uri(this.AuthorizeUrl), TokenEndpoint = new Uri(this.AccessTokenUrl)
            };

            AuthServerFilter?.Invoke(authServer);

            var authClient = new WebServerClient(authServer, this.ConsumerKey)
            {
                ClientCredentialApplicator = ClientCredentialApplicator.PostParameter(this.ConsumerSecret),
            };

            AuthClientFilter?.Invoke(authClient);

            var authState = ProcessUserAuthorization(authClient, authServer, authService);

            if (authState == null)
            {
                try
                {
                    var authReq         = authClient.PrepareRequestUserAuthorization(this.Scopes, new Uri(this.CallbackUrl));
                    var authContentType = authReq.Headers[HttpHeaders.ContentType];
                    var httpResult      = new HttpResult(authReq.ResponseStream, authContentType)
                    {
                        StatusCode = authReq.Status, StatusDescription = "Moved Temporarily"
                    };
                    foreach (string header in authReq.Headers)
                    {
                        httpResult.Headers[header] = authReq.Headers[header];
                    }

                    foreach (string name in authReq.Cookies)
                    {
                        var cookie = authReq.Cookies[name];
                        if (cookie != null)
                        {
                            httpResult.AddCookie(authService.Request, cookie.ToCookie());
                        }
                    }

                    await this.SaveSessionAsync(authService, session, SessionExpiry, token).ConfigAwait();

                    return(httpResult);
                }
                catch (ProtocolException ex)
                {
                    Log.Error("Failed to login to {0}".Fmt(this.Provider), ex);
                    return(authService.Redirect(FailedRedirectUrlFilter(ctx, session.ReferrerUrl.SetParam("f", "Unknown"))));
                }
            }

            var accessToken = authState.AccessToken;

            if (accessToken != null)
            {
                tokens.RefreshToken       = authState.RefreshToken;
                tokens.RefreshTokenExpiry = authState.AccessTokenExpirationUtc;
            }

            if (accessToken != null)
            {
                try
                {
                    return(await AuthenticateWithAccessTokenAsync(authService, session, tokens, accessToken, token).ConfigAwait()
                           ?? authService.Redirect(SuccessRedirectUrlFilter(ctx, session.ReferrerUrl.SetParam("s", "1"))));
                }
                catch (WebException we)
                {
                    var statusCode = ((HttpWebResponse)we.Response).StatusCode;
                    if (statusCode == HttpStatusCode.BadRequest)
                    {
                        return(authService.Redirect(FailedRedirectUrlFilter(ctx, session.ReferrerUrl.SetParam("f", "AccessTokenFailed"))));
                    }
                }
            }

            return(authService.Redirect(FailedRedirectUrlFilter(ctx, session.ReferrerUrl.SetParam("f", "RequestTokenFailed"))));
        }