public ValidationRequest SVX_MakeValidationRequest(AuthorizationCodeResponse resp)
{
// May as well fail fast. It should also pass verification to do this in SVX_SignInRP.
// Pull new { ... } out to work around BCT mistranslation.
var stateParams = new StateParams {
client = resp.SVX_sender, idpPrincipal = googlePrincipal
};
stateGenerator.Verify(stateParams, resp.state);
return(new ValidationRequest
{
authorizationCode = resp.authorizationCode,
rpPrincipal = SVX_Principal // Like in the original authorization code request.
});
}
public RPAuthenticationConclusion SVX_SignInRP(IdTokenResponse resp)
{
// Comment out these 2 lines to see the verification fail.
if (resp.idToken.theParams.rpPrincipal != SVX_Principal)
{
throw new Exception("IdTokenResponse was not issued to this RP.");
}
// Pull new { ... } out to work around BCT mistranslation.
var stateParams = new StateParams {
client = resp.SVX_sender, idpPrincipal = googlePrincipal
};
stateGenerator.Verify(stateParams, resp.state);
return(new RPAuthenticationConclusion {
authenticatedClient = resp.SVX_sender,
googleUsername = resp.idToken.theParams.username
});
}