public Task <AuthorizationGrant> ExchangeAuthorizationCodeAsync(OpenIdConnectMessage message) { var code = _dataFormat.Unprotect(message.Code); if (code == null) { return(Task.FromResult(AuthorizationGrant.Invalid(_errorProvider.InvalidAuthorizationCode()))); } var userId = code.UserId; var clientId = code.ClientId; var scopes = code.Scopes; var resource = code.Resource; var nonce = code.Nonce; var tokenTypes = code.GrantedTokens; var grantedScopes = scopes.SelectMany(s => s.Split(new[] { ' ' }, StringSplitOptions.RemoveEmptyEntries)) .Select(s => ApplicationScope.CanonicalScopes.TryGetValue(s, out var canonicalScope) ? canonicalScope : new ApplicationScope(resource, s)) .ToList(); return(Task.FromResult(AuthorizationGrant.Valid(userId, clientId, tokenTypes, grantedScopes, code))); }