public async Task <ScopeResolutionResult> ResolveScopesAsync(string clientId, IEnumerable <string> scopes) { var authorizedParty = await _applicationManager.FindByClientIdAsync(clientId); var authorizedPartyScopes = await _applicationManager.FindScopesAsync(authorizedParty); var result = new List <ApplicationScope>(); string resourceName = null; TApplication resourceApplication = null; IEnumerable <string> resourceApplicationScopes = null; foreach (var scope in scopes) { var(wellFormed, canonical, name, scopeValue) = ParseScope(scope); if (!wellFormed) { return(ScopeResolutionResult.Invalid(_errorProvider.InvalidScope(scope))); } if (canonical && authorizedPartyScopes.Any(s => s.Equals(scope, StringComparison.Ordinal))) { result.Add(ApplicationScope.CanonicalScopes[scope]); } if (canonical) { // We purposely ignore canonical scopes not allowed by the client application. continue; } resourceName = resourceName ?? name; if (resourceName != null && !resourceName.Equals(name, StringComparison.Ordinal)) { return(ScopeResolutionResult.Invalid(_errorProvider.MultipleResourcesNotSupported(resourceName, name))); } if (resourceApplicationScopes == null) { resourceApplication = await _applicationManager.FindByNameAsync(resourceName); if (resourceApplication == null) { return(ScopeResolutionResult.Invalid(_errorProvider.InvalidScope(scope))); } resourceApplicationScopes = await _applicationManager.FindScopesAsync(resourceApplication); } if (!resourceApplicationScopes.Contains(scopeValue, StringComparer.Ordinal)) { return(ScopeResolutionResult.Invalid(_errorProvider.InvalidScope(scope))); } else { var resourceClientId = await _applicationManager.GetApplicationClientIdAsync(resourceApplication); result.Add(new ApplicationScope(resourceClientId, scopeValue)); } } return(ScopeResolutionResult.Valid(result)); }