public virtual AccessTokenResponse SVX_MakeAccessTokenResponse(AccessTokenRequest req, AuthorizationCodeParams codeParamsHint)
        {
            // We should only get here with req.grant_type ==
            // "authorization_code", so we don't have to worry about modeling
            // what IdP does in any other case.
            if (req.grant_type != "authorization_code")
            {
                return(SVX.VProgram_API.Nondet <AccessTokenResponse>());
            }

            authorizationCodeGenerator.Verify(codeParamsHint, req.code);

            if (req.redirect_uri != codeParamsHint.redirect_uri)
            {
                throw new Exception("Authorization code RP mismatch");
            }

            var tokenParams = new AccessTokenParams
            {
                userID = codeParamsHint.userID
            };
            var token = accessTokenGenerator.Generate(tokenParams);

            return(new AccessTokenResponse
            {
                access_token = token
            });
        }
 public UserProfileResponse SVX_MakeUserProfileResponse(UserProfileRequest req, AccessTokenParams tokenParamsHint)
 {
     accessTokenGenerator.Verify(tokenParamsHint, req.access_token);
     return(CreateUserProfileResponse(tokenParamsHint.userID));
 }