public static TokenHandleResult HandleIdpIdToken(Session session, idP idP, JWT JWT) { SqlCommand cmd = session.db.NewConnection.CreateCommand(); try { cmd.Parameters.AddWithValue("@IDPID@", idP.IdpID); cmd.Parameters.AddWithValue("@SUBJECT@", JWT.Payload["sub"].ToString()); cmd.CommandText = "SELECT UserID FROM [Security.Users] WHERE [OpenID.IdpID] = @IDPID@ AND [OpenID.Subject] = @SUBJECT@"; SqlDataReader rdr = cmd.ExecuteReader(); try { if (rdr.HasRows) { if (session.UserID == Guid.Empty) { rdr.Read(); Guid UserID = rdr.GetGuid(0); rdr.Close(); UserTools.Logon(session, UserID); HandleJwtClaims(session, idP, JWT); return(TokenHandleResult.Success); } else { return(TokenHandleResult.SubjectAlreadyBoundToAnotherAccount); } } } finally { rdr.Close(); } if (session.UserID == Guid.Empty) { Guid newUserID = UserTools.CreateUser(session.db); UserTools.Logon(session, newUserID); } cmd.Parameters.AddWithValue("@USERID@", session.UserID); cmd.CommandText = "UPDATE [Security.Users] SET [OpenID.IdpID] = @IDPID@, [OpenID.Subject] = @SUBJECT@ WHERE UserID = @USERID@"; int affected = cmd.ExecuteNonQuery(); if (affected != 1) { return(TokenHandleResult.FailedToBindToCurrentUserAccount); } HandleJwtClaims(session, idP, JWT); return(TokenHandleResult.Success); } finally { cmd.Connection.Close(); } }