public static TokenHandleResult HandleIdpIdToken(Session session, idP idP, JWT JWT)
{
SqlCommand cmd = session.db.NewConnection.CreateCommand();
try
{
cmd.Parameters.AddWithValue("@IDPID@", idP.IdpID);
cmd.Parameters.AddWithValue("@SUBJECT@", JWT.Payload["sub"].ToString());
cmd.CommandText = "SELECT UserID FROM [Security.Users] WHERE [OpenID.IdpID] = @IDPID@ AND [OpenID.Subject] = @SUBJECT@";
SqlDataReader rdr = cmd.ExecuteReader();
try
{
if (rdr.HasRows)
{
if (session.UserID == Guid.Empty)
{
rdr.Read();
Guid UserID = rdr.GetGuid(0);
rdr.Close();
UserTools.Logon(session, UserID);
HandleJwtClaims(session, idP, JWT);
return(TokenHandleResult.Success);
}
else
{
return(TokenHandleResult.SubjectAlreadyBoundToAnotherAccount);
}
}
}
finally
{
rdr.Close();
}
if (session.UserID == Guid.Empty)
{
Guid newUserID = UserTools.CreateUser(session.db);
UserTools.Logon(session, newUserID);
}
cmd.Parameters.AddWithValue("@USERID@", session.UserID);
cmd.CommandText = "UPDATE [Security.Users] SET [OpenID.IdpID] = @IDPID@, [OpenID.Subject] = @SUBJECT@ WHERE UserID = @USERID@";
int affected = cmd.ExecuteNonQuery();
if (affected != 1)
{
return(TokenHandleResult.FailedToBindToCurrentUserAccount);
}
HandleJwtClaims(session, idP, JWT);
return(TokenHandleResult.Success);
}
finally
{
cmd.Connection.Close();
}
}
