public async Task <IActionResult> Authorize(OpenIddictRequest openIdConnectRequest)
{
// Retrieve the application details from the database.
var application = await _applicationManager.FindByClientIdAsync(openIdConnectRequest.ClientId);
if (application == null)
{
return(View("Error",
new ErrorViewModel
{
Error = OpenIddictConstants.Errors.InvalidClient,
ErrorDescription =
"Details concerning the calling client application cannot be found in the database"
}));
}
var userId = _userManager.GetUserId(User);
if (!string.IsNullOrEmpty(
await OpenIdExtensions.IsUserAuthorized(_authorizationManager, openIdConnectRequest, userId, application.Id)))
{
return(await Authorize(openIdConnectRequest, "YES", false));
}
// Flow the request_id to allow OpenIddict to restore
// the original authorization request from the cache.
return(View(new AuthorizeViewModel
{
ApplicationName = await _applicationManager.GetDisplayNameAsync(application),
RequestId = openIdConnectRequest.RequestId,
Scope = openIdConnectRequest.GetScopes()
}));
}
public async Task <IActionResult> Authorize(OpenIddictRequest openIdConnectRequest,
string consent, bool createAuthorization = true)
{
var user = await _userManager.GetUserAsync(User);
if (user == null)
{
return(View("Error",
new ErrorViewModel
{
Error = OpenIddictConstants.Errors.ServerError,
ErrorDescription = "The specified user could not be found"
}));
}
string type = null;
switch (consent.ToUpperInvariant())
{
case "YESTEMPORARY":
type = OpenIddictConstants.AuthorizationTypes.AdHoc;
break;
case "YES":
type = OpenIddictConstants.AuthorizationTypes.Permanent;
break;
case "NO":
default:
// Notify OpenIddict that the authorization grant has been denied by the resource owner
// to redirect the user agent to the client application using the appropriate response_mode.
return(Forbid(OpenIdConnectDefaults.AuthenticationScheme));
}
// Create a new authentication ticket.
var ticket =
await OpenIdExtensions.CreateAuthenticationTicket(_applicationManager, _authorizationManager,
_IdentityOptions.Value, _signInManager,
openIdConnectRequest, user);
if (createAuthorization)
{
var application = await _applicationManager.FindByClientIdAsync(openIdConnectRequest.ClientId);
var authorization = await _authorizationManager.CreateAsync(User, user.Id, application.Id,
type, ticket.GetScopes().ToImmutableArray(),
ticket.Properties.Items.ToImmutableDictionary());
ticket.SetInternalAuthorizationId(authorization.Id);
}
// Returning a SignInResult will ask OpenIddict to issue the appropriate access/identity tokens.
return(SignIn(ticket.Principal, ticket.Properties, ticket.AuthenticationScheme));
}
