public IActionResult ConfirmAppIdentity([FromBody] ChallengeRequest data, [FromRoute] Guid appId)
{
var userName = User?.Identity?.Name;
if (userName == null || !_challengeRepository.IsPassed(userName, appId, data))
{
return(NotFound()); // endpoint will be masked, so Unauthorized() is an additional info we don't want to share
}
return(Ok(new ChallengeResponse {
AppAuth = _apps.GenerateAndRememberAppKey(userName)
}));
}
