public async Task <ActionResult> Authorize(string code, string state) { if (string.IsNullOrEmpty(code)) { return(RedirectToAction("Index", "Home")); } var expectedState = HttpContext.Session.GetString("CSRF:State"); if (state != expectedState) { throw new InvalidOperationException(); } HttpContext.Session.Remove("CSRF:State"); var token = await _githubService.GetOauthAccessToken(_configuration["AppSettings:GithubClientId"], _configuration["AppSettings:GithubClientSecret"], code); HttpContext.Session.SetString("OAuthToken", token.AccessToken); await _userManager.AddClaimAsync(await _userManager.GetUserAsync(User), new Claim("GithubAccessToken", token.AccessToken)); return(RedirectToAction("Index", "Manage")); }