public async Task <ActionResult> Authorize([FromForm] PostAuthorizeRequest request, CancellationToken ct) { var client = await _ioAuthClientsService.GetByClientIdAsync(request.client_id, ct); if (!client.IsValid()) { return(BadRequest("Client not found")); } if (!client.IsMatchRedirectUri(request)) { return(BadRequest("Invalid redirect uri")); } if (!client.IsScopesInclude(request.scope)) { return(BadRequest("Invalid scopes")); } var response = await _oauthService.AuthorizeAsync( request.Country, request.Login, request.Password, request.response_type, request.redirect_uri, request.state, IpAddress, UserAgent, request.scope.ToScopeList(), client.Audience, ct); if (response.IsInvalidCredentials) { var newRequest = new GetAuthorizeRequest { client_id = request.client_id, response_type = request.response_type, scope = request.scope, state = request.state, redirect_uri = request.redirect_uri, IsInvalidCredentials = true }; return(RedirectToAction("Authorize", newRequest)); } return(Redirect(response.CallbackUri)); }