public override async Task <IActionResult> Handle(HandlerContext context, CancellationToken cancellationToken)
{
try
{
_passwordGrantTypeValidator.Validate(context);
var oauthClient = await AuthenticateClient(context, cancellationToken);
context.SetClient(oauthClient);
var scopes = ScopeHelper.Validate(context.Request.RequestData.GetStr(TokenRequestParameters.Scope), oauthClient.AllowedScopes.Select(s => s.Name));
var userName = context.Request.RequestData.GetStr(TokenRequestParameters.Username);
var password = context.Request.RequestData.GetStr(TokenRequestParameters.Password);
var user = await _oauthUserRepository.FindOAuthUserByLoginAndCredential(userName, "pwd", PasswordHelper.ComputeHash(password), cancellationToken);
if (user == null)
{
return(BuildError(HttpStatusCode.BadRequest, ErrorCodes.INVALID_GRANT, ErrorMessages.BAD_USER_CREDENTIAL));
}
context.SetUser(user);
var result = BuildResult(context, scopes);
foreach (var tokenBuilder in _tokenBuilders)
{
await tokenBuilder.Build(scopes, context, cancellationToken);
}
_tokenProfiles.First(t => t.Profile == context.Client.PreferredTokenProfile).Enrich(context);
foreach (var kvp in context.Response.Parameters)
{
result.Add(kvp.Key, kvp.Value);
}
return(new OkObjectResult(result));
}
catch (OAuthUnauthorizedException ex)
{
return(BuildError(HttpStatusCode.Unauthorized, ex.Code, ex.Message));
}
catch (OAuthException ex)
{
return(BuildError(HttpStatusCode.BadRequest, ex.Code, ex.Message));
}
}