public async Task <IActionResult> Authorize(OpenIddictRequest openIdConnectRequest) { // Retrieve the application details from the database. var application = await _applicationManager.FindByClientIdAsync(openIdConnectRequest.ClientId); if (application == null) { return(View("Error", new ErrorViewModel { Error = OpenIddictConstants.Errors.InvalidClient, ErrorDescription = "Details concerning the calling client application cannot be found in the database" })); } var userId = _userManager.GetUserId(User); if (!string.IsNullOrEmpty( await OpenIdExtensions.IsUserAuthorized(_authorizationManager, openIdConnectRequest, userId, application.Id))) { return(await Authorize(openIdConnectRequest, "YES", false)); } // Flow the request_id to allow OpenIddict to restore // the original authorization request from the cache. return(View(new AuthorizeViewModel { ApplicationName = await _applicationManager.GetDisplayNameAsync(application), RequestId = openIdConnectRequest.RequestId, Scope = openIdConnectRequest.GetScopes() })); }
public async Task <IActionResult> Authorize(OpenIddictRequest openIdConnectRequest, string consent, bool createAuthorization = true) { var user = await _userManager.GetUserAsync(User); if (user == null) { return(View("Error", new ErrorViewModel { Error = OpenIddictConstants.Errors.ServerError, ErrorDescription = "The specified user could not be found" })); } string type = null; switch (consent.ToUpperInvariant()) { case "YESTEMPORARY": type = OpenIddictConstants.AuthorizationTypes.AdHoc; break; case "YES": type = OpenIddictConstants.AuthorizationTypes.Permanent; break; case "NO": default: // Notify OpenIddict that the authorization grant has been denied by the resource owner // to redirect the user agent to the client application using the appropriate response_mode. return(Forbid(OpenIdConnectDefaults.AuthenticationScheme)); } // Create a new authentication ticket. var ticket = await OpenIdExtensions.CreateAuthenticationTicket(_applicationManager, _authorizationManager, _IdentityOptions.Value, _signInManager, openIdConnectRequest, user); if (createAuthorization) { var application = await _applicationManager.FindByClientIdAsync(openIdConnectRequest.ClientId); var authorization = await _authorizationManager.CreateAsync(User, user.Id, application.Id, type, ticket.GetScopes().ToImmutableArray(), ticket.Properties.Items.ToImmutableDictionary()); ticket.SetInternalAuthorizationId(authorization.Id); } // Returning a SignInResult will ask OpenIddict to issue the appropriate access/identity tokens. return(SignIn(ticket.Principal, ticket.Properties, ticket.AuthenticationScheme)); }