public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { string clientId; using (var repository = new AuthRepository(Logger)) { AppUser user; var grantType = context.Parameters.Get("grant_type"); switch (grantType) { case "password": user = await repository.FindUser(context.Parameters.Get("UserName"), context.Parameters.Get("Password")); if (user == null) { context.SetError("invalid_grant", "The user name or password is incorrect."); return; } clientId = user.Id; if (user.IsGoogleAuthenticatorEnabled) { var totp = context.Parameters.Get("totp"); if (totp == null) { context.SetError("invalid_grant", "Set TOTP code"); return; } var validated = await repository.ValidateGoogleAuth(totp, user.Id); if (!validated) { context.SetError("invalid_grant", "TOTP code is incorrect"); return; } } if (Settings.Default.RequiredEmailConfirmation || !user.EmailConfirmed) { context.SetError("invalid_grant", "Email confirmation is required"); return; } break; case "esp": var espIdentifier = context.Parameters.Get("espid"); if (espIdentifier != null) { user = await repository.FindEsp(espIdentifier); if (user == null) { context.SetError("invalid_grant", "The esp identifier is incorrect."); return; } clientId = user.Id; } else { context.SetError("invalid_grant"); return; } break; default: context.SetError("Bad grant_type"); return; } } context.Validated(clientId); }