private async Task <TokenRequestValidationResult> ValidateCustomGrantRequestAsync(NameValueCollection parameters) { _logger.LogVerbose("Start validation of custom grant token request"); ///////////////////////////////////////////// // check if client is authorized for custom grant type ///////////////////////////////////////////// if (_validatedRequest.Client.Flow != Flows.Custom) { LogError("Client not registered for custom grant type"); return(Invalid(OidcConstants.TokenErrors.UnsupportedGrantType)); } ///////////////////////////////////////////// // check if client is allowed grant type ///////////////////////////////////////////// if (_validatedRequest.Client.AllowAccessToAllCustomGrantTypes == false) { if (!_validatedRequest.Client.AllowedCustomGrantTypes.Contains(_validatedRequest.GrantType)) { LogError("Client does not have the custom grant type in the allowed list, therefore requested grant is not allowed."); return(Invalid(OidcConstants.TokenErrors.UnsupportedGrantType)); } } ///////////////////////////////////////////// // check if a validator is registered for the grant type ///////////////////////////////////////////// if (!_customGrantValidator.GetAvailableGrantTypes().Contains(_validatedRequest.GrantType, StringComparer.Ordinal)) { LogError("No validator is registered for the grant type."); return(Invalid(OidcConstants.TokenErrors.UnsupportedGrantType)); } ///////////////////////////////////////////// // check if client is allowed to request scopes ///////////////////////////////////////////// if (!(await ValidateRequestedScopesAsync(parameters))) { LogError("Invalid scopes."); return(Invalid(OidcConstants.TokenErrors.InvalidScope)); } ///////////////////////////////////////////// // validate custom grant type ///////////////////////////////////////////// var result = await _customGrantValidator.ValidateAsync(_validatedRequest); if (result == null) { LogError("Invalid custom grant."); return(Invalid(OidcConstants.TokenErrors.InvalidGrant)); } if (result.IsError) { if (result.Error.IsPresent()) { LogError("Invalid custom grant: " + result.Error); return(Invalid(result.Error)); } else { LogError("Invalid custom grant."); return(Invalid(OidcConstants.TokenErrors.InvalidGrant)); } } if (result.Principal != null) { _validatedRequest.Subject = result.Principal; } _logger.LogInformation("Validation of custom grant token request success"); return(Valid()); }