public AuthorizationResponse SVX_MakeAuthorizationResponse(AuthorizationRequest req, IdPAuthenticationEntry idpConc)
{
// In the real CodeEndpoint, we would request an
// IdPAuthenticationEntry for req.SVX_sender, but SVX doesn't know
// that, so we have to do a concrete check.
SVX.VProgram_API.Assert(req.SVX_sender == idpConc.channel);
// Copy/paste: [With this expression inlined below, BCT silently mistranslated the code.]
var theParams = new AuthorizationCodeParams
{
redirect_uri = req.redirect_uri,
userID = idpConc.userID
};
var authorizationCode = authorizationCodeGenerator.Generate(theParams, SVX_Principal);
return(new AuthorizationResponse
{
code = authorizationCode,
state = req.state
});
}
public virtual AccessTokenResponse SVX_MakeAccessTokenResponse(AccessTokenRequest req, AuthorizationCodeParams codeParamsHint)
{
// We should only get here with req.grant_type ==
// "authorization_code", so we don't have to worry about modeling
// what IdP does in any other case.
if (req.grant_type != "authorization_code")
{
return(SVX.VProgram_API.Nondet <AccessTokenResponse>());
}
authorizationCodeGenerator.Verify(codeParamsHint, req.code);
if (req.redirect_uri != codeParamsHint.redirect_uri)
{
throw new Exception("Authorization code RP mismatch");
}
var tokenParams = new AccessTokenParams
{
userID = codeParamsHint.userID
};
var token = accessTokenGenerator.Generate(tokenParams);
return(new AccessTokenResponse
{
access_token = token
});
}