public async override Task Invoke(IOwinContext context)
{
string code = context.Request.Query["code"];
if (code != null)
{
//extract state
string state = HttpUtility.UrlDecode(context.Request.Query["state"]);
string session_state = context.Request.Query["session_state"];
string signedInUserID = context.Authentication.User.FindFirst(System.IdentityModel.Claims.ClaimTypes.NameIdentifier).Value;
HttpContextBase hcb = context.Environment["System.Web.HttpContextBase"] as HttpContextBase;
TokenCache userTokenCache = new SessionTokenCache(signedInUserID, hcb).GetMsalCacheInstance();
ConfidentialClientApplication cca = new ConfidentialClientApplication(options.ClientId, options.RedirectUri, new ClientCredential(options.ClientSecret), userTokenCache, null);
//validate state
CodeRedemptionData crd = OAuth2RequestManager.ValidateState(state, hcb);
if (crd != null)
{//if valid
//redeem code
try
{
AuthenticationResult result = await cca.AcquireTokenByAuthorizationCodeAsync(code, crd.Scopes);
}
catch (Exception ee)
{
context.Response.Write(ee.Message);
}
//redirect to original requestor
context.Response.StatusCode = 302;
context.Response.Headers.Set("Location", crd.RequestOriginatorUrl);
}
else
{
context.Response.StatusCode = 302;
context.Response.Headers.Set("Location", "/Error?message=" + "code_redeem_failed");
}
}
else
{
await this.Next.Invoke(context);
}
}
public async override Task Invoke(IOwinContext context)
{
string code = context.Request.Query["code"];
if (code != null)
{
//extract state
string state = HttpUtility.UrlDecode(context.Request.Query["state"]);
string signedInUserID = context.Authentication.User.FindFirst(System.IdentityModel.Claims.ClaimTypes.NameIdentifier).Value;
HttpContextBase hcb = context.Environment["System.Web.HttpContextBase"] as HttpContextBase;
//validate state
CodeRedemptionData crd = OAuth2RequestManager.ValidateState(state, hcb);
if (crd != null)
{
//if valid, redeem code
IConfidentialClientApplication cc = await MsalAppBuilder.BuildConfidentialClientApplication();
AuthenticationResult result = await cc.AcquireTokenByAuthorizationCode(crd.Scopes, code).ExecuteAsync().ConfigureAwait(false);
//redirect to original requestor
context.Response.StatusCode = 302;
context.Response.Headers.Set("Location", crd.RequestOriginatorUrl);
}
else
{
context.Response.StatusCode = 302;
context.Response.Headers.Set("Location", "/Error?message=" + "code_redeem_failed");
}
}
else
{
await Next.Invoke(context);
}
}