public async Task<IActionResult> Index(ConsentInputModel model)
{
// parse the return URL back to an AuthorizeRequest object
var returnUrl = identityServerIntegration.EnsureFolderSegmentIfNeeded(_site, model.ReturnUrl);
var request = await _interaction.GetAuthorizationContextAsync(returnUrl);
ConsentResponse response = null;
// user clicked 'no' - send back the standard 'access_denied' response
if (model.Button == "no")
{
response = ConsentResponse.Denied;
}
// user clicked 'yes' - validate the data
else if (model.Button == "yes" && model != null)
{
// if the user consented to some scope, build the response model
if (model.ScopesConsented != null && model.ScopesConsented.Any())
{
response = new ConsentResponse
{
RememberConsent = model.RememberConsent,
ScopesConsented = model.ScopesConsented
};
}
else
{
ModelState.AddModelError("", "You must pick at least one permission.");
}
}
else
{
ModelState.AddModelError("", "Invalid Selection");
}
if (response != null)
{
// communicate outcome of consent back to identityserver
await _interaction.GrantConsentAsync(request, response);
// redirect back to authorization endpoint
return Redirect(returnUrl);
}
var vm = await BuildViewModelAsync(returnUrl, model);
if (vm != null)
{
return View("Index", vm);
}
return View("Error");
}
public ConsentViewModel(ConsentInputModel model, string returnUrl, AuthorizationRequest request, Client client, IEnumerable<Scope> scopes)
{
RememberConsent = model?.RememberConsent ?? true;
ScopesConsented = model?.ScopesConsented ?? Enumerable.Empty<string>();
ReturnUrl = returnUrl;
ClientName = client.ClientName;
ClientUrl = client.ClientUri;
ClientLogoUrl = client.LogoUri;
AllowRememberConsent = client.AllowRememberConsent;
IdentityScopes = scopes.Where(x => x.Type == ScopeType.Identity).Select(x => new ScopeViewModel(x, ScopesConsented.Contains(x.Name) || model == null)).ToArray();
ResourceScopes = scopes.Where(x => x.Type == ScopeType.Resource).Select(x => new ScopeViewModel(x, ScopesConsented.Contains(x.Name) || model == null)).ToArray();
}
async Task<ConsentViewModel> BuildViewModelAsync(string returnUrl, ConsentInputModel model = null)
{
var request = await _interaction.GetAuthorizationContextAsync(returnUrl);
if (request != null)
{
var client = await _clientStore.FindClientByIdAsync(request.ClientId);
if (client != null)
{
var scopes = await _scopeStore.FindScopesAsync(request.ScopesRequested);
if (scopes != null && scopes.Any())
{
return new ConsentViewModel(model, returnUrl, request, client, scopes);
}
else
{
_logger.LogError("No scopes matching: {0}", request.ScopesRequested.Aggregate((x, y) => x + ", " + y));
}
}
else
{
_logger.LogError("Invalid client id: {0}", request.ClientId);
}
}
else
{
_logger.LogError("No consent request matching request: {0}", returnUrl);
}
return null;
}