public IActionResult ConfirmAppIdentity([FromBody] ChallengeRequest data, [FromRoute] Guid appId) { var userName = User?.Identity?.Name; if (userName == null || !_challengeRepository.IsPassed(userName, appId, data)) { return(NotFound()); // endpoint will be masked, so Unauthorized() is an additional info we don't want to share } return(Ok(new ChallengeResponse { AppAuth = _apps.GenerateAndRememberAppKey(userName) })); }