public Task <RedirectResult> RequestBalances() { // generate CSRF token var csrfToken = Util.Nonce(); // generate a reference ID for the token var refId = Util.Nonce(); // generate Redirect Url var redirectUrl = string.Format("{0}://{1}/{2}", Request.Url.Scheme, Request.Url.Authority, "fetch-balances"); // set CSRF token in browser cookie Response.Cookies.Add(new HttpCookie("csrf_token") { Value = csrfToken }); return(GetPfmMember().FlatMap(mem => mem.GetFirstAlias() .FlatMap(alias => mem.StoreTokenRequest( // Create a token request to be stored TokenRequest.AccessTokenRequestBuilder(ResourceType.Accounts, ResourceType.Balances) .SetToMemberId(mem.MemberId()) .SetToAlias(alias) .SetRefId(refId) .SetRedirectUrl(redirectUrl) .SetCsrfToken(csrfToken) .Build())) // generate the Token request URL to redirect to .FlatMap(requestId => tokenClient.GenerateTokenRequestUrl(requestId)) .Map(url => { // send a 302 redirect Response.StatusCode = 302; return new RedirectResult(url); }))); }