public async Task<ActionResult> Authorize()
{
string authState = Request.Params["state"];
string expectedState = (string)Session["auth_state"];
Session.Remove("auth_state");
// Make sure that the state passed by the caller matches what we expect
if (!authState.Equals(expectedState))
{
TempData["error_message"] = "The auth state did not match the expected value. Please try again.";
return RedirectToAction("Error");
}
string authCode = Request.Params["code"];
string idToken = Request.Params["id_token"];
// Make sure we got back an auth code and ID token
if (string.IsNullOrEmpty(authCode) || string.IsNullOrEmpty(idToken))
{
string error = Request.Params["error"];
string error_description = Request.Params["error_description"];
if (string.IsNullOrEmpty(error) && string.IsNullOrEmpty(error_description))
{
TempData["error_message"] = "Missing authorization code and/or ID token from redirect.";
}
else
{
TempData["error_message"] = string.Format("Error: {0} - {1}", error, error_description);
}
return RedirectToAction("Error");
}
// Check the nonce in the ID token against what we expect
string nonce = (string)Session["auth_nonce"];
Session.Remove("auth_nonce");
if (!OpenIdToken.ValidateOpenIdToken(idToken, nonce))
{
TempData["error_message"] = "Invalid ID token.";
return RedirectToAction("Error");
}
OpenIdToken userId = OpenIdToken.ParseOpenIdToken(idToken);
OAuthHelper oauthHelper = new OAuthHelper(authority, appId, appSecret);
string redirectUri = Url.Action("Authorize", "Home", null, Request.Url.Scheme);
try
{
TokenRequestSuccessResponse response = await oauthHelper.GetTokensFromAuthority("authorization_code", authCode, redirectUri, userId.oid);
Session["user_name"] = GetEmailFromIdToken(response.id_token);
Session["user_id"] = userId.oid;
}
catch (Exception ex)
{
TempData["error_message"] = ex.Message;
return RedirectToAction("Error");
}
return Redirect("/");
}
