public async Task <string> CreateCodeAndStoreCodeGrant(Client client, ClaimsPrincipal user, AuthorizeModel model) { if (!AbnfValidationHelper.IsValid(model.CodeChallenge, 43, 128)) { // Code verifier is not valid throw new SecurityException("Code challange is not valid"); } var grant = new CodeGrant { ClientId = client.ClientId, Code = _randomStringGenerator.GetRandomString(15), CodeChallange = model.CodeChallenge, CodeChallangeMethod = model.CodeChallengeMethod, Nonce = model.Nonce, RedirectUri = model.RedirectUri, Scope = model.Scope, State = model.State, Expires = DateTime.UtcNow.AddSeconds(client.AuthorityCodeLifetime), Created = DateTime.UtcNow, Resolved = null, }; SetSubjectId(user, grant); await _grantAccessor.SaveCodeGrant(grant); return(grant.Code); }
private static void SetSubjectId(ClaimsPrincipal user, CodeGrant grant) { if (!user.Claims.Any(m => m.Type == "sub")) { throw new SecurityException("sub claim not found"); } var subjectId = user.FindFirstValue("sub"); if (string.IsNullOrEmpty(subjectId)) { throw new SecurityException("sub claim empty is not supported"); } grant.SubjectId = subjectId; }