public async Task <string> CreateCodeAndStoreCodeGrant(Client client, ClaimsPrincipal user, AuthorizeModel model)
{
if (!AbnfValidationHelper.IsValid(model.CodeChallenge, 43, 128))
{
// Code verifier is not valid
throw new SecurityException("Code challange is not valid");
}
var grant = new CodeGrant
{
ClientId = client.ClientId,
Code = _randomStringGenerator.GetRandomString(15),
CodeChallange = model.CodeChallenge,
CodeChallangeMethod = model.CodeChallengeMethod,
Nonce = model.Nonce,
RedirectUri = model.RedirectUri,
Scope = model.Scope,
State = model.State,
Expires = DateTime.UtcNow.AddSeconds(client.AuthorityCodeLifetime),
Created = DateTime.UtcNow,
Resolved = null,
};
SetSubjectId(user, grant);
await _grantAccessor.SaveCodeGrant(grant);
return(grant.Code);
}
private static void SetSubjectId(ClaimsPrincipal user, CodeGrant grant)
{
if (!user.Claims.Any(m => m.Type == "sub"))
{
throw new SecurityException("sub claim not found");
}
var subjectId = user.FindFirstValue("sub");
if (string.IsNullOrEmpty(subjectId))
{
throw new SecurityException("sub claim empty is not supported");
}
grant.SubjectId = subjectId;
}
