private async Task <IEndpointResult> ProcessIntrospectionRequestAsync(HttpContext context)
{
_logger.LogDebug("Starting introspection request.");
// caller validation
var apiResult = await _apiSecretValidator.ValidateAsync(context);
if (apiResult.Resource == null)
{
_logger.LogError("API unauthorized to call introspection endpoint. aborting.");
return(new StatusCodeResult(HttpStatusCode.Unauthorized));
}
var body = await context.Request.ReadFormAsync();
if (body == null)
{
_logger.LogError("Malformed request body. aborting.");
await _events.RaiseAsync(new TokenIntrospectionFailureEvent(apiResult.Resource.Name, "Malformed request body"));
return(new StatusCodeResult(HttpStatusCode.BadRequest));
}
// request validation
_logger.LogTrace("Calling into introspection request validator: {type}", _requestValidator.GetType().FullName);
var validationResult = await _requestValidator.ValidateAsync(body.AsNameValueCollection(), apiResult.Resource);
if (validationResult.IsError)
{
LogFailure(validationResult.Error, apiResult.Resource.Name);
await _events.RaiseAsync(new TokenIntrospectionFailureEvent(apiResult.Resource.Name, validationResult.Error));
return(new BadRequestResult(validationResult.Error));
}
// response generation
_logger.LogTrace("Calling into introspection response generator: {type}", _responseGenerator.GetType().FullName);
var response = await _responseGenerator.ProcessAsync(validationResult);
// render result
LogSuccess(validationResult.IsActive, validationResult.Api.Name);
return(new IntrospectionResult(response));
}
