private async Task <IEndpointResult> ProcessIntrospectionRequestAsync(HttpContext context) { _logger.LogDebug("Starting introspection request."); // caller validation var apiResult = await _apiSecretValidator.ValidateAsync(context); if (apiResult.Resource == null) { _logger.LogError("API unauthorized to call introspection endpoint. aborting."); return(new StatusCodeResult(HttpStatusCode.Unauthorized)); } var body = await context.Request.ReadFormAsync(); if (body == null) { _logger.LogError("Malformed request body. aborting."); await _events.RaiseAsync(new TokenIntrospectionFailureEvent(apiResult.Resource.Name, "Malformed request body")); return(new StatusCodeResult(HttpStatusCode.BadRequest)); } // request validation _logger.LogTrace("Calling into introspection request validator: {type}", _requestValidator.GetType().FullName); var validationResult = await _requestValidator.ValidateAsync(body.AsNameValueCollection(), apiResult.Resource); if (validationResult.IsError) { LogFailure(validationResult.Error, apiResult.Resource.Name); await _events.RaiseAsync(new TokenIntrospectionFailureEvent(apiResult.Resource.Name, validationResult.Error)); return(new BadRequestResult(validationResult.Error)); } // response generation _logger.LogTrace("Calling into introspection response generator: {type}", _responseGenerator.GetType().FullName); var response = await _responseGenerator.ProcessAsync(validationResult); // render result LogSuccess(validationResult.IsActive, validationResult.Api.Name); return(new IntrospectionResult(response)); }