public async Task <IActionResult> Add([FromBody] JObject jObj, CancellationToken cancellationToken)
        {
            if (!await IsPATAuthorized(cancellationToken))
            {
                return(new UnauthorizedResult());
            }

            try
            {
                var umaResource = BuildUMAResource(jObj, true);
                await _umaResourceRepository.Add(umaResource, cancellationToken);

                await _umaResourceRepository.SaveChanges(cancellationToken);

                var result = new JObject
                {
                    { UMAResourceNames.Id, umaResource.Id },
                    { UserAccessPolicyUri, Url.Action("Edit", "Resources", new { id = umaResource.Id }) }
                };
                return(new ContentResult
                {
                    ContentType = "application/json",
                    Content = result.ToString(),
                    StatusCode = (int)HttpStatusCode.Created
                });
            }
            catch (UMAInvalidRequestException ex)
            {
                return(this.BuildError(HttpStatusCode.BadRequest, ErrorCodes.INVALID_REQUEST, ex.Message));
            }
        }
        public Task <IActionResult> Confirm(string id, CancellationToken cancellationToken)
        {
            return(CallOperationWithAuthenticatedUser(async(sub, payload) =>
            {
                var pendingRequest = await _umaPendingRequestRepository.FindByTicketIdentifierAndOwner(id, sub, cancellationToken);
                if (pendingRequest == null)
                {
                    return this.BuildError(HttpStatusCode.Unauthorized, UMAErrorCodes.REQUEST_DENIED);
                }

                if (pendingRequest.Status != UMAPendingRequestStatus.TOBECONFIRMED)
                {
                    return this.BuildError(HttpStatusCode.BadRequest, ErrorCodes.INVALID_REQUEST, UMAErrorMessages.REQUEST_CANNOT_BE_CONFIRMED);
                }

                var resource = await _umaResourceRepository.FindByIdentifier(pendingRequest.Resource.Id, cancellationToken);
                foreach (var claimTokenFormat in _claimTokenFormats)
                {
                    resource.Permissions.Add(new UMAResourcePermission(Guid.NewGuid().ToString(), DateTime.UtcNow)
                    {
                        Claims = new List <UMAResourcePermissionClaim>
                        {
                            new UMAResourcePermissionClaim
                            {
                                Name = claimTokenFormat.GetSubjectName(),
                                Value = pendingRequest.Requester
                            }
                        },
                        Scopes = pendingRequest.Scopes.ToList()
                    });
                }

                pendingRequest.Confirm();
                await _umaPendingRequestRepository.Update(pendingRequest, cancellationToken);
                await _umaResourceRepository.Update(resource, cancellationToken);
                await _umaPendingRequestRepository.SaveChanges(cancellationToken);
                await _umaResourceRepository.SaveChanges(cancellationToken);
                return new NoContentResult();
            }));
        }