public async Task <IActionResult> GetPromptInfo([FromQuery] PromptRequestViewModel vm)
{
if (!ModelState.IsValid)
{
return(new JsonResult(new
{
status = 400,
message = "Validation failed",
data = ModelState
})
{
StatusCode = StatusCodes.Status400BadRequest
});
}
string[] scopeNames = vm.Scopes.Split(",");
IList <Scope> scopes = await _scopeService.FindByNameAsync(scopeNames);
Application application = await _applicationService.FindByClientIdAsync(vm.ClientId);
if (scopes.Count == 0 || application == null)
{
string message = (scopes.Count == 0) ? "At least 1 scope must be provided"
: "Invalid client id provided";
return(new JsonResult(new
{
status = 400,
message
})
{
StatusCode = StatusCodes.Status400BadRequest
});
}
/*
* "Authorise" the application at this point by creating a new user application record
* along with the scopes requested by the application - this allows us to verify
* that the same set of scopes that the user originally consented to are the same ones
* the application ultimately ends up getting access to.
*
* No credentials will be generated at this point, ultimately leaving the user with
* a linked application but no credentials that it can use - this can then be cleaned up
* by a scheduled task later on which specifically looks for user application records
* with no corresponding access tokens.
*/
User user = (User)HttpContext.Items["User"];
await _userApplicationService.AuthoriseApplicationAsync(user, application, scopes);
ApplicationViewModel applicationVm = application.ToViewModel();
return(new JsonResult(new
{
status = 200,
message = "Authorisation code prompt info retrieved successfully",
data = new
{
scopes,
application = applicationVm
}
}));
}
