public async Task <IActionResult> GetPromptInfo([FromQuery] PromptRequestViewModel vm) { if (!ModelState.IsValid) { return(new JsonResult(new { status = 400, message = "Validation failed", data = ModelState }) { StatusCode = StatusCodes.Status400BadRequest }); } string[] scopeNames = vm.Scopes.Split(","); IList <Scope> scopes = await _scopeService.FindByNameAsync(scopeNames); Application application = await _applicationService.FindByClientIdAsync(vm.ClientId); if (scopes.Count == 0 || application == null) { string message = (scopes.Count == 0) ? "At least 1 scope must be provided" : "Invalid client id provided"; return(new JsonResult(new { status = 400, message }) { StatusCode = StatusCodes.Status400BadRequest }); } /* * "Authorise" the application at this point by creating a new user application record * along with the scopes requested by the application - this allows us to verify * that the same set of scopes that the user originally consented to are the same ones * the application ultimately ends up getting access to. * * No credentials will be generated at this point, ultimately leaving the user with * a linked application but no credentials that it can use - this can then be cleaned up * by a scheduled task later on which specifically looks for user application records * with no corresponding access tokens. */ User user = (User)HttpContext.Items["User"]; await _userApplicationService.AuthoriseApplicationAsync(user, application, scopes); ApplicationViewModel applicationVm = application.ToViewModel(); return(new JsonResult(new { status = 200, message = "Authorisation code prompt info retrieved successfully", data = new { scopes, application = applicationVm } })); }