public object Post(LoginRequest request) { try { if (request.IsNotValid()) return new HttpResult {StatusCode = BadRequest}; var app = Db.FirstOrDefaultById<Application>(request.ClientId); if (app == null || app.RedirectUri != request.RedirectUri) return new HttpResult {StatusCode = BadRequest}; var user = Db.FirstOrDefaultById<User>(request.Login); if (user == null) return new HttpResult {StatusCode = BadRequest}; var enc = Encoding.UTF8; string hashString; using (var sha1 = SHA1.Create()) { var hash = sha1.ComputeHash(enc.GetBytes(request.Password + user.Salt)); hashString = string.Join("", hash.Select(x => x.ToString("x"))); } if (user.PasswordHash != hashString) return new HttpResult {StatusCode = BadRequest}; var code = new OAuthCode {ClientId = app.ClientId, UserLogin = user.Login, Code = Guid.NewGuid()}; Db.Save(code); return new HttpResult { StatusCode = Redirect, Headers = { { HttpHeaders.Location, new UriBuilder(app.RedirectUri) { Query = $"code={code.Code}{(request.State == null ? "" : $"&state={request.State}")}" } .Uri.AbsoluteUri } } }; }