private void ValidateAuthenticationResponse(TParty party, AuthenticationResponse authenticationResponse, SessionResponse sessionResponse, bool isImplicitFlow) { authenticationResponse.Validate(isImplicitFlow); if (party.Client.EnablePkce && isImplicitFlow) { throw new OAuthRequestException($"Require '{IdentityConstants.ResponseTypes.Code}' flow with PKCE.") { RouteBinding = RouteBinding, Error = IdentityConstants.ResponseErrors.InvalidRequest }; } if (sessionResponse?.SessionState.IsNullOrEmpty() == false) { sessionResponse.Validate(); } }