public override async Task ReturnEndpoint(DiscordReturnEndpointContext context) { if (context.OwinContext.Get <bool>("discord:verified")) { var authenticationProperties = context.Properties; var identity = new ClaimsIdentity(Startup.OAuthAuthorizationServerOptions.AuthenticationType); identity.AddClaim(new Claim(ClaimTypes.Name, context.Identity.FindFirst(ClaimTypes.Email).Value)); identity.AddClaim(new Claim(ClaimTypes.Role, "User")); var ticket = new AuthenticationTicket(identity, authenticationProperties); var refreshContext = new AuthenticationTokenCreateContext(context.OwinContext, Startup.OAuthAuthorizationServerOptions.RefreshTokenFormat, ticket); await Startup.OAuthAuthorizationServerOptions.RefreshTokenProvider.CreateAsync(refreshContext); context.Response.Cookies.Append("refreshtoken", refreshContext.Token); } else { context.Response.StatusCode = 403; context.Response.ReasonPhrase = "Account on discord is not verified so STSExample will not allow authentication this way."; var model = new EmailNotVerifiedModel { ReturnUrl = context.RedirectUri, FontAwesomeIconName = "fa-discord", Provider = "Discord" }; using (var sr = new StreamWriter(context.Response.Body)) { var transformPath = System.Web.Hosting.HostingEnvironment.MapPath("~/Helpers/EmailNotVerified/EmailNotVerified.html"); sr.Write(string.IsNullOrWhiteSpace(transformPath) ? "Error: Can't render page." : TransformXsltHelper.Transform(model, transformPath)); } } await base.ReturnEndpoint(context); }
private async Task <bool> InvokeReplyPathAsync() { if (!Options.CallbackPath.HasValue || Options.CallbackPath != Request.Path) { return(false); } // TODO: error responses var ticket = await AuthenticateAsync(); if (ticket == null) { _logger.WriteWarning("Invalid return state, unable to redirect."); Response.StatusCode = 500; return(true); } var context = new DiscordReturnEndpointContext(Context, ticket) { SignInAsAuthenticationType = Options.SignInAsAuthenticationType, RedirectUri = ticket.Properties.RedirectUri }; await Options.Provider.ReturnEndpoint(context); if (context.SignInAsAuthenticationType != null && context.Identity != null) { var grantIdentity = context.Identity; if (!string.Equals(grantIdentity.AuthenticationType, context.SignInAsAuthenticationType, StringComparison.Ordinal)) { grantIdentity = new ClaimsIdentity(grantIdentity.Claims, context.SignInAsAuthenticationType, grantIdentity.NameClaimType, grantIdentity.RoleClaimType); } Context.Authentication.SignIn(context.Properties, grantIdentity); } if (context.IsRequestCompleted || context.RedirectUri == null) { return(context.IsRequestCompleted); } var redirectUri = context.RedirectUri; if (context.Identity == null) { // add a redirect hint that sign-in failed in some way redirectUri = WebUtilities.AddQueryString(redirectUri, "error", "access_denied"); } Response.Redirect(redirectUri); context.RequestCompleted(); return(context.IsRequestCompleted); }