public override async Task ReturnEndpoint(DiscordReturnEndpointContext context)
{
if (context.OwinContext.Get <bool>("discord:verified"))
{
var authenticationProperties = context.Properties;
var identity = new ClaimsIdentity(Startup.OAuthAuthorizationServerOptions.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.Name, context.Identity.FindFirst(ClaimTypes.Email).Value));
identity.AddClaim(new Claim(ClaimTypes.Role, "User"));
var ticket = new AuthenticationTicket(identity, authenticationProperties);
var refreshContext = new AuthenticationTokenCreateContext(context.OwinContext, Startup.OAuthAuthorizationServerOptions.RefreshTokenFormat, ticket);
await Startup.OAuthAuthorizationServerOptions.RefreshTokenProvider.CreateAsync(refreshContext);
context.Response.Cookies.Append("refreshtoken", refreshContext.Token);
}
else
{
context.Response.StatusCode = 403;
context.Response.ReasonPhrase = "Account on discord is not verified so STSExample will not allow authentication this way.";
var model = new EmailNotVerifiedModel
{
ReturnUrl = context.RedirectUri,
FontAwesomeIconName = "fa-discord",
Provider = "Discord"
};
using (var sr = new StreamWriter(context.Response.Body))
{
var transformPath = System.Web.Hosting.HostingEnvironment.MapPath("~/Helpers/EmailNotVerified/EmailNotVerified.html");
sr.Write(string.IsNullOrWhiteSpace(transformPath) ? "Error: Can't render page." : TransformXsltHelper.Transform(model, transformPath));
}
}
await base.ReturnEndpoint(context);
}
private async Task <bool> InvokeReplyPathAsync()
{
if (!Options.CallbackPath.HasValue || Options.CallbackPath != Request.Path)
{
return(false);
}
// TODO: error responses
var ticket = await AuthenticateAsync();
if (ticket == null)
{
_logger.WriteWarning("Invalid return state, unable to redirect.");
Response.StatusCode = 500;
return(true);
}
var context = new DiscordReturnEndpointContext(Context, ticket)
{
SignInAsAuthenticationType = Options.SignInAsAuthenticationType,
RedirectUri = ticket.Properties.RedirectUri
};
await Options.Provider.ReturnEndpoint(context);
if (context.SignInAsAuthenticationType != null &&
context.Identity != null)
{
var grantIdentity = context.Identity;
if (!string.Equals(grantIdentity.AuthenticationType, context.SignInAsAuthenticationType, StringComparison.Ordinal))
{
grantIdentity = new ClaimsIdentity(grantIdentity.Claims, context.SignInAsAuthenticationType, grantIdentity.NameClaimType, grantIdentity.RoleClaimType);
}
Context.Authentication.SignIn(context.Properties, grantIdentity);
}
if (context.IsRequestCompleted || context.RedirectUri == null)
{
return(context.IsRequestCompleted);
}
var redirectUri = context.RedirectUri;
if (context.Identity == null)
{
// add a redirect hint that sign-in failed in some way
redirectUri = WebUtilities.AddQueryString(redirectUri, "error", "access_denied");
}
Response.Redirect(redirectUri);
context.RequestCompleted();
return(context.IsRequestCompleted);
}
