/// <summary> /// Checks if consent is required. /// </summary> /// <param name="subject">The user.</param> /// <param name="client">The client.</param> /// <param name="scopes">The scopes.</param> /// <returns> /// Boolean if consent is required. /// </returns> /// <exception cref="System.ArgumentNullException"> /// client /// or /// subject /// </exception> public virtual async Task <bool> RequiresConsentAsync(ClaimsPrincipal subject, Client client, IEnumerable <string> scopes) { if (client == null) { throw new ArgumentNullException(nameof(client)); } if (subject == null) { throw new ArgumentNullException(nameof(subject)); } if (!client.RequireConsent) { return(false); } // TODO: validate that this is a correct statement if (!client.AllowRememberConsent) { return(true); } if (scopes == null || !scopes.Any()) { return(false); } // we always require consent for offline access if // the client has not disabled RequireConsent if (scopes.Contains(Constants.StandardScopes.OfflineAccess)) { return(true); } var consent = await _grants.GetUserConsentAsync(subject.GetSubjectId(), client.ClientId); if (consent != null && consent.Scopes != null) { var intersect = scopes.Intersect(consent.Scopes); return(!(scopes.Count() == intersect.Count())); } return(true); }