private async Task <ProcessConsentResultPM> ProcessConsentAsync(ConsentInputVM model) { var result = new ProcessConsentResultPM(); ConsentResponseSM grantedConsent = null; // user clicked 'no' - send back the standard 'access_denied' response if (model.Button == "no") { grantedConsent = ConsentResponseSM.Denied; } // user clicked 'yes' - validate the data else if (model.Button == "yes" && model != null) { // if the user consented to some scope, build the response model if (model.ScopesConsented != null && model.ScopesConsented.Any()) { var scopes = model.ScopesConsented; if (ConsentOptionsOM.EnableOfflineAccess == false) { scopes = scopes.Where(x => x != _securableService.GetOfflineAccessScopeName()); // IdentityServer4.IdentityServerConstants.StandardScopes.OfflineAccess); } grantedConsent = new ConsentResponseSM { RememberConsent = model.RememberConsent, ScopesConsented = scopes.ToArray() }; } else { result.ValidationError = ConsentOptionsOM.MustChooseOneErrorMessage; } } else { result.ValidationError = ConsentOptionsOM.InvalidSelectionErrorMessage; } if (grantedConsent != null) { // communicate outcome of consent back to identityserver var granted = await _securableService.GrantConsentAsync(model.ReturnUrl, grantedConsent); if (!granted) { return(result); } // indicate that's it ok to redirect back to authorization endpoint result.RedirectUri = model.ReturnUrl; } else { // we need to redisplay the consent UI result.ViewModel = await ConsentVMFactory.BuildConsentVMAsync(_securableService, _logger, model.ReturnUrl, model); } return(result); }
private static ScopeVM GetOfflineAccessScope(ISecurableService securableService, bool check) { return(new ScopeVM { Name = securableService.GetOfflineAccessScopeName(), DisplayName = ConsentOptionsOM.OfflineAccessDisplayName, Description = ConsentOptionsOM.OfflineAccessDescription, Emphasize = true, Checked = check }); }