private async Task <bool> InvokeAuthorizeEndpointAsync() { var authorizeRequest = new AuthorizeEndpointRequest(Request.Query); var clientContext = new OAuthValidateClientRedirectUriContext( Context, Options, authorizeRequest.ClientId, authorizeRequest.RedirectUri); if (!String.IsNullOrEmpty(authorizeRequest.RedirectUri)) { bool acceptableUri = true; Uri validatingUri; if (!Uri.TryCreate(authorizeRequest.RedirectUri, UriKind.Absolute, out validatingUri)) { // The redirection endpoint URI MUST be an absolute URI // http://tools.ietf.org/html/rfc6749#section-3.1.2 acceptableUri = false; } else if (!String.IsNullOrEmpty(validatingUri.Fragment)) { // The endpoint URI MUST NOT include a fragment component. // http://tools.ietf.org/html/rfc6749#section-3.1.2 acceptableUri = false; } else if (!Options.AllowInsecureHttp && String.Equals(validatingUri.Scheme, Uri.UriSchemeHttp, StringComparison.OrdinalIgnoreCase)) { // The redirection endpoint SHOULD require the use of TLS // http://tools.ietf.org/html/rfc6749#section-3.1.2.1 acceptableUri = false; } if (!acceptableUri) { clientContext.SetError(Constants.Errors.InvalidRequest); return(await SendErrorRedirectAsync(clientContext, clientContext)); } } await Options.Provider.ValidateClientRedirectUri(clientContext); if (!clientContext.IsValidated) { _logger.WriteVerbose("Unable to validate client information"); return(await SendErrorRedirectAsync(clientContext, clientContext)); } var validatingContext = new OAuthValidateAuthorizeRequestContext( Context, Options, authorizeRequest, clientContext); if (string.IsNullOrEmpty(authorizeRequest.ResponseType)) { _logger.WriteVerbose("Authorize endpoint request missing required response_type parameter"); validatingContext.SetError(Constants.Errors.InvalidRequest); } else if (!authorizeRequest.IsAuthorizationCodeGrantType && !authorizeRequest.IsImplicitGrantType) { _logger.WriteVerbose("Authorize endpoint request contains unsupported response_type parameter"); validatingContext.SetError(Constants.Errors.UnsupportedResponseType); } else { await Options.Provider.ValidateAuthorizeRequest(validatingContext); } if (!validatingContext.IsValidated) { // an invalid request is not processed further return(await SendErrorRedirectAsync(clientContext, validatingContext)); } _clientContext = clientContext; _authorizeEndpointRequest = authorizeRequest; var authorizeEndpointContext = new OAuthAuthorizeEndpointContext(Context, Options); await Options.Provider.AuthorizeEndpoint(authorizeEndpointContext); return(authorizeEndpointContext.IsRequestCompleted); }