lab/aspnet/AspNet/SpaAspNet/Providers/ApplicationOAuthProvider.cs

using Microsoft.Owin.Security.OAuth;
using System;
using System.Threading.Tasks;

namespace SpaAspNetCore.Providers
{
  public class ApplicationOAuthProvider : OAuthAuthorizationServerProvider
  {
    private readonly string _publicClientId;

    public ApplicationOAuthProvider(string publicClientId)
    {
      if (publicClientId == null)
      {
        throw new ArgumentNullException("publicClientId");
      }

      _publicClientId = publicClientId;
    }

    public override Task ValidateClientRedirectUri(OAuthValidateClientRedirectUriContext context)
    {
      if (context.ClientId == _publicClientId)
      {
        Uri expectedRootUri = new Uri(context.Request.Uri, "/");

        if (expectedRootUri.AbsoluteUri == context.RedirectUri)
        {
          context.Validated();
        }
        else if (context.ClientId == "web")
        {
          var expectedUri = new Uri(context.Request.Uri, "/");
          context.Validated(expectedUri.AbsoluteUri);
        }
      }

      return Task.FromResult<object>(null);
    }
  }
}