public class RejectSessionCookieWhenAccountNotInCacheEvents()

in src/Saas.Lib/Saas.Identity/Helper/RejectSessionCookieWhenAccountNotInCacheEvents.cs [9:37]

• 22 lines of code
• 3 McCabe index (conditional complexity)

public class RejectSessionCookieWhenAccountNotInCacheEvents(IEnumerable<string> scopes) : CookieAuthenticationEvents
{
    private readonly IEnumerable<string> _scopes = scopes;

    public async override Task ValidatePrincipal(CookieValidatePrincipalContext context)
    {
        try
        {
            var tokenAcquisition = context.HttpContext.RequestServices.GetRequiredService<ITokenAcquisition>();
            string token = await tokenAcquisition.GetAccessTokenForUserAsync(
                _scopes,
                user: context.Principal);
        }
        catch (MicrosoftIdentityWebChallengeUserException ex)
           when (AccountDoesNotExitInTokenCache(ex))
        {
            context.RejectPrincipal();
        }
    }

    /// <summary>
    /// Is the exception thrown because there is no account in the token cache?
    /// </summary>
    /// <param name="ex">Exception thrown by <see cref="ITokenAcquisition"/>.GetTokenForXX methods.</param>
    /// <returns>A boolean telling if the exception was about not having an account in the cache</returns>
    private static bool AccountDoesNotExitInTokenCache(MicrosoftIdentityWebChallengeUserException ex)
        => ex.InnerException is MsalUiRequiredException msalUiRequiredException
                    && msalUiRequiredException.ErrorCode is "user_null";
}