in app/controllers/DesktopLogin.scala [57:74]
def desktopOauthCallback(): Action[AnyContent] = Action.async { implicit request =>
val token =
request.session.get(ANTI_FORGERY_KEY).getOrElse(throw new OAuthException("missing anti forgery token"))
OAuth.validatedUserIdentity(token)(request, deps.executionContext, wsClient).map { claimedAuth =>
logger.debug("fresh user desktop login")
val authedUserData = claimedAuth.copy(authenticatingSystem = "login-desktop", multiFactor = checkMultifactor(claimedAuth))
if (validateUser(authedUserData)) {
val token = CookieUtils.generateCookieData(authedUserData, panDomainSettings.settings.signingAndVerification)
Redirect(s"gu-panda://desktop?token=${URLEncoder.encode(token, "UTF-8")}&stage=${deps.config.stage.toLowerCase}")
.withSession(session = request.session - ANTI_FORGERY_KEY - LOGIN_ORIGIN_KEY)
} else {
showUnauthedMessage(invalidUserMessage(claimedAuth))
}
}
}