public async Task <IHttpActionResult> DeleteToken(string username, Guid tokenId)
{
User user;
user = Database.PlayerData.User.Find(username);
if (user == null)
{
return(Unauthorized());
}
var refreshToken = RefreshToken.FindForUser(user).FirstOrDefault();
if (refreshToken?.Id != tokenId)
{
return(Unauthorized());
}
if (RefreshToken.Remove(refreshToken, true))
{
return(Ok(
new
{
username,
tokenId
}
));
}
return(StatusCode(HttpStatusCode.Gone));
}
public override async Task ValidateIdentity(OAuthValidateIdentityContext context)
{
var owinContext = context.OwinContext;
var ticket = context.Ticket;
var identity = ticket?.Identity;
if (identity == null || owinContext == null)
{
context.Rejected();
return;
}
var claimClientId = identity.FindFirst(IntersectClaimTypes.ClientId);
if (!Guid.TryParse(claimClientId?.Value, out var clientId))
{
context.SetError("invalid_token_client");
return;
}
var claimUserId = identity.FindFirst(IntersectClaimTypes.UserId);
if (!Guid.TryParse(claimUserId?.Value, out var userId))
{
context.SetError("invalid_token_user");
return;
}
var claimTicketId = identity.FindFirst(IntersectClaimTypes.TicketId);
if (!Guid.TryParse(claimTicketId?.Value, out var ticketId))
{
context.SetError("invalid_ticket_id");
return;
}
var refreshToken = RefreshToken.FindForTicket(ticketId);
if (refreshToken == null)
{
context.Rejected();
return;
}
if (ticket.Properties?.ExpiresUtc < DateTime.UtcNow)
{
context.SetError("access_token_expired");
return;
}
if (refreshToken.ClientId != clientId || refreshToken.UserId != userId)
{
RefreshToken.Remove(refreshToken.Id, true);
context.Rejected();
return;
}
owinContext.Set("refresh_token", refreshToken);
context.Validated();
}
