Beispiel #1
0
        private async Task <bool> RevokeRefreshToken()
        {
            string accessToken  = HttpContext.Request.Cookies["accessToken"];
            string refreshToken = HttpContext.Request.Cookies["refreshToken"];

            if (accessToken == null || refreshToken == null)
            {
                return(true);
            }

            var handler   = new JwtSecurityTokenHandler();
            var jsonToken = handler.ReadToken(accessToken);
            var tokenS    = handler.ReadToken(accessToken) as JwtSecurityToken;
            var userName  = tokenS.Claims.First(claim => claim.Type == "unique_name").Value;

            var identityUser = await userManager.FindByNameAsync(userName);

            if (identityUser == null)
            {
                return(false);
            }

            var refreshTokens        = refreshTokenRepository.GetByUserId(identityUser.Id);
            var selectedRefreshToken = refreshTokens.Where <RefreshToken>(c => c.Token == refreshToken).FirstOrDefault();

            if (selectedRefreshToken != null)
            {
                await refreshTokenRepository.Remove(selectedRefreshToken.Id);
            }


            // Set Token Cookie
            var cookieOptions = new CookieOptions
            {
                HttpOnly = true,
                Secure   = true,
                SameSite = SameSiteMode.None,
                Expires  = DateTime.UtcNow.AddDays(-1)
            };

            HttpContext.Response.Cookies.Append("accessToken", "", cookieOptions);
            HttpContext.Response.Cookies.Append("refreshToken", "", cookieOptions);
            return(true);
        }