//[Authorize] public ActionResult Logout([FromHeader] string Authorization) { // add token to blacklist if (!string.IsNullOrWhiteSpace(Authorization) && Authorization.Contains("Bearer ")) { string tokenText = Authorization.Split(" ")[1]; // no need to add to blacklist if it's not valid if (TokenUtils.ValidateToken(tokenText, out SecurityToken securityToken)) { Token tempToken = new Token() { Expiration = securityToken.ValidTo, TokenString = tokenText, JWTToken = securityToken }; tokenService.BlackListToken(tempToken); } HttpContext.Response.Headers.Append("Authorization", " "); return(Ok("logout successful")); } else { return(BadRequest("missing session information")); } }