public IHttpActionResult Logout()
{
var claimsIdentity = this.User.Identity as ClaimsIdentity;
var userId = claimsIdentity.FindFirst(ClaimTypes.UserData).Value;
_tokenStoreService.InvalidateUserTokens(int.Parse(userId));
_tokenStoreService.DeleteExpiredTokens();
return(this.Ok(new { message = "Logout successful. =)" }));
}
public IHttpActionResult Logout()
{
var claimsIdentity = this.User.Identity as ClaimsIdentity;
var userId = claimsIdentity.FindFirst(ClaimTypes.UserData).Value;
// The OWIN OAuth implementation does not support "revoke OAuth token" (logout) by design.
// Delete the user's tokens from the database (revoke its bearer token)
_tokenStoreService.InvalidateUserTokens(int.Parse(userId));
_tokenStoreService.DeleteExpiredTokens();
return(this.Ok(new { message = "Logout successful." }));
}
