/// <summary>
/// Revoke access token only if it belongs to client doing the request.
/// </summary>
protected virtual async Task <bool> RevokeSubjectAsync(TokenRevocationRequestValidationResult validationResult)
{
try
{
// Token is the subject in this case
string subject = validationResult.Token;
if (!string.IsNullOrEmpty(subject))
{
var validationResultExtra = validationResult as TokenRevocationRequestValidationResultExtra;
var clientExtra = validationResult.Client as ClientExtra;
// now we need to revoke this subject
var rts = RefreshTokenStore as IRefreshTokenStore2;
if (validationResultExtra.RevokeAllAssociatedSubjects)
{
var clientExtras = await _clientStoreExtra.GetAllClientsAsync();
var queryClientIds = from item in clientExtras
where item.Namespace == clientExtra.Namespace
select item.ClientId;
foreach (var clienId in queryClientIds)
{
await rts.RemoveRefreshTokensAsync(subject, clienId);
}
}
else
{
await rts.RemoveRefreshTokensAsync(subject, clientExtra.ClientId);
}
await _tokenRevocationEventHandler.TokenRevokedAsync(clientExtra, subject);
}
return(true);
}
catch (Exception e)
{
Logger.LogError(e, "unexpected error in revocation");
}
return(false);
}
public Task <List <ClientExtra> > GetAllClientsAsync()
{
return(_inner.GetAllClientsAsync());
}
