public IHttpActionResult Logout()
        {
            var claimsIdentity = this.User.Identity as ClaimsIdentity;
            var userId         = claimsIdentity.FindFirst(ClaimTypes.UserData).Value;

            _tokenStoreService.InvalidateUserTokens(int.Parse(userId));
            _tokenStoreService.DeleteExpiredTokens();

            return(this.Ok(new { message = "Logout successful. =)" }));
        }
        public IHttpActionResult Logout()
        {
            var claimsIdentity = this.User.Identity as ClaimsIdentity;
            var userId         = claimsIdentity.FindFirst(ClaimTypes.UserData).Value;

            // The OWIN OAuth implementation does not support "revoke OAuth token" (logout) by design.
            // Delete the user's tokens from the database (revoke its bearer token)
            _tokenStoreService.InvalidateUserTokens(int.Parse(userId));
            _tokenStoreService.DeleteExpiredTokens();

            return(this.Ok(new { message = "Logout successful." }));
        }