public static async Task <GrantedTokenValidationResult> CheckGrantedToken(this GrantedToken grantedToken, IJwksStore jwksStore, CancellationToken cancellationToken = default) { if (grantedToken == null) { return(new GrantedTokenValidationResult { MessageErrorCode = ErrorCodes.InvalidToken, MessageErrorDescription = Strings.TheTokenIsNotValid, IsValid = false }); } var expirationDateTime = grantedToken.CreateDateTime.AddSeconds(grantedToken.ExpiresIn); var tokenIsExpired = DateTimeOffset.UtcNow > expirationDateTime; if (tokenIsExpired) { return(new GrantedTokenValidationResult { MessageErrorCode = ErrorCodes.InvalidToken, MessageErrorDescription = Strings.TheTokenIsExpired, IsValid = false }); } var publicKeys = await jwksStore.GetPublicKeys(cancellationToken).ConfigureAwait(false); var handler = new JwtSecurityTokenHandler(); var validationParameters = new TokenValidationParameters { ValidateActor = false, ValidAudience = grantedToken.ClientId, ValidateIssuer = false, IssuerSigningKeys = publicKeys.Keys }; try { handler.ValidateToken(grantedToken.AccessToken, validationParameters, out _); return(new GrantedTokenValidationResult { IsValid = true }); } catch (Exception exception) { return(new GrantedTokenValidationResult { IsValid = false, MessageErrorCode = exception.Message, MessageErrorDescription = exception.Message }); } }
public async Task <IActionResult> RevokeSessionCallback([FromQuery] RevokeSessionRequest?request, CancellationToken cancellationToken) { var authenticatedUser = await _authenticationService.GetAuthenticatedUser(this, CookieNames.CookieName).ConfigureAwait(false); if (authenticatedUser == null || authenticatedUser.Identity?.IsAuthenticated != true) { return(Ok(new { Authenticated = false })); } Response.Cookies.Delete(CoreConstants.SessionId); await _authenticationService.SignOutAsync(HttpContext, CookieNames.CookieName, new AuthenticationProperties()).ConfigureAwait(false); if (request != null && request.post_logout_redirect_uri != null && !string.IsNullOrWhiteSpace(request.id_token_hint)) { var handler = new JwtSecurityTokenHandler(); var jsonWebKeySet = await _jwksStore.GetPublicKeys(cancellationToken).ConfigureAwait(false); var tokenValidationParameters = new TokenValidationParameters { ValidateActor = false, ValidateAudience = false, ValidateIssuer = false, IssuerSigningKeys = jsonWebKeySet.Keys }; handler.ValidateToken(request.id_token_hint, tokenValidationParameters, out var token); var jws = (token as JwtSecurityToken)?.Payload; var claim = jws?.GetClaimValue(StandardClaimNames.Azp); if (claim != null) { var client = await _clientRepository.GetById(claim, cancellationToken).ConfigureAwait(false); if (client?.PostLogoutRedirectUris != null && client.PostLogoutRedirectUris.Any(x => x == request.post_logout_redirect_uri)) { var redirectUrl = request.post_logout_redirect_uri; if (!string.IsNullOrWhiteSpace(request.state)) { redirectUrl = new Uri($"{redirectUrl.AbsoluteUri}?state={request.state}"); } return(Redirect(redirectUrl.AbsoluteUri)); } } } return(Ok(new { Authenticated = true })); }