public HttpResponseMessage Revoke([FromBody] OAuthRevokeTokenRequest revokeRequest)
{
if (string.IsNullOrWhiteSpace(revokeRequest.ClientId) ||
string.IsNullOrWhiteSpace(revokeRequest.ClientSecret) ||
string.IsNullOrWhiteSpace(revokeRequest.Token))
{
return(new HttpResponseMessage(HttpStatusCode.BadRequest)
{
Content = new StringContent(JsonConvert.SerializeObject(
new OAuthTokenErrorResponse(OAuthTokenErrors.InvalidRequest)
{
ErrorDescription = "client_id, client_secret and token is required."
}))
});
}
var client = _oAuthClientStorage.Fetch(revokeRequest.ClientId);
if (client == null ||
client.ClientSecret != revokeRequest.ClientSecret)
{
return(new HttpResponseMessage(HttpStatusCode.BadRequest)
{
Content = new StringContent(JsonConvert.SerializeObject(
new OAuthTokenErrorResponse(OAuthTokenErrors.InvalidClient)))
});
}
try
{
if (revokeRequest.TokenTypeHint != OAuthTokenTypes.RefreshToken)
{
return(new HttpResponseMessage(HttpStatusCode.BadRequest)
{
Content = new StringContent(JsonConvert.SerializeObject(
new OAuthTokenErrorResponse("unsupported_token_type")))
});
}
_oAuthRefreshTokenStorage.Delete(revokeRequest.Token);
return(new HttpResponseMessage(HttpStatusCode.OK));
}
catch (Exception e)
{
return(new HttpResponseMessage(HttpStatusCode.BadRequest)
{
Content = new StringContent(JsonConvert.SerializeObject(
new OAuthTokenErrorResponse()
{
ErrorDescription = e.Message
}))
});
}
}
public OAuthClient FindValidClient(string clientId, string clientSecret, string grantType)
{
var client = _oAuthClientStorage.Fetch(clientId);
if (client == null)
{
return(null);
}
// TODO: Change AllowedGrantTypes for allowed flows? (PasswordGrant etc)
// Make sure client is valid
if (!client.IsActive || // Client inactive
client.ClientSecret != clientSecret || // Invalid secret
grantType != OAuthGrantTypes.RefreshToken && !client.AllowedGrantTypes.Contains(grantType)) // Invalid grant type
{
return(null);
}
// Client is valid
return(client);
}