public async Task RevokeToken(string accessToken) { using var unitOfWork = UnitOfWorkFactory(); var token = UserTokenHelper.GetUserToken(accessToken, TokenType.AccessToken); if (token == null) { return; } // // Mark as revoked and update to the DB token.IsRevoked = true; // // Update to DB await unitOfWork.Repository <UserToken>().RevokeToken(token.Id); }
public void OnAuthorization(AuthorizationFilterContext context) { context.HttpContext.Request.Query.TryGetValue("sc", out var sc); var imageToken = sc.FirstOrDefault(); if (string.IsNullOrEmpty(imageToken)) { context.Result = new UnauthorizedResult(); return; } var userToken = UserTokenHelper.GetUserToken(imageToken, TokenType.ImageToken); if (userToken == null || userToken.IsRevoked) { context.Result = new UnauthorizedResult(); return; } var parameters = GetTokenValidationParameters(context); // // Validate token try { var handler = new JwtSecurityTokenHandler(); var claimsPrincipal = handler.ValidateToken(userToken.Token, parameters, out var sercurityToken); var claimsIdentity = new ClaimsIdentity(claimsPrincipal.Claims); context.HttpContext.User.AddIdentity(claimsIdentity); } catch (SecurityTokenValidationException) { // // The token failed validation context.Result = new UnauthorizedResult(); } catch (ArgumentException) { // // The token was not well-formed or was invalid for some other reason. context.Result = new UnauthorizedResult(); } }