public async Task NotRemovedTokenIsReturned()
{
await _setup;
await _store.RemoveAsync(RemovedKey);
var result = (await _store.GetAllAsync(SubjectA)).ToArray();
Assert.Equal(1, result.Length);
Assert.Equal(
TestData.ToTestableString(_subjectATokens[1]),
TestData.ToTestableString(result[0]));
}
// revoke access token only if it belongs to client doing the request
private async Task <bool> RevokeAccessTokenAsync(string handle, Client client)
{
var token = await _tokenHandles.GetAsync(handle);
if (token != null)
{
if (token.ClientId == client.ClientId)
{
await _tokenHandles.RemoveAsync(handle);
await _events.RaiseTokenRevokedEventAsync(token.SubjectId, handle, Constants.TokenTypeHints.AccessToken);
}
else
{
var message = string.Format("Client {0} tried to revoke an access token belonging to a different client: {1}", client.ClientId, token.ClientId);
Logger.Warn(message);
await RaiseFailureEventAsync(message);
}
return(true);
}
return(false);
}
private async Task <TokenValidationResult> ValidateReferenceAccessTokenAsync(string tokenHandle)
{
_log.TokenHandle = tokenHandle;
var token = await _tokenHandles.GetAsync(tokenHandle);
if (token == null)
{
LogError("Token handle not found");
return(Invalid(Constants.ProtectedResourceErrors.InvalidToken));
}
if (token.Type != Constants.TokenTypes.AccessToken)
{
LogError("Token handle does not resolve to an access token - but instead to: " + token.Type);
await _tokenHandles.RemoveAsync(tokenHandle);
return(Invalid(Constants.ProtectedResourceErrors.InvalidToken));
}
if (DateTimeOffsetHelper.UtcNow >= token.CreationTime.AddSeconds(token.Lifetime))
{
LogError("Token expired.");
await _tokenHandles.RemoveAsync(tokenHandle);
return(Invalid(Constants.ProtectedResourceErrors.ExpiredToken));
}
return(new TokenValidationResult
{
IsError = false,
Client = token.Client,
Claims = ReferenceTokenToClaims(token),
ReferenceToken = token,
ReferenceTokenId = tokenHandle
});
}