public async Task Repeating_a_request_should_succeed()
{
var handler = new NetworkHandler(HttpStatusCode.OK, "ok");
var client = new HttpClient(handler);
var request = new TokenRevocationRequest
{
Address = Endpoint,
Token = "token",
ClientId = "client"
};
var response = await client.RevokeTokenAsync(request);
response.IsError.Should().BeFalse();
response.ErrorType.Should().Be(ResponseErrorType.None);
response.HttpStatusCode.Should().Be(HttpStatusCode.OK);
// repeat
response = await client.RevokeTokenAsync(request);
response.IsError.Should().BeFalse();
response.ErrorType.Should().Be(ResponseErrorType.None);
response.HttpStatusCode.Should().Be(HttpStatusCode.OK);
}
public async Task RevokeRefreshToken()
{
var disco = await _httpClient.GetDiscoveryDocumentAsync(new DiscoveryDocumentRequest
{
Address = _serviceApiSettings.IdentityBaseUri,
Policy = new DiscoveryPolicy {
RequireHttps = false
}
});
if (disco.IsError)
{
throw disco.Exception;
}
var refreshToken = await _httpContextAccessor.HttpContext.GetTokenAsync(OpenIdConnectParameterNames.RefreshToken);
TokenRevocationRequest tokenRevocationRequest = new TokenRevocationRequest()
{
ClientId = _clientSettings.WebClientForUser.ClientId,
ClientSecret = _clientSettings.WebClientForUser.ClientSecret,
Address = disco.RevocationEndpoint,
Token = refreshToken,
TokenTypeHint = "refresh_token"
};
await _httpClient.RevokeTokenAsync(tokenRevocationRequest);
}
private async Task <int> RevokeToken(string token, string tokenTypeHint, DiscoveryDocumentResponse disco)
{
Console.WriteLine($"Revoking {tokenTypeHint}...");
var request = new TokenRevocationRequest
{
Address = disco.DeviceAuthorizationEndpoint,
ClientId = configurationProvider.ClientId,
Token = token,
TokenTypeHint = tokenTypeHint
};
logger.LogInformation("TokenRevocationRequest {Request}", request);
var result = await httpClient.RevokeTokenAsync(request);
if (result.IsError)
{
Console.WriteLine(result.Error);
var ex = new Exception(result.Error);
logger.LogError(ex, "RevokeTokenAsync {Request} {Response}", request, result);
throw ex;
}
else
{
logger.LogInformation("RevokeTokenAsync {Request} {Response}", request, result);
}
Console.WriteLine($"Revoked {tokenTypeHint}...");
return(0);
}
private static async Task <TokenRevocationResponse> ForceTokenTimeout(TokenRevocationRequest request)
{
TokenRevocationResponse response = null;
if (request != null)
{
response = await new HttpClient().RevokeTokenAsync(request);
}
return(response);
}
/// <inheritdoc />
public virtual TokenRevocationRequest GetTokenRevocationRequest()
{
var options = _stravaOptions.Get(AuthenticationDefaults.AuthenticationScheme);
var requestDetails = new TokenRevocationRequest
{
Address = options.DeauthorizationEndpoint,
ClientId = options.ClientId,
ClientSecret = options.ClientSecret
};
return(requestDetails);
}
public async Task <TokenRevocationResponse> Logout(string baseUrl, string token)
{
await Discover(baseUrl);
var client = new HttpClient();
var request = new TokenRevocationRequest()
{
Address = disco.RevocationEndpoint,
ClientId = "client",
ClientSecret = "secret",
Token = token,
};
var resp = await client.RevokeTokenAsync(request, CancellationToken.None);
return(resp);
}
/// <inheritdoc />
public virtual async Task <TokenRevocationRequest> GetTokenRevocationRequestAsync()
{
var(options, configuration) = await GetOpenIdConnectSettingsAsync(_accessTokenManagementOptions.User.Scheme);
var requestDetails = new TokenRevocationRequest
{
Address = configuration.AdditionalData[OidcConstants.Discovery.RevocationEndpoint].ToString(),
ClientId = options.ClientId,
ClientSecret = options.ClientSecret
};
var assertion = await CreateAssertionAsync();
if (assertion != null)
{
requestDetails.ClientAssertion = assertion;
}
return(requestDetails);
}
private async Task <bool> LogoutUserAsync(string accessToken, CancellationToken cancellationToken)
{
// TODO: Should not create a http client all the time.
using (var client = new HttpClient())
{
var uri = $"{IdentityApiBaseUrl}/connect/revocation";
var request = new TokenRevocationRequest
{
Address = uri,
ClientId = ClientId,
ClientSecret = ClientSecret,
Token = accessToken,
TokenTypeHint = "access_token"
};
var response = await client.RevokeTokenAsync(request, cancellationToken).ConfigureAwait(false);
// TODO: Improve this
return(!response.IsError);
}
}
protected override void ExecuteRequest(HttpContext context)
{
(bool isOk, User user) = CheckClaimsForUser(Request, context, _userRepository);
if (!isOk || user == null)
{
return;
}
string fullAddress = $"{HTTP}{address}:{port}";
var client = new HttpClient();
DiscoveryDocumentResponse discoDoc = client.GetDiscoveryDocumentAsync(fullAddress).GetAwaiter().GetResult();
TokenRevocationRequest tokenRevocationRequest = new TokenRevocationRequest
{
Address = discoDoc.RevocationEndpoint,
ClientId = user.Login,
ClientSecret = user.PasswordHash,
Token = Request.AccessToken,
TokenTypeHint = "access_token"
};
TokenRevocationResponse tokenRevocationResponse = client.RevokeTokenAsync(tokenRevocationRequest).GetAwaiter().GetResult();
context.Response.StatusCode = (int)tokenRevocationResponse.HttpStatusCode;
}
public async Task Additional_parameters_should_be_sent_correctly()
{
var handler = new NetworkHandler(HttpStatusCode.OK, "ok");
var client = new TokenRevocationClient(
Endpoint,
"client",
innerHttpMessageHandler: handler);
var request = new TokenRevocationRequest
{
ClientSecret = "secret",
Token = "token",
Parameters =
{
{ "foo", "bar" }
}
};
var response = await client.RevokeAsync(request);
// check request
var fields = QueryHelpers.ParseQuery(handler.Body);
fields.Count.Should().Be(4);
fields["client_id"].First().Should().Be("client");
fields["client_secret"].First().Should().Be("secret");
fields["token"].First().Should().Be("token");
fields["foo"].First().Should().Be("bar");
// check response
response.IsError.Should().BeFalse();
response.ErrorType.Should().Be(ResponseErrorType.None);
response.HttpStatusCode.Should().Be(HttpStatusCode.OK);
}
public async Task Http_request_should_have_correct_format()
{
var handler = new NetworkHandler(HttpStatusCode.NotFound, "not found");
var client = new HttpClient(handler);
var request = new TokenRevocationRequest
{
Address = Endpoint,
Token = "token"
};
request.Headers.Add("custom", "custom");
request.Properties.Add("custom", "custom");
var response = await client.RevokeTokenAsync(request);
var httpRequest = handler.Request;
httpRequest.Method.Should().Be(HttpMethod.Post);
httpRequest.RequestUri.Should().Be(new Uri(Endpoint));
httpRequest.Content.Should().NotBeNull();
var headers = httpRequest.Headers;
headers.Count().Should().Be(2);
headers.Should().Contain(h => h.Key == "custom" && h.Value.First() == "custom");
var properties = httpRequest.Properties;
properties.Count.Should().Be(1);
var prop = properties.First();
prop.Key.Should().Be("custom");
((string)prop.Value).Should().Be("custom");
}
/// <summary>
/// Sends an OAuth token revocation request.
/// </summary>
/// <param name="client">The client.</param>
/// <param name="request">The request.</param>
/// <param name="cancellationToken">The cancellation token.</param>
/// <returns></returns>
public static async Task <TokenRevocationResponse> RevokeTokenAsync(this HttpMessageInvoker client, TokenRevocationRequest request, CancellationToken cancellationToken = default)
{
var clone = request.Clone();
clone.Method = HttpMethod.Post;
clone.Parameters.AddRequired(OidcConstants.TokenIntrospectionRequest.Token, request.Token);
clone.Parameters.AddOptional(OidcConstants.TokenIntrospectionRequest.TokenTypeHint, request.TokenTypeHint);
clone.Prepare();
HttpResponseMessage response;
try
{
response = await client.SendAsync(clone, cancellationToken).ConfigureAwait();
}
catch (Exception ex)
{
return(ProtocolResponse.FromException <TokenRevocationResponse>(ex));
}
return(await ProtocolResponse.FromHttpResponseAsync <TokenRevocationResponse>(response).ConfigureAwait());
}
