//[Authorize]
public ActionResult Logout([FromHeader] string Authorization)
{
// add token to blacklist
if (!string.IsNullOrWhiteSpace(Authorization) && Authorization.Contains("Bearer "))
{
string tokenText = Authorization.Split(" ")[1];
// no need to add to blacklist if it's not valid
if (TokenUtils.ValidateToken(tokenText, out SecurityToken securityToken))
{
Token tempToken = new Token()
{
Expiration = securityToken.ValidTo,
TokenString = tokenText,
JWTToken = securityToken
};
tokenService.BlackListToken(tempToken);
}
HttpContext.Response.Headers.Append("Authorization", " ");
return(Ok("logout successful"));
}
else
{
return(BadRequest("missing session information"));
}
}
