private async Task RevokeTokens(IClient client, CookieParser cookieParser, CancellationToken cancellationToken)
{
var accessToken = cookieParser.Get(_configuration.Web.AccessTokenCookie.Name);
var refreshToken = cookieParser.Get(_configuration.Web.RefreshTokenCookie.Name);
var deleteAccessTokenTask = Task.FromResult(false);
var deleteRefreshTokenTask = Task.FromResult(false);
string jti;
if (IsValidJwt(accessToken, client, out jti))
{
try
{
var accessTokenResource = await client.GetAccessTokenAsync($"/accessTokens/{jti}", cancellationToken);
deleteAccessTokenTask = accessTokenResource.DeleteAsync(cancellationToken);
}
catch (ResourceException rex)
{
_logger.Info(rex.DeveloperMessage, source: nameof(RevokeTokens));
}
}
if (IsValidJwt(refreshToken, client, out jti))
{
try
{
var refreshTokenResource = await client.GetRefreshTokenAsync($"/refreshTokens/{jti}", cancellationToken);
deleteRefreshTokenTask = refreshTokenResource.DeleteAsync(cancellationToken);
}
catch (ResourceException rex)
{
_logger.Info(rex.DeveloperMessage, source: nameof(RevokeTokens));
}
}
try
{
await Task.WhenAll(deleteAccessTokenTask, deleteRefreshTokenTask);
}
catch (ResourceException rex)
{
_logger.Info(rex.DeveloperMessage, source: nameof(RevokeTokens));
}
}
private async Task RevokeCookieTokens(IClient client, CookieParser cookieParser, CancellationToken cancellationToken)
{
var accessToken = cookieParser.Get(_configuration.Web.AccessTokenCookie.Name);
var refreshToken = cookieParser.Get(_configuration.Web.RefreshTokenCookie.Name);
var revoker = new TokenRevoker(client, _logger)
.AddToken(accessToken)
.AddToken(refreshToken);
try
{
await revoker.Revoke(cancellationToken);
}
catch (Exception ex)
{
_logger.Info(ex.Message, source: nameof(RevokeCookieTokens));
}
}
public void CookieParserGet_SetCookieHeaderValue_Success(string cookieString, string[] expectedStrings)
{
int index = 0;
int cookieCount = 0;
var parser = new CookieParser(cookieString);
while (true)
{
Cookie cookie = parser.Get();
if (cookie == null)
{
break;
}
cookieCount++;
Assert.Equal(expectedStrings[index++], cookie.Name);
Assert.Equal(expectedStrings[index++], cookie.Value);
}
int expectedCookieCount = expectedStrings.Length >> 1;
Assert.Equal(expectedCookieCount, cookieCount);
}
private async Task <IAccount> TryCookieAuthenticationAsync(IOwinEnvironment context, IClient client)
{
string[] rawCookies = null;
if (!context.Request.Headers.TryGetValue("Cookie", out rawCookies))
{
logger.Trace("No cookie header found", nameof(TryCookieAuthenticationAsync));
return(null);
}
var cookieParser = new CookieParser(rawCookies, logger);
if (cookieParser.Count == 0)
{
logger.Trace("No cookies parsed from header", nameof(TryCookieAuthenticationAsync));
return(null);
}
logger.Trace("Cookies found on request: " + cookieParser.AsEnumerable().Select(x => $"'{x.Key}'").Join(", "), nameof(TryCookieAuthenticationAsync));
var accessToken = cookieParser.Get(this.Configuration.Web.AccessTokenCookie.Name);
var refreshToken = cookieParser.Get(this.Configuration.Web.RefreshTokenCookie.Name);
// Attempt to validate incoming Access Token
if (!string.IsNullOrEmpty(accessToken))
{
logger.Trace($"Found nonempty access token cookie '{this.Configuration.Web.AccessTokenCookie.Name}'", nameof(TryCookieAuthenticationAsync));
var validAccount = await ValidateAccessTokenAsync(context, client, accessToken);
if (validAccount != null)
{
logger.Info("Request authenticated using Access Token cookie", nameof(TryCookieAuthenticationAsync));
return(validAccount);
}
else
{
logger.Info("Access token cookie was not valid", nameof(TryCookieAuthenticationAsync));
}
}
// Try using refresh token instead
if (!string.IsNullOrEmpty(refreshToken))
{
logger.Trace($"Found nonempty refresh token cookie '{this.Configuration.Web.RefreshTokenCookie.Name}'", nameof(TryCookieAuthenticationAsync));
var refreshedAccount = await RefreshAccessTokenAsync(context, client, refreshToken);
if (refreshedAccount != null)
{
logger.Info("Request authenticated using Refresh Token cookie", nameof(TryCookieAuthenticationAsync));
return(refreshedAccount);
}
else
{
logger.Info("Refresh token cookie was not valid", nameof(TryCookieAuthenticationAsync));
}
}
// Failed on both counts. Delete access and refresh token cookies if necessary
if (cookieParser.Contains(this.Configuration.Web.AccessTokenCookie.Name))
{
Cookies.DeleteTokenCookie(context, this.Configuration.Web.AccessTokenCookie, logger);
}
if (cookieParser.Contains(this.Configuration.Web.RefreshTokenCookie.Name))
{
Cookies.DeleteTokenCookie(context, this.Configuration.Web.RefreshTokenCookie, logger);
}
logger.Info("No access or refresh token cookies found", nameof(TryCookieAuthenticationAsync));
return(null);
}
public void ParsesCookie(string[] headers)
{
var parsed = new CookieParser(headers, logger: null);
parsed.Get("access_token").Should().Be("eyJra.eyJqd.hGdm");
}
