/// <summary>
/// handle clear token request
/// </summary>
protected virtual async Task HandleClearTokenRequestAsync(HttpContext context)
{
var state = context.Request.Form[OAuth2Consts.Form_State].FirstOrDefault();
if (string.IsNullOrWhiteSpace(state))
{
context.Response.StatusCode = (int)HttpStatusCode.BadRequest;
await context.Response.WriteAsync("missing state");
return;
}
var clientID = context.Request.Form[OAuth2Consts.Form_ClientID].FirstOrDefault();
var clientSecret = context.Request.Form[OAuth2Consts.Form_ClientSecret].FirstOrDefault();
var mr = await _clientValidator.VerifyClientAsync(new NetworkCredential(clientID, clientSecret));
if (!mr.IsSuccess)
{
await ErrorHandler(context.Response, HttpStatusCode.BadRequest, mr.MsgCode, mr.MsgCodeDescription);
return;
}
var oldRefreshToken = context.Request.Form[OAuth2Consts.Form_RefreshToken].FirstOrDefault();
if (string.IsNullOrWhiteSpace(oldRefreshToken))
{
context.Response.StatusCode = (int)HttpStatusCode.BadRequest;
await context.Response.WriteAsync("missing refresh token");
return;
}
var endSessionID = context.Request.Form[OAuth2Consts.Form_EndSessionID].FirstOrDefault();
if (string.IsNullOrWhiteSpace(endSessionID))
{
context.Response.StatusCode = (int)HttpStatusCode.BadRequest;
await context.Response.WriteAsync("missing es_id");
return;
}
// verify state
var storedState = await _stateStore.GetThenRemoveAsync(clientID + ":" + endSessionID);
if (storedState != state)
{
context.Response.StatusCode = (int)HttpStatusCode.BadRequest;
await context.Response.WriteAsync("invalid state");
return;
}
await _tokenStore.RemoveRefreshTokenAsync(oldRefreshToken);
}
/// <summary>
/// handle sign out callback request
/// </summary>
protected virtual async Task HandleSignOutCallbackRequestAsync(HttpContext context)
{
var state = context.Request.Query[OAuth2Consts.Form_State].FirstOrDefault();
// read return url from store
var returnUrl = await _stateStore.GetThenRemoveAsync(state);
if (!string.IsNullOrWhiteSpace(returnUrl))
{
var endSessionID = context.Request.Query[OAuth2Consts.Form_EndSessionID].FirstOrDefault();
if (string.IsNullOrWhiteSpace(endSessionID))
{
context.Response.StatusCode = (int)HttpStatusCode.BadRequest;
await context.Response.WriteAsync("missing es_id");
return;
}
var tokenDTO = await _tokenDTOStore.GetTokenDTOAsync();
if (tokenDTO != null)
{
var httpClient = _httpClientFactory.CreateClient();
var resp = await httpClient.PostAsync(_options.EndSessionEndpoint, new FormUrlEncodedContent(new KeyValuePair <string, string>[] {
new KeyValuePair <string, string>(OAuth2Consts.Form_State, state),
new KeyValuePair <string, string>(OAuth2Consts.Form_EndSessionID, endSessionID),
new KeyValuePair <string, string>(OAuth2Consts.Form_ClientID, _options.ClientID),
new KeyValuePair <string, string>(OAuth2Consts.Form_ClientSecret, _options.ClientSecret),
new KeyValuePair <string, string>(OAuth2Consts.Form_RefreshToken, tokenDTO.RefreshToken),
}));
if (!resp.IsSuccessStatusCode)
{
var body = await resp.Content.ReadAsStringAsync();
_logger.LogWarning("Post end session request failed [{0}]:\n{1}", resp.StatusCode, body);
}
}
// sign out & redirect to return url
await context.OAuth2SignOutAsync();
context.Response.Redirect(returnUrl);
return;
}
context.Response.StatusCode = (int)HttpStatusCode.NotFound;
}