public async Task invalid_credentials_should_return_error() { var tokens = await GetTokensAsync(); (await IsAccessTokenValidAsync(tokens)).Should().BeTrue(); var revocationClient = new TokenRevocationClient(IdentityServerPipeline.RevocationEndpoint, client_id, "not_valid", _mockPipeline.Handler); var result = await revocationClient.RevokeAccessTokenAsync(tokens.AccessToken); result.IsError.Should().BeTrue(); result.Error.Should().Be("invalid_client"); }
public async Task Logout() { #region Revocation Token on Logout // get the metadata Console.WriteLine("ApplicationSettings.Authority" + ApplicationSettings.OpenIdConnectConfiguration.Authority); var discoveryClient = new DiscoveryClient(ApplicationSettings.OpenIdConnectConfiguration.Authority); var metaDataResponse = await discoveryClient.GetAsync(); Console.WriteLine(metaDataResponse.TokenEndpoint); Console.WriteLine(metaDataResponse.StatusCode); Console.WriteLine(metaDataResponse.Error); // create a TokenRevocationClient var revocationClient = new TokenRevocationClient( metaDataResponse.RevocationEndpoint, ApplicationSettings.OpenIdConnectConfiguration.ClientId, ApplicationSettings.OpenIdConnectConfiguration.ClientSecret); // get the access token to revoke var accessToken = await HttpContext.GetTokenAsync(OpenIdConnectParameterNames.AccessToken); if (!string.IsNullOrWhiteSpace(accessToken)) { Console.WriteLine("Access Token:" + accessToken); var revokeAccessTokenResponse = await revocationClient.RevokeAccessTokenAsync(accessToken); if (revokeAccessTokenResponse.IsError) { throw new Exception("Problem encountered while revoking the access token.", revokeAccessTokenResponse.Exception); } } // revoke the refresh token as well var refreshToken = await HttpContext.GetTokenAsync(OpenIdConnectParameterNames.RefreshToken); if (!string.IsNullOrWhiteSpace(refreshToken)) { var revokeRefreshTokenResponse = await revocationClient.RevokeRefreshTokenAsync(refreshToken); if (revokeRefreshTokenResponse.IsError) { throw new Exception("Problem encountered while revoking the refresh token.", revokeRefreshTokenResponse.Exception); } } #endregion }
public async Task Logout() { // get the metadata var discoveryClient = new DiscoveryClient(_appConfiguration.GetValue <string>("QuantusIdpBaseUri")); var metaDataResponse = await discoveryClient.GetAsync(); // create a TokenRevocationClient var revocationClient = new TokenRevocationClient( metaDataResponse.RevocationEndpoint, "fittifyclient", "secret"); // get the access token to revoke var accessToken = await AuthenticationHttpContextExtensions.GetTokenAsync( _httpContextAccessor.HttpContext, OpenIdConnectParameterNames.AccessToken); if (!string.IsNullOrWhiteSpace(accessToken)) { var revokeAccessTokenResponse = await revocationClient.RevokeAccessTokenAsync(accessToken); if (revokeAccessTokenResponse.IsError) { throw new OpenIdConnectException("Problem encountered while revoking the access token." , revokeAccessTokenResponse.Exception); } } // revoke the refresh token as well var refreshToken = await AuthenticationHttpContextExtensions.GetTokenAsync( _httpContextAccessor.HttpContext, OpenIdConnectParameterNames.RefreshToken); if (!string.IsNullOrWhiteSpace(refreshToken)) { var revokeRefreshTokenResponse = await revocationClient.RevokeRefreshTokenAsync(refreshToken); if (revokeRefreshTokenResponse.IsError) { throw new OpenIdConnectException("Problem encountered while revoking the refresh token." , revokeRefreshTokenResponse.Exception); } } await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme); // Logging out of client await HttpContext.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme); // Logging out of IDP }
public async Task revoke_valid_access_token_should_return_success() { var tokens = await GetTokensAsync(); (await IsAccessTokenValidAsync(tokens)).Should().BeTrue(); var revocationClient = new TokenRevocationClient(IdentityServerPipeline.RevocationEndpoint, client_id, client_secret, _mockPipeline.Handler); var result = await revocationClient.RevokeAccessTokenAsync(tokens.AccessToken); result.IsError.Should().BeFalse(); (await IsAccessTokenValidAsync(tokens)).Should().BeFalse(); }
public async Task revoke_valid_refresh_token_should_return_success() { var tokens = await GetTokensAsync(); (await UseRefreshTokenAsync(tokens)).Should().BeTrue(); var revocationClient = new TokenRevocationClient(MockIdSvrUiPipeline.RevocationEndpoint, client_id, client_secret, _mockPipeline.Handler); var result = await revocationClient.RevokeRefreshTokenAsync(tokens.RefreshToken); result.IsError.Should().BeFalse(); (await UseRefreshTokenAsync(tokens)).Should().BeFalse(); }
protected async void OnSignoutButtonClicked(object sender, EventArgs e) { if (authState.RefreshToken == null && authState.AccessToken == null) { return; } var endpoint = await authState.GetRevocationEndpointAsync(); if (endpoint != null) { #if true // Use custom HttpClientHandler for demonstration. (next 4 lines) var handler = new HttpClientHandlerEx(); handler.BeforeRequestAsyncHooks += LogPage.HttpRequestLoggerAsync; handler.AfterResponseAsyncHooks += LogPage.HttpResponseLoggerAsync; var client = new TokenRevocationClient(endpoint, innerHttpMessageHandler: handler); #else // This is normal implementation. var client = new TokenRevocationClient(endpoint); #endif var result = await client.RevokeAsync(new TokenRevocationRequest { Token = authState.RefreshToken ?? authState.AccessToken }); #if true // Google Accounts will return an "invalid_token" error on HTTP 400, not HTTP 200, // in response to a revocation request for a token that has already been revoked. if (result.IsError && result.Error != "invalid_token") { #else // This is normal implementation. if (result.IsError) { #endif #region // Write program to be executed when revoking authorization fails. ShowAuthState(); ResultLabel.Text = StringResources.MsgAuthRevokeNg; #endregion return; } } #region // Program to be executed when revoking authorization succeeds. authState.Reset(); ShowAuthState(); ResultLabel.Text = StringResources.MsgAuthRevokeOk; #endregion }
public async Task Logout() { // get the metadata var discoveryClient = new DiscoveryClient("https://localhost:44326/"); var metaDataResponse = await discoveryClient.GetAsync(); // create a TokenRevocationClient var revocationClient = new TokenRevocationClient( metaDataResponse.RevocationEndpoint, "imagegalleryclient", "secret"); // get the access token to revoke var accessToken = await HttpContext .GetTokenAsync(OpenIdConnectParameterNames.AccessToken); if (!string.IsNullOrWhiteSpace(accessToken)) { var revokeAccessTokenResponse = await revocationClient.RevokeAccessTokenAsync(accessToken); if (revokeAccessTokenResponse.IsError) { throw new Exception("Problem encountered while revoking the access token." , revokeAccessTokenResponse.Exception); } } // revoke the refresh token as well var refreshToken = await HttpContext .GetTokenAsync(OpenIdConnectParameterNames.RefreshToken); if (!string.IsNullOrWhiteSpace(refreshToken)) { var revokeRefreshTokenResponse = await revocationClient.RevokeRefreshTokenAsync(refreshToken); if (revokeRefreshTokenResponse.IsError) { throw new Exception("Problem encountered while revoking the refresh token." , revokeRefreshTokenResponse.Exception); } } // Clears the local cookie ("Cookies" must match name from scheme) await HttpContext.SignOutAsync("Cookies"); await HttpContext.SignOutAsync("oidc"); }
private async Task RevokeAccessToken(TokenRevocationClient revocationClient) { var accessToken = await HttpContext.GetTokenAsync(OpenIdConnectParameterNames.AccessToken); if (!string.IsNullOrWhiteSpace(accessToken)) { var revokeAccessTokenResponse = await revocationClient.RevokeAccessTokenAsync(accessToken); if (revokeAccessTokenResponse.IsError) { throw new Exception("Problem encountered while revoking the access token.", revokeAccessTokenResponse.Exception); } } }
public async Task Logout() { var discoveryClient = new DiscoveryClient("https://localhost:5003/"); var metaDataResponse = await discoveryClient.GetAsync(); var revocationClient = new TokenRevocationClient(metaDataResponse.RevocationEndpoint, "imagegalleryclient", "secret"); await RevokeAccessToken(revocationClient); await RevokeRefreshToken(revocationClient); await HttpContext.SignOutAsync("Cookies"); await HttpContext.SignOutAsync("oidc"); }
public async Task Valid_protocol_response_should_be_handled_correctly() { var handler = new NetworkHandler(HttpStatusCode.OK, "ok"); var client = new TokenRevocationClient( Endpoint, "client", innerHttpMessageHandler: handler); var response = await client.RevokeAccessTokenAsync("token"); response.IsError.Should().BeFalse(); response.ErrorType.Should().Be(ResponseErrorType.None); response.HttpStatusCode.Should().Be(HttpStatusCode.OK); }
private async Task RevokeAccessToken(TokenRevocationClient revocationClient) { // Get the access token var accessToken = await HttpContext.GetTokenAsync(OpenIdConnectParameterNames.AccessToken); if (!string.IsNullOrWhiteSpace(accessToken)) { // Revoke the access token var revokeAccessTokenResponse = await revocationClient.RevokeAccessTokenAsync(accessToken); if (revokeAccessTokenResponse.IsError) { throw new Exception("Error occurred during revocation of the access token", revokeAccessTokenResponse.Exception); } } }
public async Task Exception_should_be_handled_correctly() { var handler = new NetworkHandler(new Exception("exception")); var client = new TokenRevocationClient( Endpoint, "client", innerHttpMessageHandler: handler); var response = await client.RevokeAccessTokenAsync("token"); response.IsError.Should().BeTrue(); response.ErrorType.Should().Be(ResponseErrorType.Exception); response.Error.Should().Be("exception"); response.Exception.Should().NotBeNull(); }
public async Task Valid_protocol_response_should_be_handled_correctly() { var handler = new NetworkHandler(HttpStatusCode.OK, "ok"); var client = new TokenRevocationClient( Endpoint, "client", "clientsecret", innerHttpMessageHandler: handler); var response = await client.RevokeAccessTokenAsync("token"); Assert.AreEqual(false, response.IsError); Assert.AreEqual(ResponseErrorType.None, response.ErrorType); Assert.AreEqual(HttpStatusCode.OK, response.HttpStatusCode); }
public static async Task RevokeAccessTokenAsync(this TokenRevocationClient revocationClient, HttpContext httpContext) { // get access token var accessToken = await httpContext.GetTokenAsync(OpenIdConnectParameterNames.AccessToken); if (!string.IsNullOrWhiteSpace(accessToken)) { // revoke access token var revokeAccessTokenResponse = await revocationClient.RevokeAccessTokenAsync(accessToken); if (revokeAccessTokenResponse.IsError) { throw new Exception("Error occurred during revocation of access token", revokeAccessTokenResponse.Exception); } } }
public async Task Exception_should_be_handled_correctly() { var handler = new NetworkHandler(HttpStatusCode.InternalServerError, "exception"); var client = new TokenRevocationClient( Endpoint, "client", "clientsecret", innerHttpMessageHandler: handler); var response = await client.RevokeAccessTokenAsync("token"); Assert.AreEqual(true, response.IsError); Assert.AreEqual(ResponseErrorType.Http, response.ErrorType); Assert.IsNotNull(response.Error); Assert.AreEqual("exception", response.Error); }
private async Task RevokeRefreshToken(TokenRevocationClient revocationClient) { // get refresh token var refreshToken = await HttpContext.GetTokenAsync(OpenIdConnectParameterNames.RefreshToken); if (!string.IsNullOrWhiteSpace(refreshToken)) { // revoke refresh token var revokeRefreshTokenResponse = await revocationClient.RevokeRefreshTokenAsync(refreshToken); if (revokeRefreshTokenResponse.IsError) { throw new Exception("Error occurred during revocation of refresh token", revokeRefreshTokenResponse.Exception); } } }
public async Task Http_error_should_be_handled_correctly() { var handler = new NetworkHandler(HttpStatusCode.NotFound, "not found"); var client = new TokenRevocationClient( Endpoint, "client", innerHttpMessageHandler: handler); var response = await client.RevokeAccessTokenAsync("token"); response.IsError.Should().BeTrue(); response.ErrorType.Should().Be(ResponseErrorType.Http); response.HttpStatusCode.Should().Be(HttpStatusCode.NotFound); response.Error.Should().Be("not found"); }
public async Task Malformed_response_document_should_be_handled_correctly() { var document = "invalid"; var handler = new NetworkHandler(document, HttpStatusCode.BadRequest); var client = new TokenRevocationClient( Endpoint, "client", innerHttpMessageHandler: handler); var response = await client.RevokeAccessTokenAsync("token"); response.IsError.Should().BeTrue(); response.ErrorType.Should().Be(ResponseErrorType.Exception); response.Raw.Should().Be("invalid"); response.Exception.Should().NotBeNull(); }
public async Task Valid_protocol_error_should_be_handled_correctly() { var document = File.ReadAllText(FileName.Create("failure_token_revocation_response.json")); var handler = new NetworkHandler(document, HttpStatusCode.BadRequest); var client = new TokenRevocationClient( Endpoint, "client", innerHttpMessageHandler: handler); var response = await client.RevokeAccessTokenAsync("token"); response.IsError.Should().BeTrue(); response.ErrorType.Should().Be(ResponseErrorType.Protocol); response.HttpStatusCode.Should().Be(HttpStatusCode.BadRequest); response.Error.Should().Be("error"); }
public async Task Logout() { // get IDP metadata var discoveryClient = new DiscoveryClient("https://localhost:44332/"); var metaData = await discoveryClient.GetAsync(); // create token revocation client var revocationClient = new TokenRevocationClient(metaData.RevocationEndpoint, "imagegalleryclient", "secret"); // get access token to revoke var accessToken = await HttpContext .GetTokenAsync(OpenIdConnectParameterNames.AccessToken); if (!string.IsNullOrWhiteSpace(accessToken)) { var revokeAccessTokenResponse = await revocationClient .RevokeAccessTokenAsync(accessToken); if (revokeAccessTokenResponse.IsError) { throw new Exception("Problem occured while revoking access token.", revokeAccessTokenResponse.Exception); } } // revoke refresh token var refreshToken = await HttpContext .GetTokenAsync(OpenIdConnectParameterNames.RefreshToken); if (!string.IsNullOrWhiteSpace(refreshToken)) { var revokeRefreshTokenResponse = await revocationClient .RevokeRefreshTokenAsync(refreshToken); if (revokeRefreshTokenResponse.IsError) { throw new Exception("Problem occured while revoking refresh token.", revokeRefreshTokenResponse.Exception); } } await HttpContext.SignOutAsync("Cookie"); // logout at client app level await HttpContext.SignOutAsync("oidc"); // logout at IDP level }
//[HttpGet(nameof(Logout))] public async Task Logout() { // get the metadata var discoveryClient = new DiscoveryClient(_configuration.GetSection("Applications")["IDP"]); var metaDataResponse = await discoveryClient.GetAsync(); // get revocation client var revocationClient = new TokenRevocationClient(metaDataResponse.RevocationEndpoint, "qsolverapi", "qsolverapisecret"); await RevokeAccessToken(revocationClient); await RevokeRefreshToken(revocationClient); // sign-out of authentication schemes await HttpContext.SignOutAsync("Cookies"); await HttpContext.SignOutAsync("oidc"); }
public async Task Http_error_should_be_handled_correctly() { var handler = new NetworkHandler(HttpStatusCode.NotFound, "not found"); var client = new TokenRevocationClient( Endpoint, "client", "clientsecret", innerHttpMessageHandler: handler); var response = await client.RevokeAccessTokenAsync("token"); Assert.AreEqual(true, response.IsError); Assert.AreEqual(ResponseErrorType.Http, response.ErrorType); Assert.AreEqual(HttpStatusCode.NotFound, response.HttpStatusCode); Assert.AreEqual("not found", response.Error); }
public async Task Logout() { // get the metadata var discoveryClient = new DiscoveryClient("https://localhost:44373/"); var metaDataResponse = await discoveryClient.GetAsync(); // get revocation client var revocationClient = new TokenRevocationClient(metaDataResponse.RevocationEndpoint, "imagegalleryclient", "ItsMySecret"); await RevokeAccessToken(revocationClient); await RevokeRefreshToken(revocationClient); // sign-out of authentication schemes await HttpContext.SignOutAsync("Cookies"); await HttpContext.SignOutAsync("oidc"); }
public async Task Malformed_response_document_should_be_handled_correctly() { var document = "invalid"; var handler = new NetworkHandler(document, HttpStatusCode.BadRequest); var client = new TokenRevocationClient( Endpoint, "client", "clientsecret", innerHttpMessageHandler: handler); var response = await client.RevokeAccessTokenAsync("token"); Assert.AreEqual(true, response.IsError); Assert.AreEqual(ResponseErrorType.Exception, response.ErrorType); Assert.AreEqual("invalid", response.Raw); Assert.IsNotNull(response.Exception); }
public async Task Valid_protocol_error_should_be_handled_correctly() { var document = File.ReadAllText(Path.Combine(Directory.GetCurrentDirectory(), "Documents", "failure_token_revocation_response.json")); var handler = new NetworkHandler(document, HttpStatusCode.BadRequest); var client = new TokenRevocationClient( Endpoint, "client", "clientsecret", innerHttpMessageHandler: handler); var response = await client.RevokeAccessTokenAsync("token"); Assert.AreEqual(true, response.IsError); Assert.AreEqual(ResponseErrorType.Protocol, response.ErrorType); Assert.AreEqual(HttpStatusCode.BadRequest, response.HttpStatusCode); Assert.AreEqual("error", response.Error); }
public async Task <ActionResult> RevokeRefreshToken() { var refreshToken = (User as ClaimsPrincipal).FindFirst("refresh_token").Value; //Revoke Refresh token call var revokeClient = new TokenRevocationClient(AppController.revocationEndpoint, clientid, clientsecret); //Revoke refresh token TokenRevocationResponse revokeAccessTokenResponse = await revokeClient.RevokeAccessTokenAsync(refreshToken); if (revokeAccessTokenResponse.HttpStatusCode == HttpStatusCode.OK) { Session.Abandon(); Request.GetOwinContext().Authentication.SignOut(); } //return RedirectToAction("Index"); return(RedirectToAction("Index")); }
public async Task RevokeTokens() { // get the metadata var discoveryClient = new DiscoveryClient("https://localhost:44379/"); var metaDataResponse = await discoveryClient.GetAsync(); // create a TokenRevocationClient var revocationClient = new TokenRevocationClient( metaDataResponse.RevocationEndpoint, "samplewebclient", "secret"); // get the access token to revoke var accessToken = await HttpContext .GetTokenAsync(OpenIdConnectParameterNames.AccessToken); if (!string.IsNullOrWhiteSpace(accessToken)) { var revokeAccessTokenResponse = await revocationClient.RevokeAccessTokenAsync(accessToken); if (revokeAccessTokenResponse.IsError) { throw new Exception("Problem encountered while revoking the access token." , revokeAccessTokenResponse.Exception); } } // revoke the refresh token as well var refreshToken = await HttpContext .GetTokenAsync(OpenIdConnectParameterNames.RefreshToken); if (!string.IsNullOrWhiteSpace(refreshToken)) { var revokeRefreshTokenResponse = await revocationClient.RevokeRefreshTokenAsync(refreshToken); if (revokeRefreshTokenResponse.IsError) { throw new Exception("Problem encountered while revoking the refresh token." , revokeRefreshTokenResponse.Exception); } } }
public async Task Logout() { //get the metadata var discoveryClient = new DiscoveryClient("https://localhost:44364/"); var metaDataResponse = await discoveryClient.GetAsync(); //create a TokenRevocationClient var revocationClient = new TokenRevocationClient( metaDataResponse.RevocationEndpoint, "imagegalleryclient", "secret" ); //get the ACCESS token to revoke var accessToken = await HttpContext.GetTokenAsync(OpenIdConnectParameterNames.AccessToken); if (!string.IsNullOrWhiteSpace(accessToken)) { var revokeAccessTokenResponse = await revocationClient.RevokeAccessTokenAsync(accessToken); if (revokeAccessTokenResponse.IsError) { throw new Exception("Problem encountered while revoking the access token.", revokeAccessTokenResponse.Exception); } } //get the REFRESH token to revoke var refreshToken = await HttpContext.GetTokenAsync(OpenIdConnectParameterNames.RefreshToken); if (!string.IsNullOrWhiteSpace(refreshToken)) { var revokeRefreshTokenResponse = await revocationClient.RevokeAccessTokenAsync(refreshToken); if (revokeRefreshTokenResponse.IsError) { throw new Exception("Problem encountered while revoking the refresh token.", revokeRefreshTokenResponse.Exception); } } //clear cookie - name must match //this is loggin out of the client app but not from ths IDP await HttpContext.SignOutAsync("Cookies"); //loogin out of IDP await HttpContext.SignOutAsync("oidc"); }
public async Task Logout() { var discoveryClient = new DiscoveryClient(ImageGallery.Client.Consts.IdentityPointUri); var discoveryDocument = await discoveryClient.GetAsync(); var revocationClient = new TokenRevocationClient( discoveryDocument.RevocationEndpoint, "imagegalleryclient", "secret"); var accessToken = await HttpContext.Authentication.GetTokenAsync(OpenIdConnectParameterNames.AccessToken); if (!string.IsNullOrWhiteSpace(accessToken)) { var response = await revocationClient.RevokeAccessTokenAsync(accessToken); if (response.IsError) { throw new Exception("Problem encountered while revoking the access token", response.Exception); } } var refreshToken = await HttpContext.Authentication.GetTokenAsync( OpenIdConnectParameterNames.RefreshToken); if (!string.IsNullOrWhiteSpace(refreshToken)) { var response = await revocationClient.RevokeRefreshTokenAsync(refreshToken); if (response.IsError) { throw new Exception("Problem encountered while revoking the refresh token", response.Exception); } } await HttpContext.Authentication.SignOutAsync("oidc"); await HttpContext.Authentication.SignOutAsync("Cookies"); }
public async Task Valid_protocol_error_should_be_handled_correctly() { var document = File.ReadAllText(Path.Combine(PlatformServices.Default.Application.ApplicationBasePath, "documents", "failure_token_revocation_response.json")); var handler = new NetworkHandler(document, HttpStatusCode.BadRequest); var client = new TokenRevocationClient( Endpoint, "client", innerHttpMessageHandler: handler); var response = await client.RevokeAccessTokenAsync("token"); response.IsError.Should().BeTrue(); response.ErrorType.Should().Be(ResponseErrorType.Protocol); response.HttpStatusCode.Should().Be(HttpStatusCode.BadRequest); response.Error.Should().Be("error"); //response.ErrorDescription.Should().Be("error_description"); //response.TryGet("custom").Should().Be("custom"); }