public override async Task HandleRevocationRequest(HandleRevocationRequestContext context) { // If the received token is not a refresh token, // return an error to indicate that the token cannot be revoked. if (!context.Ticket.IsRefreshToken()) { context.Reject( error: OpenIdConnectConstants.Errors.UnsupportedTokenType, description: "Only refresh tokens can be revoked."); return; } // Extract the token identifier from the authentication ticket. var identifier = context.Ticket.GetTicketId(); var cmd = new DeleteRefreshTokenByTokenCommand(identifier); var result = await ExecuteCommand <DeleteRefreshTokenByTokenCommand, Core.Result>(context, cmd); if (result.Succeeded) { context.Revoked = true; SetCorsHeader(context); } else { context.Reject(OpenIdConnectConstants.Errors.InvalidRequest, "Could not revoke refresh_token."); return; } }
/// <summary> /// Set cross-origin HTTP request (Cors) header to allow requests from a different domains. /// This Cors value is specific to an Application and set by when validating the client application (ValidateClientAuthenticationp). /// </summary> private static void SetCorsHeader(HandleRevocationRequestContext context) { var allowedOrigin = context.HttpContext.Items["as:clientAllowedOrigin"] as string; if (allowedOrigin != null) { context.HttpContext.Response.Headers.Add("Access-Control-Allow-Origin", new StringValues(allowedOrigin)); } }
public override async Task HandleRevocationRequest([NotNull] HandleRevocationRequestContext context) { var logger = context.HttpContext.RequestServices.GetRequiredService <ILogger <OpenIddictProvider <TApplication, TAuthorization, TScope, TToken> > >(); var tokens = context.HttpContext.RequestServices.GetRequiredService <OpenIddictTokenManager <TToken> >(); Debug.Assert(context.Ticket != null, "The authentication ticket shouldn't be null."); // If the received token is not an authorization code or a refresh token, // return an error to indicate that the token cannot be revoked. if (!context.Ticket.IsAuthorizationCode() && !context.Ticket.IsRefreshToken()) { logger.LogError("The revocation request was rejected because the token was not revocable."); context.Reject( error: OpenIdConnectConstants.Errors.UnsupportedTokenType, description: "Only authorization codes and refresh tokens can be revoked."); return; } // Extract the token identifier from the authentication ticket. var identifier = context.Ticket.GetTicketId(); Debug.Assert(!string.IsNullOrEmpty(identifier), "The token should contain a ticket identifier."); // Retrieve the token from the database. If the token cannot be found, // assume it is invalid and consider the revocation as successful. var token = await tokens.FindByIdAsync(identifier, context.HttpContext.RequestAborted); if (token == null) { logger.LogInformation("The token '{Identifier}' was already revoked.", identifier); context.Revoked = true; return; } // Revoke the token. await tokens.RevokeAsync(token, context.HttpContext.RequestAborted); logger.LogInformation("The token '{Identifier}' was successfully revoked.", identifier); context.Revoked = true; }
public override async Task HandleRevocationRequest([NotNull] HandleRevocationRequestContext context) { var options = (OpenIddictOptions)context.Options; Debug.Assert(context.Ticket != null, "The authentication ticket shouldn't be null."); // If the received token is not an authorization code or a refresh token, // return an error to indicate that the token cannot be revoked. if (context.Ticket.IsIdentityToken()) { Logger.LogError("The revocation request was rejected because identity tokens are not revocable."); context.Reject( error: OpenIdConnectConstants.Errors.UnsupportedTokenType, description: "The specified token cannot be revoked."); return; } // If the received token is an access token, return an error if reference tokens are not enabled. if (!options.UseReferenceTokens && context.Ticket.IsAccessToken()) { Logger.LogError("The revocation request was rejected because the access token was not revocable."); context.Reject( error: OpenIdConnectConstants.Errors.UnsupportedTokenType, description: "The specified token cannot be revoked."); return; } // Extract the token identifier from the authentication ticket. var identifier = context.Ticket.GetTokenId(); Debug.Assert(!string.IsNullOrEmpty(identifier), "The authentication ticket should contain a token identifier."); // Retrieve the token from the request properties. If it's already marked as revoked, directly return a 200 response. var token = context.Request.GetProperty <TToken>($"{OpenIddictConstants.Properties.Token}:{identifier}"); Debug.Assert(token != null, "The token shouldn't be null."); if (await Tokens.IsRevokedAsync(token)) { Logger.LogInformation("The token '{Identifier}' was not revoked because " + "it was already marked as invalid.", identifier); context.Revoked = true; return; } // Try to revoke the token. If an exception is thrown, // log and swallow it to ensure that a valid response // will be returned to the client application. try { await Tokens.RevokeAsync(token); } catch (Exception exception) { Logger.LogWarning(exception, "An exception occurred while trying to revoke the authorization " + "associated with the token '{Identifier}'.", identifier); return; } Logger.LogInformation("The token '{Identifier}' was successfully revoked.", identifier); context.Revoked = true; }
public override async Task HandleRevocationRequest(HandleRevocationRequestContext context) { _tokenRepository.RevokeToken(context.Request.Token); context.Revoked = true; }
public Task HandleRevocationRequest(HandleRevocationRequestContext context) { throw new NotImplementedException(); }