public override async Task HandleRevocationRequest(HandleRevocationRequestContext context)
        {
            // If the received token is not a refresh token,
            // return an error to indicate that the token cannot be revoked.
            if (!context.Ticket.IsRefreshToken())
            {
                context.Reject(
                    error: OpenIdConnectConstants.Errors.UnsupportedTokenType,
                    description: "Only refresh tokens can be revoked.");

                return;
            }
            // Extract the token identifier from the authentication ticket.
            var identifier = context.Ticket.GetTicketId();

            var cmd    = new DeleteRefreshTokenByTokenCommand(identifier);
            var result = await ExecuteCommand <DeleteRefreshTokenByTokenCommand, Core.Result>(context, cmd);

            if (result.Succeeded)
            {
                context.Revoked = true;
                SetCorsHeader(context);
            }
            else
            {
                context.Reject(OpenIdConnectConstants.Errors.InvalidRequest, "Could not revoke refresh_token.");
                return;
            }
        }
        /// <summary>
        /// Set cross-origin HTTP request (Cors) header to allow requests from a different domains.
        /// This Cors value is specific to an Application and set by when validating the client application (ValidateClientAuthenticationp).
        /// </summary>
        private static void SetCorsHeader(HandleRevocationRequestContext context)
        {
            var allowedOrigin = context.HttpContext.Items["as:clientAllowedOrigin"] as string;

            if (allowedOrigin != null)
            {
                context.HttpContext.Response.Headers.Add("Access-Control-Allow-Origin", new StringValues(allowedOrigin));
            }
        }
        public override async Task HandleRevocationRequest([NotNull] HandleRevocationRequestContext context)
        {
            var logger = context.HttpContext.RequestServices.GetRequiredService <ILogger <OpenIddictProvider <TApplication, TAuthorization, TScope, TToken> > >();
            var tokens = context.HttpContext.RequestServices.GetRequiredService <OpenIddictTokenManager <TToken> >();

            Debug.Assert(context.Ticket != null, "The authentication ticket shouldn't be null.");

            // If the received token is not an authorization code or a refresh token,
            // return an error to indicate that the token cannot be revoked.
            if (!context.Ticket.IsAuthorizationCode() && !context.Ticket.IsRefreshToken())
            {
                logger.LogError("The revocation request was rejected because the token was not revocable.");

                context.Reject(
                    error: OpenIdConnectConstants.Errors.UnsupportedTokenType,
                    description: "Only authorization codes and refresh tokens can be revoked.");

                return;
            }

            // Extract the token identifier from the authentication ticket.
            var identifier = context.Ticket.GetTicketId();

            Debug.Assert(!string.IsNullOrEmpty(identifier), "The token should contain a ticket identifier.");

            // Retrieve the token from the database. If the token cannot be found,
            // assume it is invalid and consider the revocation as successful.
            var token = await tokens.FindByIdAsync(identifier, context.HttpContext.RequestAborted);

            if (token == null)
            {
                logger.LogInformation("The token '{Identifier}' was already revoked.", identifier);

                context.Revoked = true;

                return;
            }

            // Revoke the token.
            await tokens.RevokeAsync(token, context.HttpContext.RequestAborted);

            logger.LogInformation("The token '{Identifier}' was successfully revoked.", identifier);

            context.Revoked = true;
        }
示例#4
0
        public override async Task HandleRevocationRequest([NotNull] HandleRevocationRequestContext context)
        {
            var options = (OpenIddictOptions)context.Options;

            Debug.Assert(context.Ticket != null, "The authentication ticket shouldn't be null.");

            // If the received token is not an authorization code or a refresh token,
            // return an error to indicate that the token cannot be revoked.
            if (context.Ticket.IsIdentityToken())
            {
                Logger.LogError("The revocation request was rejected because identity tokens are not revocable.");

                context.Reject(
                    error: OpenIdConnectConstants.Errors.UnsupportedTokenType,
                    description: "The specified token cannot be revoked.");

                return;
            }

            // If the received token is an access token, return an error if reference tokens are not enabled.
            if (!options.UseReferenceTokens && context.Ticket.IsAccessToken())
            {
                Logger.LogError("The revocation request was rejected because the access token was not revocable.");

                context.Reject(
                    error: OpenIdConnectConstants.Errors.UnsupportedTokenType,
                    description: "The specified token cannot be revoked.");

                return;
            }

            // Extract the token identifier from the authentication ticket.
            var identifier = context.Ticket.GetTokenId();

            Debug.Assert(!string.IsNullOrEmpty(identifier), "The authentication ticket should contain a token identifier.");

            // Retrieve the token from the request properties. If it's already marked as revoked, directly return a 200 response.
            var token = context.Request.GetProperty <TToken>($"{OpenIddictConstants.Properties.Token}:{identifier}");

            Debug.Assert(token != null, "The token shouldn't be null.");

            if (await Tokens.IsRevokedAsync(token))
            {
                Logger.LogInformation("The token '{Identifier}' was not revoked because " +
                                      "it was already marked as invalid.", identifier);

                context.Revoked = true;

                return;
            }

            // Try to revoke the token. If an exception is thrown,
            // log and swallow it to ensure that a valid response
            // will be returned to the client application.
            try
            {
                await Tokens.RevokeAsync(token);
            }

            catch (Exception exception)
            {
                Logger.LogWarning(exception, "An exception occurred while trying to revoke the authorization " +
                                  "associated with the token '{Identifier}'.", identifier);

                return;
            }

            Logger.LogInformation("The token '{Identifier}' was successfully revoked.", identifier);

            context.Revoked = true;
        }
示例#5
0
 public override async Task HandleRevocationRequest(HandleRevocationRequestContext context)
 {
     _tokenRepository.RevokeToken(context.Request.Token);
     context.Revoked = true;
 }
 public Task HandleRevocationRequest(HandleRevocationRequestContext context)
 {
     throw new NotImplementedException();
 }