Skip to content

Commit

Permalink
add virtual Token Invalidation method
Browse files Browse the repository at this point in the history
  • Loading branch information
dansiegel committed Jun 13, 2022
1 parent 1052f40 commit 72ba472
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 4 deletions.
1 change: 1 addition & 0 deletions src/AvantiPoint.MobileAuth/Authentication/ITokenService.cs
Original file line number Diff line number Diff line change
Expand Up @@ -6,5 +6,6 @@ public interface ITokenService
{
ValueTask<string> BuildToken(IDictionary<string, string> claims);
ValueTask<bool> IsTokenValid(string token);
ValueTask InvalidateToken(string token);
SymmetricSecurityKey GetKey();
}
2 changes: 2 additions & 0 deletions src/AvantiPoint.MobileAuth/Authentication/TokenService.cs
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,8 @@ public virtual ValueTask<bool> IsTokenValid(string token)
}
}

public virtual ValueTask InvalidateToken(string token) => ValueTask.CompletedTask;

public SymmetricSecurityKey GetKey()
{
var key = _options.JwtKey;
Expand Down
18 changes: 14 additions & 4 deletions src/AvantiPoint.MobileAuth/MobileAuth.cs
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
using System.Net;
using System.Security.Claims;
using System.Text.RegularExpressions;
using AvantiPoint.MobileAuth.Authentication;
using AvantiPoint.MobileAuth.Configuration;
using Microsoft.AspNetCore.Authentication;
Expand Down Expand Up @@ -125,13 +126,22 @@ private static Task GetProfile(HttpContext context, CancellationToken cancellati
private static string GetKey(Claim claim) =>
claim.Properties.Any() ? claim.Properties.First().Value : claim.Type;

private static Task Signout(HttpContext context, CancellationToken cancellationToken)
private static async Task Signout(HttpContext context, CancellationToken cancellationToken)
{
var provider = context.User.FindFirstValue("provider");
if (string.IsNullOrEmpty(provider))
return context.SignOutAsync();
var tokenService = context.RequestServices.GetRequiredService<ITokenService>();
string authHeader = context.Request.Headers.Authorization;
if(!string.IsNullOrEmpty(authHeader))
{
var token = Regex.Replace(authHeader, "Bearer", string.Empty).Trim();
if (!string.IsNullOrEmpty(token))
await tokenService.InvalidateToken(token);
}

return context.SignOutAsync(provider);
if (string.IsNullOrEmpty(provider))
await context.SignOutAsync();
else
await context.SignOutAsync(provider);
}

private static async Task Signin(string scheme, HttpContext context)
Expand Down

0 comments on commit 72ba472

Please sign in to comment.