KK.AspNetCore.EasyAuthAuthentication icon indicating copy to clipboard operation
KK.AspNetCore.EasyAuthAuthentication copied to clipboard
verified publisher icon kirkone

Make a configuration option to test the tokens again

Open paule96 opened this issue 5 years ago • 1 comments

There are some edge cases that you can access an protected endpoint with an invalid token. The signature must be valid, but for example sometimes the token can be revoked from the IDP. Currently we don't test this.

This issue should fix this. But not for all users. The reason is that this can be too slow for high Performance users, because the auth workflow goes on every request to the IDP to test the token.

The auth workflow is described here.

cc @ThomasWendrock

paule96 avatar Jun 28 '20 00:06 paule96

The following code shows the workflow in JS:

let response = await fetch('https://sampleappauth.azurewebsites.net/.auth/me');
let authMeResult = await response.json();
let token = authMeResult[0].access_token;
let providerName = authMeResult[0].provider_name;
let loginResponse = await fetch(`https://sampleappauth.azurewebsites.net/.auth/login/${providerName}`, {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json;charset=utf-8'
  },
  body: `{"access_token": "${token}"}`
});
let authresult = await loginResponse.json();
authresult.authenticationToken;

The token is valid as soon as you get a response form the post call.

paule96 avatar Dec 24 '20 10:12 paule96