openiddict-samples icon indicating copy to clipboard operation
openiddict-samples copied to clipboard

Published 20 hours ago verified publisher icon openiddict

Add a revoke token sample

Open mseada94 opened this issue 3 years ago • 1 comments

Revoke token endpoint implementation. This sample should have local and external resources to illustrate how to validate the revoked tokens using local validation and introspection for external validation

Related Docs https://documentation.openiddict.com/configuration/token-storage.html https://documentation.openiddict.com/configuration/authorization-storage.html

This is a suggested sample, I could not work on it for now. I didn't understand some details for how to implement this sample. If anyone wants to work on this sample, this will be great.

mseada94 avatar Jul 25 '21 19:07 mseada94

You must add an endpoint "/connect/revoke"

.AddServer(options =>
{
      // Enable the token endpoints. 
      options.SetAuthorizationEndpointUris("/connect/authorize")
                                 .SetLogoutEndpointUris("/connect/logout")
                                 .SetTokenEndpointUris("/connect/token")
                                 .SetRevocationEndpointUris("/connect/revoke")
                                 .SetUserinfoEndpointUris("/connect/userinfo");
}

When you add a client

  Permissions.GrantTypes.Revocation

Revoking a refresh token from the client

var token = await HttpContext.GetTokenAsync(CookieAuthenticationDefaults.AuthenticationScheme, OpenIdConnectParameterNames.RefreshToken);

var client = new HttpClient();

var configuration = await client.GetDiscoveryDocumentAsync(host);
if (configuration.IsError)
{
    throw new Exception($"An error occurred while retrieving the configuration document: {configuration.Error}");
}

var response = await client.RevokeTokenAsync(new TokenRevocationRequest
{
    ClientId = "mvc",
    ClientSecret = "901564A5-E8FE-42CB-B10D-61EF6A8F3654",
    Address = configuration.RevocationEndpoint,
    TokenTypeHint = OpenIdConnectParameterNames.RefreshToken,
    Token = token
});

namespacedevbox avatar Feb 03 '22 07:02 namespacedevbox

OpenIddict 5.3 will get native support for introspection and revocation thanks to 2 new high-level APIs in OpenIddictClientService:

var result = await _service.IntrospectTokenAsync(new()
{
    CancellationToken = stoppingToken,
    ProviderName = provider,
    Token = response.AccessToken,
    TokenTypeHint = TokenTypeHints.AccessToken
});

var result = await _service.RevokeTokenAsync(new()
{
    CancellationToken = stoppingToken,
    ProviderName = provider,
    Token = response.AccessToken,
    TokenTypeHint = TokenTypeHints.AccessToken
});

You can see it in action by running the console sandbox: https://github.com/openiddict/openiddict-core/blob/dev/sandbox/OpenIddict.Sandbox.Console.Client/InteractiveService.cs

kevinchalet avatar Feb 19 '24 15:02 kevinchalet