Add a revoke token sample
mseada94 opened this issue · comments
Revoke token endpoint implementation.
This sample should have local and external resources to illustrate how to validate the revoked tokens using local validation and introspection for external validation
Related Docs
https://documentation.openiddict.com/configuration/token-storage.html
https://documentation.openiddict.com/configuration/authorization-storage.html
This is a suggested sample, I could not work on it for now.
I didn't understand some details for how to implement this sample.
If anyone wants to work on this sample, this will be great.
You must add an endpoint "/connect/revoke"
.AddServer(options =>
{
// Enable the token endpoints.
options.SetAuthorizationEndpointUris("/connect/authorize")
.SetLogoutEndpointUris("/connect/logout")
.SetTokenEndpointUris("/connect/token")
.SetRevocationEndpointUris("/connect/revoke")
.SetUserinfoEndpointUris("/connect/userinfo");
}
When you add a client
Permissions.GrantTypes.Revocation
Revoking a refresh token from the client
var token = await HttpContext.GetTokenAsync(CookieAuthenticationDefaults.AuthenticationScheme, OpenIdConnectParameterNames.RefreshToken);
var client = new HttpClient();
var configuration = await client.GetDiscoveryDocumentAsync(host);
if (configuration.IsError)
{
throw new Exception($"An error occurred while retrieving the configuration document: {configuration.Error}");
}
var response = await client.RevokeTokenAsync(new TokenRevocationRequest
{
ClientId = "mvc",
ClientSecret = "901564A5-E8FE-42CB-B10D-61EF6A8F3654",
Address = configuration.RevocationEndpoint,
TokenTypeHint = OpenIdConnectParameterNames.RefreshToken,
Token = token
});