Merge pull request #126 from jinaga/revoke-token

Revoke the token on logout
jinaga · Jul 14, 2024 · a8ed53e · a8ed53e
2 parents b8fd0b5 + 086ca38
commit a8ed53e
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 5 deletions.
diff --git a/Jinaga.Maui/Authentication/AuthenticationService.cs b/Jinaga.Maui/Authentication/AuthenticationService.cs
@@ -155,7 +155,7 @@ public async Task LogOut()
             return;
         }
 
-        await InvalidateToken(cachedAuthenticationToken).ConfigureAwait(false);
+        await RevokeToken(cachedAuthenticationToken).ConfigureAwait(false);
         lock (stateLock)
         {
             authenticationState = AuthenticationResult.Empty;
@@ -270,10 +270,17 @@ private async Task<AuthenticationResult> Authenticate(string provider)
         return token;
     }
 
-    private Task InvalidateToken(AuthenticationToken cachedAuthenticationToken)
+    private async Task RevokeToken(AuthenticationToken cachedAuthenticationToken)
     {
-        // TODO: Implement token invalidation.
-        return Task.CompletedTask;
+        try
+        {
+            await oauthClient.RevokeToken(cachedAuthenticationToken.AccessToken, cachedAuthenticationToken.RefreshToken).ConfigureAwait(false);
+            logger.LogInformation("Revoked token");
+        }
+        catch (Exception ex)
+        {
+            logger.LogError(ex, "Failed to revoke token");
+        }
     }
 
     private static bool IsExpired(AuthenticationToken token)

diff --git a/Jinaga.Maui/Authentication/AuthenticationSettings.cs b/Jinaga.Maui/Authentication/AuthenticationSettings.cs
@@ -3,10 +3,11 @@
 namespace Jinaga.Maui.Authentication;
 public class AuthenticationSettings
 {
-    public AuthenticationSettings(ImmutableDictionary<string, string> authUrlByProvider, string accessTokenUrl, string callbackUrl, string clientId, string scope, Func<JinagaClient, User, UserProfile, Task> updateUserName)
+    public AuthenticationSettings(ImmutableDictionary<string, string> authUrlByProvider, string accessTokenUrl, string revokeUrl, string callbackUrl, string clientId, string scope, Func<JinagaClient, User, UserProfile, Task> updateUserName)
     {
         AuthUrlByProvider = authUrlByProvider;
         AccessTokenUrl = accessTokenUrl;
+        RevokeUrl = revokeUrl;
         CallbackUrl = callbackUrl;
         ClientId = clientId;
         Scope = scope;
@@ -15,6 +16,7 @@ public AuthenticationSettings(ImmutableDictionary<string, string> authUrlByProvi
 
     public ImmutableDictionary<string, string> AuthUrlByProvider { get; }
     public string AccessTokenUrl { get; }
+    public string RevokeUrl { get; }
     public string CallbackUrl { get; }
     public string ClientId { get; }
     public string Scope { get; }

diff --git a/Jinaga.Maui/Authentication/OAuthClient.cs b/Jinaga.Maui/Authentication/OAuthClient.cs
@@ -1,5 +1,6 @@
 using System.Collections.Immutable;
 using System.Net;
+using System.Net.Http.Headers;
 using System.Security.Cryptography;
 using System.Text;
 using System.Text.Json;
@@ -10,6 +11,7 @@ public class OAuthClient
 {
     private readonly ImmutableDictionary<string, string> authUrlByProvider;
     private readonly string accessTokenUrl;
+    private readonly string revokeUrl;
     private readonly string callbackUrl;
     private readonly string clientId;
     private readonly string scope;
@@ -25,6 +27,7 @@ public OAuthClient(AuthenticationSettings authenticationSettings, IHttpClientFac
     {
         authUrlByProvider = authenticationSettings.AuthUrlByProvider;
         accessTokenUrl = authenticationSettings.AccessTokenUrl;
+        revokeUrl = authenticationSettings.RevokeUrl;
         callbackUrl = authenticationSettings.CallbackUrl;
         clientId = authenticationSettings.ClientId;
         scope = authenticationSettings.Scope;
@@ -144,6 +147,36 @@ public async Task<TokenResponse> GetTokenResponse(string code)
         return token;
     }
 
+    public async Task RevokeToken(string accessToken, string refreshToken)
+    {
+        var requestBody = new FormUrlEncodedContent(
+        [
+            new KeyValuePair<string, string>("token", refreshToken),
+            new KeyValuePair<string, string>("token_type_hint", "refresh_token")
+        ]);
+
+        var request = new HttpRequestMessage(HttpMethod.Post, revokeUrl);
+        request.Content = requestBody;
+        request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
+
+        var client = httpClientFactory.CreateClient();
+        client.Timeout = TimeSpan.FromSeconds(30);
+        var response = await client.SendAsync(request);
+        if (!response.IsSuccessStatusCode)
+        {
+            string errorContent;
+            try
+            {
+                errorContent = await response.Content.ReadAsStringAsync();
+                throw new Exception($"Failed to revoke the token: {(int)response.StatusCode} {response.ReasonPhrase}: {errorContent}");
+            }
+            catch (Exception)
+            {
+                throw new Exception($"Failed to revoke the token: {(int)response.StatusCode} {response.ReasonPhrase}");
+            }
+        }
+    }
+
     private static string GenerateRandomString()
     {
         var randomBytes = RandomNumberGenerator.GetBytes(32);