How to invalidate bearer token at server
Question
I save all of the generated bearer tokens into a database at sign-in time. Now I want to check if the request bearer does not exists in database, reject it. Where should I put it?
Note that I want this to happen in the Owin pipeline. ( Not in the webapi pipeline. For example inside the [Authorize] attribute)
1 answers
solution1
2 ACCPTED 2016-02-09 16:03:43
Inherit from OAuthBearerAuthenticationProvider like this :
public class ApplicationOAuthBearerAuthenticationProvider : OAuthBearerAuthenticationProvider
{
public override Task ValidateIdentity(OAuthValidateIdentityContext context)
{
var result= base.ValidateIdentity(context);
if (context.IsValidated )
{
var ticket = context.Ticket;
if (ticket != null && ticket.Identity.IsAuthenticated && ticket.Properties.ExpiresUtc > DateTime.UtcNow)
{
if (1==2)//TODO: put your server side condition here
{
context.SetError("HaHa!");
}
}
}
return result;
}
}
and use it in your startup.cs class like this :
public partial class Startup
{
public void Configuration(IAppBuilder app)
{
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions
{
Provider = new ApplicationOAuthBearerAuthenticationProvider(),
});
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
How to revoke or invalidate token using Identity Server 4?
SignalR get bearer token on Server
How to POST JSon with a Bearer Token
How to make Bearer token invalid
validate Oauth Bearer Token in Resource Server
OWIN - How to validate bearer token for roles after its returned by Auth Server?
How do you make a Get request to api with Bearer token and use the response data with C# (Windows Server)?
How to force Invalid Bearer token in web api?
How to use RestClient to get bearer token generation?
How to get the Bearer Token in my REST controller
Related Tags