Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Validate reference token on resource server and delete reference token with IdentityServer4 user logout #313

Closed
damienbod opened this issue Sep 16, 2016 · 10 comments
Labels

Comments

@damienbod
Copy link
Contributor

@damienbod damienbod commented Sep 16, 2016

I'm using a reference token for the access token in an OpenID Connect Implicit Flow.

  1. How do I invalidate the reference token when logging out on IdentityServer4?

  2. How should the resource server validate this reference token? (Using IdentityServer4.AccessTokenValidation or any other way) Can't get the Introspection options to work.

Greetings Damien

@leastprivilege

This comment has been minimized.

Copy link
Member

@leastprivilege leastprivilege commented Sep 16, 2016

You can use the persisted grant store to delete tokens at the logout endpoint.

Reference tokens are validated using the introspection middleware (or the is4.accesstokenvalidation)

@brockallen

This comment has been minimized.

Copy link
Member

@brockallen brockallen commented Sep 16, 2016

Even better -- the IPersistedGrantService. It has higher level API specific to reference tokens, refresh tokens, etc.

@damienbod

This comment has been minimized.

Copy link
Contributor Author

@damienbod damienbod commented Sep 16, 2016

@brockallen @leastprivilege, the IPersistedGrantService works perfect!
IdentityServer4 is pretty awesome, very flexible.

thanks

@damienbod damienbod closed this Sep 16, 2016
@Jonatthu

This comment has been minimized.

Copy link

@Jonatthu Jonatthu commented Sep 20, 2016

Where is the documentation of this?
Can I use this without asp.net core Identity 3?

@brockallen

This comment has been minimized.

Copy link
Member

@brockallen brockallen commented Sep 20, 2016

No docs yet for this. It's a work in progress. And no, you don't have to use AspId3.

@Jonatthu

This comment has been minimized.

Copy link

@Jonatthu Jonatthu commented Sep 20, 2016

So for do a Reference Token and for an emergency revoke a token, Is it not include right now, right?
Just to be sure

@brockallen

This comment has been minimized.

Copy link
Member

@brockallen brockallen commented Sep 20, 2016

reference tokens are implemented, yes

@Jonatthu

This comment has been minimized.

Copy link

@Jonatthu Jonatthu commented Sep 20, 2016

Is there any documentation?
If not maybe I would like to help with the docs if there's something that I can do.

@damienbod

This comment has been minimized.

Copy link
Contributor Author

@damienbod damienbod commented Sep 20, 2016

@Jonatthu

This comment has been minimized.

Copy link

@Jonatthu Jonatthu commented Sep 20, 2016

@damienbod thanks I will try it without identity and from scratch, and publish my results following your tutorial, any advice?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.