令牌注銷只針對引用令牌(reference token),官方翻譯叫令牌撤銷端點。
和自檢端點一樣,下面列出關鍵點:
URL方法:
POST /connect/revocation HTTP/1.1 Host: server.example.com Content-Type: application/x-www-form-urlencoded Authorization: Basic xxxyyy token=<token>& token_type_hint=refresh_token //可選,固定值:access_token或refresh_token
這里的關鍵點: Basic xxxyyy 是怎么來的
與自檢端點有點小區別
Convert.ToBase64String(Encoding.UTF8.GetBytes(string.Format("{0}:{1}", ClientId, ClientSecret)));
Convert.ToBase64String(Encoding.UTF8.GetBytes(string.Format("{0}:{1}", "roclient.reference", "secret"))); 參考自檢端點文章的設置
postman方式:
編程方式:
var disco = await _cache.GetAsync(); if (disco.IsError) throw new Exception(disco.Error); var client = new HttpClient(); var result = await client.RevokeTokenAsync(new TokenRevocationRequest { Address = disco.RevocationEndpoint, ClientId = "roclient.reference", ClientSecret = "secret", Token = accessToken }); if (result.IsError) { Console.WriteLine(result.Error); } else { Console.WriteLine(result.HttpErrorReason); }
注銷端點可以重復發,都會返回200,實際上令牌已經注銷,使用令牌自檢端點可以查看到令牌已經注銷了
參考地址:
https://identityserver4.readthedocs.io/en/latest/endpoints/revocation.html
https://identitymodel.readthedocs.io/en/latest/client/revocation.html