From d441b04760b13ea09c31d956fbb78c8dac6dfd13 Mon Sep 17 00:00:00 2001 From: Leendert de Borst Date: Sat, 8 Jun 2024 21:26:46 +0200 Subject: [PATCH] Update AuthService.cs --- .../Auth/Services/AuthService.cs | 24 +++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/src/AliasVault.WebApp/Auth/Services/AuthService.cs b/src/AliasVault.WebApp/Auth/Services/AuthService.cs index 2b8c29956..7f248d5e2 100644 --- a/src/AliasVault.WebApp/Auth/Services/AuthService.cs +++ b/src/AliasVault.WebApp/Auth/Services/AuthService.cs @@ -95,7 +95,26 @@ public class AuthService /// public async Task RemoveTokensAsync() { - // TODO: also revoke the refresh token on the server to kill the session. + await _localStorage.RemoveItemAsync(AccessTokenKey); + await _localStorage.RemoveItemAsync(RefreshTokenKey); + + // If the remote call fails we catch the exception and ignore it. + // This is because the user is already logged out and we don't want to trigger another refresh token request. + try + { + await RevokeTokenAsync(); + } + catch (Exception) + { + // Ignore the exception + } + } + + /// + /// Revoke the access and refresh tokens on the server. + /// + private async Task RevokeTokenAsync() + { var tokenInput = new TokenModel { Token = await GetAccessTokenAsync(), RefreshToken = await GetRefreshTokenAsync() }; using var request = new HttpRequestMessage(HttpMethod.Post, "api/Auth/revoke") { @@ -104,8 +123,5 @@ public class AuthService // Add the X-Ignore-Failure header to the request so any failure does not trigger another refresh token request. request.Headers.Add("X-Ignore-Failure", "true"); await _httpClient.SendAsync(request); - - await _localStorage.RemoveItemAsync(AccessTokenKey); - await _localStorage.RemoveItemAsync(RefreshTokenKey); } }