From eb255189799b6015b2c2098f69c6ded3072ea1e3 Mon Sep 17 00:00:00 2001
From: maliming <malimings@gmail.com>
Date: Sat, 4 Mar 2023 20:42:34 +0800
Subject: [PATCH 1/2] Check the token when refreshing the blazor server page.

---
 .../CookieAuthenticationOptionsExtensions.cs  | 50 +++++++++++++++++++
 ...lo.Abp.AspNetCore.Components.Server.csproj | 12 +++--
 2 files changed, 57 insertions(+), 5 deletions(-)
 create mode 100644 framework/src/Volo.Abp.AspNetCore.Components.Server/Microsoft/AspNetCore/Authentication/Cookies/CookieAuthenticationOptionsExtensions.cs

diff --git a/framework/src/Volo.Abp.AspNetCore.Components.Server/Microsoft/AspNetCore/Authentication/Cookies/CookieAuthenticationOptionsExtensions.cs b/framework/src/Volo.Abp.AspNetCore.Components.Server/Microsoft/AspNetCore/Authentication/Cookies/CookieAuthenticationOptionsExtensions.cs
new file mode 100644
index 0000000000..fbca58cd5a
--- /dev/null
+++ b/framework/src/Volo.Abp.AspNetCore.Components.Server/Microsoft/AspNetCore/Authentication/Cookies/CookieAuthenticationOptionsExtensions.cs
@@ -0,0 +1,50 @@
+using System;
+using IdentityModel.Client;
+using Microsoft.AspNetCore.Authentication.OpenIdConnect;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.AspNetCore.Authentication.Cookies;
+
+public static class CookieAuthenticationOptionsExtensions
+{
+    public static CookieAuthenticationOptions IntrospectAccessToken(this CookieAuthenticationOptions options, string oidcAuthenticationScheme = "oidc")
+    {
+        var originalHandler = options.Events.OnValidatePrincipal;
+        options.Events.OnValidatePrincipal = async principalContext =>
+        {
+            originalHandler?.Invoke(principalContext);
+
+            if (principalContext.Principal != null && principalContext.Principal.Identity != null && principalContext.Principal.Identity.IsAuthenticated)
+            {
+                var accessToken = principalContext.Properties.GetTokenValue("access_token");
+                if (!accessToken.IsNullOrWhiteSpace())
+                {
+                    var openIdConnectOptions = principalContext.HttpContext.RequestServices.GetRequiredService<IOptionsMonitor<OpenIdConnectOptions>>().Get(oidcAuthenticationScheme);
+                    if (openIdConnectOptions.Configuration == null && openIdConnectOptions.ConfigurationManager != null)
+                    {
+                        openIdConnectOptions.Configuration = await openIdConnectOptions.ConfigurationManager.GetConfigurationAsync(principalContext.HttpContext.RequestAborted);
+                    }
+
+                    var response = await openIdConnectOptions.Backchannel.IntrospectTokenAsync(new TokenIntrospectionRequest
+                    {
+                        Address = openIdConnectOptions.Configuration?.IntrospectionEndpoint ?? openIdConnectOptions.Authority.EnsureEndsWith('/') + "connect/introspect",
+                        ClientId = openIdConnectOptions.ClientId,
+                        ClientSecret = openIdConnectOptions.ClientSecret,
+                        Token = accessToken
+                    });
+
+                    if (response.IsActive)
+                    {
+                        return;
+                    }
+                }
+
+                principalContext.RejectPrincipal();
+                await principalContext.HttpContext.SignOutAsync(principalContext.Scheme.Name);
+            }
+        };
+
+        return options;
+    }
+}
diff --git a/framework/src/Volo.Abp.AspNetCore.Components.Server/Volo.Abp.AspNetCore.Components.Server.csproj b/framework/src/Volo.Abp.AspNetCore.Components.Server/Volo.Abp.AspNetCore.Components.Server.csproj
index 09c743bc2a..297b2a8576 100644
--- a/framework/src/Volo.Abp.AspNetCore.Components.Server/Volo.Abp.AspNetCore.Components.Server.csproj
+++ b/framework/src/Volo.Abp.AspNetCore.Components.Server/Volo.Abp.AspNetCore.Components.Server.csproj
@@ -12,11 +12,13 @@
     </PropertyGroup>
 
     <ItemGroup>
-      <ProjectReference Include="..\Volo.Abp.AspNetCore.Components.Web\Volo.Abp.AspNetCore.Components.Web.csproj" />
-      <ProjectReference Include="..\Volo.Abp.AspNetCore.Mvc.Contracts\Volo.Abp.AspNetCore.Mvc.Contracts.csproj" />
-      <ProjectReference Include="..\Volo.Abp.EventBus\Volo.Abp.EventBus.csproj" />
-      <ProjectReference Include="..\Volo.Abp.Http.Client\Volo.Abp.Http.Client.csproj" />
-      <ProjectReference Include="..\Volo.Abp.AspNetCore.SignalR\Volo.Abp.AspNetCore.SignalR.csproj" />
+        <ProjectReference Include="..\Volo.Abp.AspNetCore.Components.Web\Volo.Abp.AspNetCore.Components.Web.csproj" />
+        <ProjectReference Include="..\Volo.Abp.AspNetCore.Mvc.Contracts\Volo.Abp.AspNetCore.Mvc.Contracts.csproj" />
+        <ProjectReference Include="..\Volo.Abp.EventBus\Volo.Abp.EventBus.csproj" />
+        <ProjectReference Include="..\Volo.Abp.Http.Client\Volo.Abp.Http.Client.csproj" />
+        <ProjectReference Include="..\Volo.Abp.AspNetCore.SignalR\Volo.Abp.AspNetCore.SignalR.csproj" />
+        <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="$(MicrosoftAspNetCorePackageVersion)" />
+        <PackageReference Include="IdentityModel" Version="6.0.0" />
     </ItemGroup>
 
 </Project>

From 4d534b942e8739fd6f8986251e6899cb34cf2273 Mon Sep 17 00:00:00 2001
From: maliming <malimings@gmail.com>
Date: Sat, 4 Mar 2023 20:57:23 +0800
Subject: [PATCH 2/2] `IntrospectAccessToken` in `Blazor.Server.Tiered`.

---
 .../Cookies/CookieAuthenticationOptionsExtensions.cs        | 6 ++++++
 .../MyProjectNameBlazorModule.cs                            | 2 ++
 2 files changed, 8 insertions(+)

diff --git a/framework/src/Volo.Abp.AspNetCore.Components.Server/Microsoft/AspNetCore/Authentication/Cookies/CookieAuthenticationOptionsExtensions.cs b/framework/src/Volo.Abp.AspNetCore.Components.Server/Microsoft/AspNetCore/Authentication/Cookies/CookieAuthenticationOptionsExtensions.cs
index fbca58cd5a..61c064b376 100644
--- a/framework/src/Volo.Abp.AspNetCore.Components.Server/Microsoft/AspNetCore/Authentication/Cookies/CookieAuthenticationOptionsExtensions.cs
+++ b/framework/src/Volo.Abp.AspNetCore.Components.Server/Microsoft/AspNetCore/Authentication/Cookies/CookieAuthenticationOptionsExtensions.cs
@@ -8,6 +8,12 @@ namespace Microsoft.AspNetCore.Authentication.Cookies;
 
 public static class CookieAuthenticationOptionsExtensions
 {
+    /// <summary>
+    /// Introspect access token on validating the principal.
+    /// </summary>
+    /// <param name="options"></param>
+    /// <param name="oidcAuthenticationScheme"></param>
+    /// <returns></returns>
     public static CookieAuthenticationOptions IntrospectAccessToken(this CookieAuthenticationOptions options, string oidcAuthenticationScheme = "oidc")
     {
         var originalHandler = options.Events.OnValidatePrincipal;
diff --git a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Blazor.Server.Tiered/MyProjectNameBlazorModule.cs b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Blazor.Server.Tiered/MyProjectNameBlazorModule.cs
index 1033c73a57..fa55b7d44f 100644
--- a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Blazor.Server.Tiered/MyProjectNameBlazorModule.cs
+++ b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Blazor.Server.Tiered/MyProjectNameBlazorModule.cs
@@ -4,6 +4,7 @@ using Blazorise.Bootstrap5;
 using Blazorise.Icons.FontAwesome;
 using Medallion.Threading;
 using Medallion.Threading.Redis;
+using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Hosting;
@@ -163,6 +164,7 @@ public class MyProjectNameBlazorModule : AbpModule
             .AddCookie("Cookies", options =>
             {
                 options.ExpireTimeSpan = TimeSpan.FromDays(365);
+                options.IntrospectAccessToken();
             })
             .AddAbpOpenIdConnect("oidc", options =>
             {