Revert device id in jwt token and moved to reading from header. Added clear token by identifier API/repo/sproc so that token can be cleared after logout.

2026-01-05 01:53:17 +00:00 · 2016-08-06 15:15:11 -04:00
parent f07e9e9dd0
commit da56901d17
7 changed files with 40 additions and 28 deletions
--- a/src/Core/Identity/JwtBearerEventImplementations.cs
+++ b/src/Core/Identity/JwtBearerEventImplementations.cs
@@ -9,7 +9,6 @@ using Microsoft.AspNetCore.Http.Authentication;
 using Microsoft.IdentityModel.Tokens;
 using Microsoft.AspNetCore.Identity;
 using Bit.Core.Domains;
-using System.Linq;

 namespace Bit.Core.Identity
 {
@@ -38,10 +37,9 @@ namespace Bit.Core.Identity
            // register the current context user
            var currentContext = context.HttpContext.RequestServices.GetRequiredService<CurrentContext>();
            currentContext.User = user;
-            var deviceIdentifierClaim = context.Ticket.Principal.Claims.SingleOrDefault(c => c.Type == "DeviceIdentifier");
-            if(deviceIdentifierClaim != null)
+            if(context.HttpContext.Request.Headers.ContainsKey("Device-Identifier"))
            {
-                currentContext.DeviceIdentifier = deviceIdentifierClaim.Value;
+                currentContext.DeviceIdentifier = context.HttpContext.Request.Headers["Device-Identifier"];
            }
        }