c# - Register External Login Web API -


i don't understand why isn't clear tutorial or guideline on this, hope question can answered here.

so, trying register users facebook or google, via web api.

the problem is, @ registerexternal method, on line: 

var info = await authentication.getexternallogininfoasync();

it returns null, , returning badrequest()

what got far:

in startup.auth.cs i've hadded id's , secrets, note have tried using microsoft.owin.security.facebook

var facebookoptions = new microsoft.owin.security.facebook.facebookauthenticationoptions             {                 appid = "103596246642104",                 appsecret = "1c9c8f696e47bbc661702821c5a8ae75",                 provider = new facebookauthenticationprovider()                 {                     onauthenticated = (context) =>                     {                         context.identity.addclaim(new system.security.claims.claim("urn:facebook:access_token", context.accesstoken, claimvaluetypes.string, "facebook"));                          return task.fromresult(0);                     }                 },             };             facebookoptions.scope.add("email");             app.usefacebookauthentication(facebookoptions);                app.usegoogleauthentication(new googleoauth2authenticationoptions()             {             clientid = "328779658984-t9d67rh2nr681bahfusan0m5vuqeck13.apps.googleusercontent.com",             clientsecret = "zycnhxbqh56y0j2-tyowp9q0",             callbackpath = new pathstring("/api/account/manageinfo")         });

facebookoptions source: this post

that facebookoptions did not solve problem.

i able retrieve access_token both google , facebook. i'm able authenticate access_token api/account/userinfo

get http://localhost:4856/api/account/userinfo in header: authorization: bearer r9btvhi0...

which returns: {"email":"firstname lastname","hasregistered":false,"loginprovider":"facebook"}

one issue notice their, returns name email, not actual email adress.

now want register external login new user database, make post call this:

post http://localhost:4856/api/account/registerexternal [header] authorization: bearer 6xcjouty... content-type: application/json [body] {"email":"...@hotmail.com"}

source: this post

now returns badrequest on code snippit, inside registerexternal():

    public async task<actionresult> externalloginconfirmation(externalloginconfirmationviewmodel model, string returnurl)     { if (!modelstate.isvalid)             {                 return badrequest(modelstate);             }             //authenticationmanger?             var info = await authentication.getexternallogininfoasync();             if (info == null)             {                 return internalservererror();             }

in debugging, externalloginconfirmationviewmodel contain email adress.

what doing wrong? have add startup.cs? there more have in startup.auth.cs? incorrectly calling registerexternal? in mvc goes smooth, why not in web api?

aso looked @ this answer this question, didn't understand how implement this.

this method not practical, since developing api, used apps, best way handle login facebook api consumer, , let them send facebook auth token.

basically trying this:

  1. create external login link facebook.
  2. send user link bring them facebook login page.
  3. after login facebook redirect api.
  4. user registered, how app/website consuming api know?

what want this:

  1. api consumer creates own method login facebook (for apps via sdk's)
  2. api consumer send facebook token api register/login.
  3. api check token facebook graph endpoint.
  4. when succeeded, api return bearer token api make further authenticated requests.

so api developer, verify token so:

var verifytokenendpoint = string.format("https://graph.facebook.com/debug_token?input_token={0}&access_token={1}", accesstoken, apptoken);

and userid

var client = new httpclient(); var uri = new uri(verifytokenendpoint); var response = await client.getasync(uri);  if (response.issuccessstatuscode) {     var content = await response.content.readasstringasync();      dynamic jobj = (jobject)newtonsoft.json.jsonconvert.deserializeobject(content);      string user_id = jobj["data"]["user_id"];     string app_id = jobj["data"]["app_id"]; }

eventually create or find user so:

identityuser user = await _usermanager.findasync(new userlogininfo(provider, verifiedaccesstoken.user_id));

and it's how create bearer token, if follow tutorial listed below, have this:

var tokenexpiration = timespan.fromminutes(30);  claimsidentity identity = new claimsidentity(oauthdefaults.authenticationtype);  identity.addclaim(new claim(claimtypes.name, username)); identity.addclaim(new claim("role", "user"));  var props = new authenticationproperties() {     issuedutc = datetime.utcnow,     expiresutc = datetime.utcnow.add(tokenexpiration), };  var ticket = new authenticationticket(identity, props);  var accesstoken = startup.oauthbeareroptions.accesstokenformat.protect(ticket);

source, full tutorial here

i've got email via sdk , send along post request, since managed both api , consumer. warning though: facebook user might not want give e-mail address.

get e-mail after facebook login on android , ios


-

Comments

Post a Comment

Popular posts from this blog

apache - PHP Soap issue while content length is larger -

we have developed soap based webservice post data third party webservice. accepts 4 params. in 1 of parameters accepts xml string no size limit restriction put in place. the webservice works fine in local environment running on php 5.2 , apache2. works content length long 10 mb. in staging server running nginx , php fpm.we have updated max post size , max upload filesize in php.ini , client_max_body param in nginx.conf allow upto 50 mb. but webservice client keeps on loading in staging environment. gives 502 timeout , gives soap error. can me understand issue here?
Read more

asynchronous - Python asyncio task got bad yield -

i confused how play around asyncio module in python 3.4. have searching api search engine, , want each search request run either parallel, or asynchronously, don't have wait 1 search finish start another. here high-level searching api build objects raw search results. search engine using kind of asyncio mechanism, won't bother that. # no asyncio module used here class search(object): ... self.s = some_search_engine() ... def searching(self, *args, **kwargs): ret = {} # raw searching according args , kwargs , build wrapped results ... return ret to try async requests, wrote following test case test how can interact stuff asyncio module. # here testing script @asyncio.coroutine def handle(f, *args, **kwargs): r = yield f(*args, **kwargs) return r s = search() loop = asyncio.get_event_loop() loop.run_until_complete(handle(s.searching, arg1, arg2, ...)) loop.close() by running pytest, return runtimeerror: task got bad yield : {results s...
Read more

javascript - Complete OpenIDConnect auth when requesting via Ajax -

the normal openidconnect server works like: you go a.com/secure-resource you 302 server your browser handles , sends identity server you login there it sends a.com via post you logged in on a.com , a.com/secure-resource on browser. however have scenario i'm trying solve need help. the user logged in on idserver the user logged in on a.com the user not logged in on b.com we need send ajax call web server b.com (from domain a.com ) b.com configured use openidconnect. but because request b.com via ajax, user cannot redirected idserver. (all in response 302 ) we can go ahead , handle 302 via ajax (i'm still not sure whether work, security-wise). but is there scenario in identityserver/openidconnect designed these situations? with identityserver in scenario setup server b.com use bearer token authentication, need use access token provided a.com in headers of ajax call $.ajax({ url: 'http://b.com', headers: { ...
Read more