ASP.net核心Web API:使用Facebook/Google OAuth访问令牌进行身份验证 [英] ASP.net core web api: Using Facebook/Google OAuth access token for authentication
问题描述
在服务器时代,我一直在尝试通过Google和Facebook获得OAuth身份验证,以在我的ASP.net核心Web api项目中工作.
For serveral days now I am trying to get OAuth authentication with Google and Facebook to work within my ASP.net core web api project.
我当前的状态是:
- 我有一个ASP.net核心Web Api项目,需要对用户进行身份验证
- 我有一个angular 2 Web应用程序,应该使用我的Web API(带有身份验证)
- 我有一个android应用,该应用应使用我的网络api(带有身份验证)
我的目标是:
- 使用Google/Facebook作为OAuth提供者进行登录
- 稍后:添加自己的用户帐户(可能使用IdentityServer4)
- 无需重定向到特殊的登录网站(例如IdentityServer4解决方案).只需点击应用中的facebook/google按钮,即可完成访问!
在我的android和angular应用程序中,我能够从google/facebook检索访问令牌.现在,我想使用OAuth隐式流程,使用给定的访问令牌(将令牌作为不记名令牌放入标头中)对我的Web api上的用户进行身份验证
In my android and angular app I am able to retrieve the access tokens from google/facebook. Now, I want to use the OAuth implicit flow, to authenticate the user on my web api, with the given access tokens (putting the tokens into the header as bearer token)
我的问题是:有没有通用的方法可以轻松地做到这一点?我不想为此使用facebook/google SDK.
There is my problem: is there any genric way to do this easily? I do not want to use the facebook/google SDKs for this.
我尝试了以下操作:
- 使用IdentityServer4 :通过这种方式,我可以在我的webapi上使用facebook/google登录,但是需要重定向到IdentityServer4登录页面. ,是否可以在我的应用中直接点击google/fb-Button并登录,而无需重定向到identityServer登录页面?
- 使用google/facebook身份验证中间件( https://docs.microsoft.com/zh-cn/aspnet/core/security/authentication/social/):但是他们没有验证我发送的承载令牌(尝试了无数种方法来实现正确的验证).甚至可以在网络api中使用它吗?
- 尝试使用 Microsoft.AspNetCore.Authentication.JwtBearer-Middleware ,并自己为google/facebook设置必要的选项,但也没有进行验证(还有无数次尝试)
- using IdentityServer4: With this I am able to login with facebook/google on my webapi, but there is need of a redirection to the IdentityServer4 login page. Is there any possible way of just hitting the google/fb-Button in my app and logging in, without redirection to the identityServer login page?
- using the google/facebook authentication middleware (https://docs.microsoft.com/en-us/aspnet/core/security/authentication/social/): But they are not validating my sent bearer token (tried countless ways to achieve proper validation). Is this even possible to use within the web api?
- trying to use Microsoft.AspNetCore.Authentication.JwtBearer-Middleware and putting in the necessary options for google/facebook by myself, but also not validating (aswell countless attempts)
在过去的几天里,我尝试了很多可能的解决方案,以至于我完全陷于困境,无法实现该目标.到目前为止,我已经阅读了几乎所有的asp.net Web api oauth教程/stackoverflow条目,但无法根据需要确定如何在我的情况下使用它.大多数教程仅适用于mvc网站或结合重定向到其登录页面使用IdentityServer4.
In the last few days, I have tried so much possible solutions, that I am totally stuck and lost track of what I need to do to achieve this. At this point I have read nearly every asp.net web api oauth tutorial/stackoverflow entry but can't figure out how to use this in my case as I want. Most tutorials are just for mvc-Websites or using IdentityServer4 with the redirection to its login page.
有什么建议或解决方案吗?我想念什么?
Any suggestions or solutions? What am I missing?
推荐答案
如果我正确理解,您已经通过应用程序从Facebook SDK获得了Facebook用户令牌.
像您一样,我找不到使用ASP.NET Core库/程序包的方法.所以我回到了基础.
我只是用Facebook令牌调用了我的api的终结点,然后根据Facebook图形api对其进行了检查,如果可以,那么我注册了用户(如果需要)并返回我的JWT令牌,就像用户通过传统的用户名/密码路径登录一样.
If I undertsand correctly, you already have your Facebook user token from Facebook SDK through your app.
Like you I couldn't find how to do it with an ASP.NET Core library / package. So I went back to basics.
I just call a endpoint of my api with the Facebook token, check it against the Facebook graph api and if fine then I register the user (if required) and return my JWT token as if the user logged through a classical username / password path.
[HttpPost]
[AllowAnonymous]
[Route("api/authentication/FacebookLogin")]
public async Task<IActionResult> FacebookLogin([FromBody] FacebookToken facebookToken)
{
//check token
var httpClient = new HttpClient { BaseAddress = new Uri("https://graph.facebook.com/v2.9/") };
var response = await httpClient.GetAsync($"me?access_token={facebookToken.Token}&fields=id,name,email,first_name,last_name,age_range,birthday,gender,locale,picture");
if (!response.IsSuccessStatusCode) return BadRequest();
var result = await response.Content.ReadAsStringAsync();
var facebookAccount = JsonConvert.DeserializeObject<FacebookAccount>(result);
//register if required
var facebookUser = _context.FacebookUsers.SingleOrDefault(x => x.Id == facebookAccount.Id);
if (facebookUser == null)
{
var user = new ApplicationUser {UserName = facebookAccount.Name, Email = facebookAccount.Email};
var result2 = await _userManager.CreateAsync(user);
if (!result2.Succeeded) return BadRequest();
facebookUser = new FacebookUser {Id = facebookAccount.Id, UserId = user.Id};
_context.FacebookUsers.Add(facebookUser);
_context.SaveChanges();
}
//send bearer token
return Ok(GetToken(facebookUser.UserId));
}
这篇关于ASP.net核心Web API:使用Facebook/Google OAuth访问令牌进行身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!