ASP.net核心Web API:使用Facebook/Google OAuth访问令牌进行身份验证 [英] ASP.net core web api: Using Facebook/Google OAuth access token for authentication

问题描述

在服务器时代，我一直在尝试通过Google和Facebook获得OAuth身份验证，以在我的ASP.net核心Web api项目中工作.

For serveral days now I am trying to get OAuth authentication with Google and Facebook to work within my ASP.net core web api project.

我当前的状态是:

• 我有一个ASP.net核心Web Api项目，需要对用户进行身份验证
• 我有一个angular 2 Web应用程序，应该使用我的Web API(带有身份验证)
• 我有一个android应用，该应用应使用我的网络api(带有身份验证)

我的目标是:

• 使用Google/Facebook作为OAuth提供者进行登录
• 稍后:添加自己的用户帐户(可能使用IdentityServer4)
• 无需重定向到特殊的登录网站(例如IdentityServer4解决方案).只需点击应用中的facebook/google按钮，即可完成访问！

在我的android和angular应用程序中，我能够从google/facebook检索访问令牌.现在，我想使用OAuth隐式流程，使用给定的访问令牌(将令牌作为不记名令牌放入标头中)对我的Web api上的用户进行身份验证

In my android and angular app I am able to retrieve the access tokens from google/facebook. Now, I want to use the OAuth implicit flow, to authenticate the user on my web api, with the given access tokens (putting the tokens into the header as bearer token)

我的问题是:有没有通用的方法可以轻松地做到这一点?我不想为此使用facebook/google SDK.

There is my problem: is there any genric way to do this easily? I do not want to use the facebook/google SDKs for this.

我尝试了以下操作:

• 使用IdentityServer4 :通过这种方式，我可以在我的webapi上使用facebook/google登录，但是需要重定向到IdentityServer4登录页面.
，是否可以在我的应用中直接点击google/fb-Button并登录，而无需重定向到identityServer登录页面?
• 使用google/facebook身份验证中间件( https://docs.microsoft.com/zh-cn/aspnet/core/security/authentication/social/):但是他们没有验证我发送的承载令牌(尝试了无数种方法来实现正确的验证).甚至可以在网络api中使用它吗?
• 尝试使用 Microsoft.AspNetCore.Authentication.JwtBearer-Middleware ，并自己为google/facebook设置必要的选项，但也没有进行验证(还有无数次尝试)

• using IdentityServer4: With this I am able to login with facebook/google on my webapi, but there is need of a redirection to the IdentityServer4 login page. Is there any possible way of just hitting the google/fb-Button in my app and logging in, without redirection to the identityServer login page?
• using the google/facebook authentication middleware (https://docs.microsoft.com/en-us/aspnet/core/security/authentication/social/): But they are not validating my sent bearer token (tried countless ways to achieve proper validation). Is this even possible to use within the web api?
• trying to use Microsoft.AspNetCore.Authentication.JwtBearer-Middleware and putting in the necessary options for google/facebook by myself, but also not validating (aswell countless attempts)

在过去的几天里，我尝试了很多可能的解决方案，以至于我完全陷于困境，无法实现该目标.到目前为止，我已经阅读了几乎所有的asp.net Web api oauth教程/stackoverflow条目，但无法根据需要确定如何在我的情况下使用它.大多数教程仅适用于mvc网站或结合重定向到其登录页面使用IdentityServer4.

In the last few days, I have tried so much possible solutions, that I am totally stuck and lost track of what I need to do to achieve this. At this point I have read nearly every asp.net web api oauth tutorial/stackoverflow entry but can't figure out how to use this in my case as I want. Most tutorials are just for mvc-Websites or using IdentityServer4 with the redirection to its login page.

有什么建议或解决方案吗?我想念什么?

Any suggestions or solutions? What am I missing?

推荐答案

如果我正确理解，您已经通过应用程序从Facebook SDK获得了Facebook用户令牌.
像您一样，我找不到使用ASP.NET Core库/程序包的方法.所以我回到了基础.
我只是用Facebook令牌调用了我的api的终结点，然后根据Facebook图形api对其进行了检查，如果可以，那么我注册了用户(如果需要)并返回我的JWT令牌，就像用户通过传统的用户名/密码路径登录一样.

If I undertsand correctly, you already have your Facebook user token from Facebook SDK through your app.
Like you I couldn't find how to do it with an ASP.NET Core library / package. So I went back to basics.
I just call a endpoint of my api with the Facebook token, check it against the Facebook graph api and if fine then I register the user (if required) and return my JWT token as if the user logged through a classical username / password path.

[HttpPost]
[AllowAnonymous]
[Route("api/authentication/FacebookLogin")]
public async Task<IActionResult> FacebookLogin([FromBody] FacebookToken facebookToken)
{
    //check token
    var httpClient = new HttpClient { BaseAddress = new Uri("https://graph.facebook.com/v2.9/") };
    var response = await httpClient.GetAsync($"me?access_token={facebookToken.Token}&fields=id,name,email,first_name,last_name,age_range,birthday,gender,locale,picture");
    if (!response.IsSuccessStatusCode) return BadRequest();
    var result = await response.Content.ReadAsStringAsync();
    var facebookAccount = JsonConvert.DeserializeObject<FacebookAccount>(result);

    //register if required
    var facebookUser = _context.FacebookUsers.SingleOrDefault(x => x.Id == facebookAccount.Id);
    if (facebookUser == null)
    {
        var user = new ApplicationUser {UserName = facebookAccount.Name, Email = facebookAccount.Email};
        var result2 = await _userManager.CreateAsync(user);
        if (!result2.Succeeded) return BadRequest();
        facebookUser = new FacebookUser {Id = facebookAccount.Id, UserId = user.Id};
        _context.FacebookUsers.Add(facebookUser);
        _context.SaveChanges();
    }

    //send bearer token
    return Ok(GetToken(facebookUser.UserId));
}

这篇关于ASP.net核心Web API:使用Facebook/Google OAuth访问令牌进行身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！