删除权限时,WebAPI Facebook登录返回访问被拒绝 [英] WebAPI Facebook login returning Access Denied when removing permissions
问题描述
我有一个用于iOS和WP的客户端应用程序(用Xamarin编写),该应用程序使用WebAPI和Facebook作为唯一的登录方法.我的问题是,当用户自定义所需的权限并删除其中的一些权限时,WebAPI只需从OWIN或Facebook接收"access_denied"(在我的代码外部).
I have a client app (written with Xamarin) for iOS and WP which uses a WebAPI with Facebook as the sole method of logging in. My issue is that when a user customises the required permissions and removes some of them, the WebAPI simply receives "access_denied" from either OWIN or Facebook (externally to my code).
该应用程序还将使用他们选择的受限权限子集添加到其Facebook帐户,这意味着在其后的每次登录中,他们也都会拒绝访问".另外,由于他们没有成功向WebAPI注册,因此我没有Facebook的用户访问令牌,因此我可以从其Facebook帐户中删除该应用程序(重新启动).解决此问题的唯一方法是手动访问Facebook,然后从您的应用设置页面中删除该应用,然后重试.
The app is also added to their Facebook account with the subset of restricted permissions they chose, which means on every subsequent login they also get "access denied". Also, because they did not successfully register with the WebAPI, I do not have a user access token for facebook so that I can remove the app from their Facebook account (to start again). The only way to fix this issue is to manually visit facebook and remove the app from your app settings page, then try again.
我完全被困住了.登录时,他们在WebAPI上输入以下方法,并在ChallengeResult()上获得返回值;
I am completely stuck. When logging in, they enter the following method at the WebAPI and reach the return on ChallengeResult();
[Route("ExternalLogin", Name = "ExternalLogin")]
public async Task<IHttpActionResult> GetExternalLogin(string provider, string error = null)
{
if (error != null)
{
return Redirect(Url.Content("~/") + "#error=" + Uri.EscapeDataString(error));
}
if (!User.Identity.IsAuthenticated)
{
return new ChallengeResult(provider, this);
}
从此处开始,它与Facebook通信(进行身份验证),随后对该方法的调用将在Redirect()上返回,并显示拒绝访问"作为错误.
From here, it communicates (authenticates) with Facebook and the subsequent call to this method returns on Redirect() with "access denied" as the error.
我相信(但不确定),因为我的WebAPI试图使用全部权限登录他们,但是Facebook拒绝,他们列出的应用程序只有1个权限,因此拒绝"返回.我的Startup.auth.cs文件看起来像这样;
I believe (but am not sure) that this is happening because my WebAPI is trying to log them in with the full set of permissions, but Facebook is saying no, they have your app listed with only 1 permission, so "access denied" is returned. My Startup.auth.cs file looks like this;
var facebookOptions = new Microsoft.Owin.Security.Facebook.FacebookAuthenticationOptions
{
AppId = Constants.AppId,
AppSecret = Constants.AppSecret,
Provider = new FacebookAuthenticationProvider()
{
OnAuthenticated = (context) =>
{
context.Identity.AddClaim(new System.Security.Claims.Claim("urn:facebook:access_token", context.AccessToken, ClaimValueTypes.String, "Facebook"));
context.Identity.AddClaim(new System.Security.Claims.Claim("urn:facebook:email", context.Email, ClaimValueTypes.Email, "Facebook"));
return Task.FromResult(0);
}
},
};
facebookOptions.Scope.Add("email");
facebookOptions.Scope.Add("user_friends");
app.UseFacebookAuthentication(facebookOptions);
当用户在首次登录时删除一些默认权限时,我应该如何处理这种情况?我希望他们可以成功地向我的WebAPI注册,但是对他们不允许的权限的任何调用都将失败,但这不会发生.我只是在登录时看到访问被拒绝".
How am I supposed to manage the situation when a user removes some of the default permissions on their first log in? I would expect that they could successfully register with my WebAPI, but then any call for the permissions they did not allow would fail, but this is not happening. I am simply presented with the "access denied" on log in.
任何帮助都将是惊人的,因为我完全被困在这里!
Any help would be amazing because I am totally stuck here!
推荐答案
找到了...
在Startup.auth.cs的OnAuthenticated方法中,您可以访问USER访问令牌.在这里,您可以检查通过使用令牌访问图谱api所授予的facebook权限,并在需要时删除该应用程序.
In the OnAuthenticated method in Startup.auth.cs, you have access to the USER access token. Here you can check facebook permissions granted by accessing the graph api with the token, and remove the app if needed.
该方法失败,因为context.email为空;
The method was failing because context.email was null;
context.Identity.AddClaim(new System.Security.Claims.Claim("urn:facebook:email", context.Email, ClaimValueTypes.Email, "Facebook"));
这篇关于删除权限时,WebAPI Facebook登录返回访问被拒绝的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
