ServiceStack OAuth - 注册而不是登录 [英] ServiceStack OAuth - registration instead login
问题描述
但是,是否有能力通过Facebook登录来支持注册过程。我想要的是让用户登录到Facebook应用程序,然后加载他们的姓名,姓氏和电子邮件,并填写所需的文本框,以便在我的网站上进行真实的注册(因为我也必须有手机验证等等)我不想当用户登录时,用户被授权和认证。
编辑:我找到了一个解决方案。
在FacebookProvider.cs中
public override bool IsAuthorized(IAuthSession session,IOAuthTokens令牌,Auth request = null)
{
if(request!= null)
{
if(!LoginMatchesSession(session,request.UserName))return false;
}
return tokens!= null&& session.UserName!= null&&& !string.IsNullOrEmpty(tokens.AccessTokenSecret);
}
这个catch是&& session.UserName!= null 部分。所以我们可以检查用户是否使用凭据登录,这将是!= null,用户可以使用所有服务。如果没有,这将是== null,他只能从会话获取Facebook信息。
SocialBootstrap API 项目显示了通过覆盖其自定义用户会话的OnAuthenticated()钩子:
我已经删除了,重写了一些,并强调了一些重要的位:
public class CustomUserSession:AuthUserSession
{
public override void OnAuthenticated(IServiceBase authService,
IAuthSession session,
IOAuthTokens tokens,
Dictionary< string,string> authInfo)
{
base.OnAuthenticated(authService,session,token,authI NFO);
//将匹配字段从此会话填充到您自己的MyUserTable
var user = session.TranslateTo< MyUserTable>();
user.Id = int.Parse(session.UserAuthId);
user.GravatarImageUrl64 = CreateGravatarUrl(session.Email,64);
foreach(var authToken in session.ProviderOAuthAccess)
{
if(authToken.Provider == FacebookAuthProvider.Name)
{
user.FacebookName = authToken.DisplayName;
user.FacebookFirstName = authToken.FirstName;
user.FacebookLastName = authToken.LastName;
user.FacebookEmail = authToken.Email;
}
else if(authToken.Provider == TwitterAuthProvider.Name)
{
user.TwitterName = authToken.DisplayName;
}
}
//从IOC解析DbFactory,并使用(var db = authService.TryResolve< IDbConnectionFactory>())保存用户信息
())
{
//更新(如果存在)或将填充数据插入到MyUserTable
db.Save(user);
}
}
//更改IsAuthorized只验证用Credentials身份验证的用户
public override bool IsAuthorized(string provider)
{
if(provider!= AuthService.CredentialsProvider)return false;
return base.IsAuthorized(provider);
}
}
基本上这个用户定义的自定义逻辑(被触发在每次成功的身份验证后)从UserSession提取数据并将其存储在自定义的MyUserTable中。
我们还覆盖了 IsAuthorized 仅接受使用CredentialsAuth认证的用户。
您可以使用此数据来完成其余的注册。
其他可能的自定义
ServiceStack的内置Auth持续使用AuthData,并为您自动填充会话。如果要添加额外的验证断言,您可以简单地使用自己的自定义[Authentication]属性,而不是包含其他自定义逻辑。看看内置的 AuthenticateAttribute作为指南的实现。
In servicestack OAuth implementation I only saw possibility to automatically login with eg. facebook account.
But is there abbility to support registration process with facebook login. What I wanted is to let users login to facebook app, and then load their Name, Surname and email and prefill needed text boxes for real registration on my site (since I also have to have mobile phone verification etc.) I don't want user to be authorized and authenticated when he logs in with facebook. Only credentials login should be valid one for full site access.
Edit: I found a solution.
In FacebookProvider.cs
public override bool IsAuthorized(IAuthSession session, IOAuthTokens tokens, Auth request = null)
{
if (request != null)
{
if (!LoginMatchesSession(session, request.UserName)) return false;
}
return tokens != null && session.UserName!=null && !string.IsNullOrEmpty(tokens.AccessTokenSecret);
}
The catch was the && session.UserName!=null part. So we can check if user is logged in using credentials, this will be !=null and user can use all services. If not, this will be ==null and he can only get facebook info from session.
The SocialBootstrap API project shows an example of handling the callback after a successful Authentication by overriding the OnAuthenticated() hook of its custom user session:
I've pulled out, rewrote some and highlighted some of the important bits:
public class CustomUserSession : AuthUserSession
{
public override void OnAuthenticated(IServiceBase authService,
IAuthSession session,
IOAuthTokens tokens,
Dictionary<string, string> authInfo)
{
base.OnAuthenticated(authService, session, tokens, authInfo);
//Populate matching fields from this session into your own MyUserTable
var user = session.TranslateTo<MyUserTable>();
user.Id = int.Parse(session.UserAuthId);
user.GravatarImageUrl64 = CreateGravatarUrl(session.Email, 64);
foreach (var authToken in session.ProviderOAuthAccess)
{
if (authToken.Provider == FacebookAuthProvider.Name)
{
user.FacebookName = authToken.DisplayName;
user.FacebookFirstName = authToken.FirstName;
user.FacebookLastName = authToken.LastName;
user.FacebookEmail = authToken.Email;
}
else if (authToken.Provider == TwitterAuthProvider.Name)
{
user.TwitterName = authToken.DisplayName;
}
}
//Resolve the DbFactory from the IOC and persist the user info
using (var db = authService.TryResolve<IDbConnectionFactory>().Open())
{
//Update (if exists) or insert populated data into 'MyUserTable'
db.Save(user);
}
}
//Change `IsAuthorized` to only verify users authenticated with Credentials
public override bool IsAuthorized(string provider)
{
if (provider != AuthService.CredentialsProvider) return false;
return base.IsAuthorized(provider);
}
}
Basically this user-defined custom logic (which gets fired after every successful authentication) extracts data from the UserSession and stores it in a custom 'MyUserTable'.
We've also overridden the meaning of IsAuthorized to only accept users that have authenticated with CredentialsAuth.
You can use this data to complete the rest of the registration.
Other possible customizations
ServiceStack's built-in Auth persists the AuthData and populates the Session automatically for you. If you want to add extra validation assertions you can simply use your own custom [Authentication] attribute instead containing additional custom logic. Look at the implementation of the built-in AuthenticateAttribute as a guide.
这篇关于ServiceStack OAuth - 注册而不是登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
