实施Google / Facebook令牌中间件身份验证逻辑 [英] Implement Google/Facebook token middleware auth logic

问题描述

首先，我将简要介绍一下我想要实现的目标。



用例可以是用户可以使用谷歌或Facebook从移动应用程序或SPA注册在我的应用程序上，稍后登录并使用所有应用程序提供。



我使用.NET Core 2.2作为IdentityServer的RESTful WEBAPI应用程序。

有一个移动和SPA应用程序可以使用api。



从我对基于REST的apis的理解看，客户端应该为每个请求发送一些令牌是否已通过身份验证？



我已使用

So first I will briefly explain what I'm trying to achieve.

Use case would be that user can from mobile app or SPA register using Google or Facebook on my app, and login later on and use all app has to offer.

I'm using .NET Core 2.2 as RESTful WEBAPI app with IdentityServer.
There's a mobile and SPA app to consume api.

From my view of understanding of REST based apis, client should send some token for every request to be authenticated?

I have implemented logic for Google acc registration/login using

Google.Apis.Auth

为Google acc注册/登录实施逻辑，但我无法绕过将验证每个请求的中间件。



我也习惯了.NET Core，原谅我缺乏知识。



PS我觉得我在这里做错了。



我尝试了什么：



这是我使用谷歌的登录逻辑。



我正在从客户端向api发送idToken，其中验证并保存所有客户端信息尚未。

, but I cant wrap my head around middleware that will authenticate each request.

I'm also getting used to .NET Core, forgive my lack of knowledge.

P.S. I have feeling I'm doing something very wrong here.

What I have tried:

Here's my signin logic using google.

I'm sending idToken from client to api, where its being validated annd all client info saved if its not already.

[AllowAnonymous]
[HttpPost]
[Route ("signin-google")]
public async Task<IActionResult> GoogleSignIn ([FromQuery] string token) {
    if (token == null) {
        return BadRequest (new { message = "Derp! You have to provide a token!" });
    }

    var settings = new GoogleJsonWebSignature.ValidationSettings () { Audience = new List<string> () { "XXXXXXXXXXXXXXXX.apps.googleusercontent.com" } };
    GoogleJsonWebSignature.Payload payload = await GoogleJsonWebSignature.ValidateAsync (token, settings);

    var result = await _signInManager.ExternalLoginSignInAsync (payload.Issuer, payload.JwtId, isPersistent : false);

    if (!result.Succeeded) {
        ApplicationUser user = new ApplicationUser () {
            Email = payload.Email,
            Firstname = payload.GivenName,
            Lastname = payload.FamilyName,
            PictureLink = payload.Picture,
            UserName = payload.Email,
        };

        UserLoginInfo userLogin = new UserLoginInfo (payload.Issuer, payload.JwtId, payload.Name);

        await _userManager.CreateAsync (user);
        await _userManager.AddLoginAsync (user, userLogin);
        await _signInManager.SignInAsync (user, isPersistent : false);
        return Ok (userLogin.ProviderKey);
    }
    return Ok (payload.JwtId);
}

推荐答案

这是链接来自IdentityServer的文档，了解如何将Google Auth纳入您的.Net Core中间件。



下面的代码片段：

Here is the link to the documentation from IdentityServer on how to include Google Auth into your .Net Core middleware.

Code snippet below:

<pre>services.AddAuthentication()
    .AddGoogle("Google", options =>
    {
        options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;

        options.ClientId = "<insert here>";
        options.ClientSecret = "<insert here>";
    });

这篇关于实施Google / Facebook令牌中间件身份验证逻辑的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！