Google的DotNetOpenAuth OAuth 2.0授权 [英] DotNetOpenAuth OAuth 2.0 authorization with Google
问题描述
我正在尝试使用DNOA通过OAuth 2.0与Facebook和Google连接。
I am trying to use DNOA to connect with Facebook and Google over OAuth 2.0.
相同的代码适用于Facebook,但不适用于Google
The same code is working with Facebook, but isn't working with Google
IAuthorizationState authorization = client.ProcessUserAuthorization(request);
if (authorization == null) {
// Kick off authorization request
client.RequestUserAuthorization(openAuthClient.scope, new Uri(redirectUrl));
}
问题是为什么?
我开始记录DNOA请求并发现以下内容:
I start logging DNOA request and found following:
2014-03-27 12:20:19,497 (GMT+9) [6] DEBUG DotNetOpenAuth.Messaging.Channel - Preparing to send AccessTokenAuthorizationCodeRequestC (2.0) message.
2014-03-27 12:20:19,500 (GMT+9) [6] INFO DotNetOpenAuth.Messaging.Channel - Prepared outgoing AccessTokenAuthorizationCodeRequestC (2.0) message for https://accounts.google.com/o/oauth2/token:
code: 4/sFMRXFQwkQR_I1BsKXIA-XRO0eid.MoM8z1Q_qZEdPvB8fYmgkJxxjiYDigI
redirect_uri: http://test.almazcom.ru/asp/logon.aspx?Mode=OpenAuthLogon&Provider=google&Response=1&authuser=0&num_sessions=1&session_state=f1b3dbc278071954a1b03facd6d7053deac831f7..b3c2&prompt=none
grant_type: authorization_code
client_id: 514202796818.apps.googleusercontent.com
client_secret: ********
2014-03-27 12:20:19,500 (GMT+9) [6] DEBUG DotNetOpenAuth.Messaging.Channel - Sending AccessTokenAuthorizationCodeRequestC request.
2014-03-27 12:20:20,447 (GMT+9) [6] DEBUG DotNetOpenAuth.Http - HTTP POST https://accounts.google.com/o/oauth2/token
2014-03-27 12:20:20,533 (GMT+9) [6] ERROR DotNetOpenAuth.Http - https://accounts.google.com/o/oauth2/token returned 400 BadRequest: Bad Request
2014-03-27 12:20:20,533 (GMT+9) [6] DEBUG DotNetOpenAuth.Http - WebException from https://accounts.google.com/o/oauth2/token:
{
"error" : "invalid_request"
}
然后我更改参数redirect_uri并手动发送此请求。结果还可以!在我的Google应用程序中,指定以下重定向uri: http: //test.almazcom.ru/asp/logon.aspx?Mode=OpenAuthLogon&Provider=google&Response=1
Then I change parameter redirect_uri and send this request manually. Result is OK! In my Google application specified following redirect uri: http://test.almazcom.ru/asp/logon.aspx?Mode=OpenAuthLogon&Provider=google&Response=1
在操作期间如何更改uri用户授权(方法ProcessUserAuthorization)与另一个不同?此uri必须与Google应用程序重定向URI完全相同。在其他情况下,我会从Google获得 invalid_request
How can I change uri during user authorization (method ProcessUserAuthorization) with different one? This uri must be exactly same as Google application Redirect URI. In other cases I get "invalid_request" from Google
推荐答案
您应使用状态存储有关身份验证重定向的信息
You should use the "state" to store information on post authentication redirects
要停止DNOA自动设置状态并允许您设置自己的状态,请创建IClientAuthorizationTracker的实现
To stop DNOA setting a state automatically and allowing you to set your own one create a implementation of IClientAuthorizationTracker
Public Class TokenManager
Implements IClientAuthorizationTracker
Function GetAuthorizationState(callbackUrl As System.Uri, clientState As String) As IAuthorizationState Implements IClientAuthorizationTracker.GetAuthorizationState
Dim oAS As AuthorizationState = Nothing
If True Then
oAS = New AuthorizationState()
oAS.Callback = callbackUrl
End If
Return oAS
End Function
End Class
然后
oClient = New WebServerClient(MyAuthDesc)
...
oClient.AuthorizationTracker = New TokenManager
最后(当ProcessUserAuthorization()返回Null / Nothing时)
lastly (When ProcessUserAuthorization() returns Null/Nothing)
Dim owr As DotNetOpenAuth.Messaging.OutgoingWebResponse
owr = oClient.PrepareRequestUserAuthorization(scopes:=sScope, returnTo:=Request.Url)
oOAuthParams.Redirect = owr.Headers.Item("Location") & "&state=" & sReturnHere
当ProcessUserAuthorization成功并且您验证了访问令牌后,您可以读取URL中的状态并执行与此相关的东西(我不使用它来退还我实际上是在使用它来阻止欺诈)
When ProcessUserAuthorization succeeds and you verify your access token then you can read the state in the URL and do something with it (I do not use it to return I actually use it to discourage fraud)
无论如何,我都需要执行上述操作才能使DNOA正常运行使用会话对象
I needed to do the above anyway to get DNOA working as I did not want to use the session object
希望这会有所帮助。
这篇关于Google的DotNetOpenAuth OAuth 2.0授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
