将 C# Owin 响应类型从代码更改为令牌
Change C# Owin response type from code to token
我正在尝试使用 OWIN 进行外部登录 Google/Facebook。
面临的问题是 owin 挑战不断将响应类型从令牌更改为代码。
这是 returns 来自 google 的错误。如果我将 response_type 更改为 token (response_type=token) 它会起作用。
这是 OAuth 选项
OAuthOptions = new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Token"),
Provider = new ApplicationOAuthProvider(PublicClientId),
AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
// In production mode set AllowInsecureHttp = false
AllowInsecureHttp = true,
};
Google 中间件设置:
app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions()
{
ClientId = "clientid",
ClientSecret = "client secret",
});
这是挑战:
var properties = new AuthenticationProperties() { AllowRefresh = true, RedirectUri="mywebsite.co.za" };
Request.GetOwinContext().Authentication.Challenge(properties,LoginProvider);
HttpResponseMessage response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
response.RequestMessage = Request;
return Task.FromResult(response);
OWIN 是通用 MVC API 项目的基本设置。
将response_type重写为token的解决方案如下:
GoogleOAuth2AuthenticationOptions googleOAuth2AuthenticationOptions = new GoogleOAuth2AuthenticationOptions
{
ClientId = "clientid",
ClientSecret = "secret",
Provider = new GoogleOAuth2AuthenticationProvider
{
OnApplyRedirect = context =>
{
string redirect = context.RedirectUri.Replace("response_type=code", "response_type=token");
context.Response.Redirect(redirect);
},
},
};
app.UseGoogleAuthentication(googleOAuth2AuthenticationOptions);
它仍然回避问题,如果 google OAuth 2.0 需要 response_type=token 为什么 Owin.google 提供者使用 response_type=code.
我正在尝试使用 OWIN 进行外部登录 Google/Facebook。
面临的问题是 owin 挑战不断将响应类型从令牌更改为代码。
这是 returns 来自 google 的错误。如果我将 response_type 更改为 token (response_type=token) 它会起作用。
这是 OAuth 选项
OAuthOptions = new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Token"),
Provider = new ApplicationOAuthProvider(PublicClientId),
AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
// In production mode set AllowInsecureHttp = false
AllowInsecureHttp = true,
};
Google 中间件设置:
app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions()
{
ClientId = "clientid",
ClientSecret = "client secret",
});
这是挑战:
var properties = new AuthenticationProperties() { AllowRefresh = true, RedirectUri="mywebsite.co.za" };
Request.GetOwinContext().Authentication.Challenge(properties,LoginProvider);
HttpResponseMessage response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
response.RequestMessage = Request;
return Task.FromResult(response);
OWIN 是通用 MVC API 项目的基本设置。
将response_type重写为token的解决方案如下:
GoogleOAuth2AuthenticationOptions googleOAuth2AuthenticationOptions = new GoogleOAuth2AuthenticationOptions
{
ClientId = "clientid",
ClientSecret = "secret",
Provider = new GoogleOAuth2AuthenticationProvider
{
OnApplyRedirect = context =>
{
string redirect = context.RedirectUri.Replace("response_type=code", "response_type=token");
context.Response.Redirect(redirect);
},
},
};
app.UseGoogleAuthentication(googleOAuth2AuthenticationOptions);
它仍然回避问题,如果 google OAuth 2.0 需要 response_type=token 为什么 Owin.google 提供者使用 response_type=code.