Verify Access Token - Asp.Net Identity
I\'m using ASP.Net Identity to implement external logins. After user logins in with Google I get google\'s external access token. I then make a second api call to ObtainLoca
-
Studying the implementation by Taiseer Joudeh
the /ExternalLogin endpoint replaces the OWIN Authentication Challenge.
The AngularJS
LoginControllermakes a call to the authService.obtainAccessToken when an externally authenticated user has not been found in Identity Provider:if (fragment.haslocalaccount == 'False') { ... } else { //Obtain access token and redirect to orders var externalData = { provider: fragment.provider, externalAccessToken: fragment.external_access_token }; authService.obtainAccessToken(externalData).then(function (response) { $location.path('/orders');It uses the VerifyExternalAccessToken to perform a reverse lookup against Google and Facebook API's to get claim info for the bearer token.
if (provider == "Facebook") { var appToken = "xxxxxx"; verifyTokenEndPoint = string.Format("https://graph.facebook.com/debug_token?input_token={0}&access_token={1}", accessToken, appToken); } else if (provider == "Google") { verifyTokenEndPoint = string.Format("https://www.googleapis.com/oauth2/v1/tokeninfo?access_token={0}", accessToken); } else { return null; }If token is found, it returns a new ASP.NET bearer token
var accessTokenResponse = GenerateLocalAccessTokenResponse(user.UserName); return Ok(accessTokenResponse);
With
[HostAuthentication(DefaultAuthenticationTypes.ExternalBearer)]the OWIN Middleware uses the external bearer token to access the 3rd party's Cookie and Register a new account (Or find existing).OWIN Middleware cannot be configured to accept external bearer token instead of local authority tokens. External bearer tokens are only used for Authentication and Registration.
讨论(0)
加载中...
- 热议问题