问题
I am trying to use DNOA to connect with Facebook and Google over OAuth 2.0.
The same code is working with Facebook, but isn't working with Google
IAuthorizationState authorization = client.ProcessUserAuthorization(request);
if (authorization == null) {
// Kick off authorization request
client.RequestUserAuthorization(openAuthClient.scope, new Uri(redirectUrl));
}
The question is why?
I start logging DNOA request and found following:
2014-03-27 12:20:19,497 (GMT+9) [6] DEBUG DotNetOpenAuth.Messaging.Channel - Preparing to send AccessTokenAuthorizationCodeRequestC (2.0) message.
2014-03-27 12:20:19,500 (GMT+9) [6] INFO DotNetOpenAuth.Messaging.Channel - Prepared outgoing AccessTokenAuthorizationCodeRequestC (2.0) message for https://accounts.google.com/o/oauth2/token:
code: 4/sFMRXFQwkQR_I1BsKXIA-XRO0eid.MoM8z1Q_qZEdPvB8fYmgkJxxjiYDigI
redirect_uri: http://test.almazcom.ru/asp/logon.aspx?Mode=OpenAuthLogon&Provider=google&Response=1&authuser=0&num_sessions=1&session_state=f1b3dbc278071954a1b03facd6d7053deac831f7..b3c2&prompt=none
grant_type: authorization_code
client_id: 514202796818.apps.googleusercontent.com
client_secret: ********
2014-03-27 12:20:19,500 (GMT+9) [6] DEBUG DotNetOpenAuth.Messaging.Channel - Sending AccessTokenAuthorizationCodeRequestC request.
2014-03-27 12:20:20,447 (GMT+9) [6] DEBUG DotNetOpenAuth.Http - HTTP POST https://accounts.google.com/o/oauth2/token
2014-03-27 12:20:20,533 (GMT+9) [6] ERROR DotNetOpenAuth.Http - https://accounts.google.com/o/oauth2/token returned 400 BadRequest: Bad Request
2014-03-27 12:20:20,533 (GMT+9) [6] DEBUG DotNetOpenAuth.Http - WebException from https://accounts.google.com/o/oauth2/token:
{
"error" : "invalid_request"
}
Then I change parameter redirect_uri and send this request manually. Result is OK! In my Google application specified following redirect uri: http://test.almazcom.ru/asp/logon.aspx?Mode=OpenAuthLogon&Provider=google&Response=1
How can I change uri during user authorization (method ProcessUserAuthorization) with different one? This uri must be exactly same as Google application Redirect URI. In other cases I get "invalid_request" from Google
回答1:
You should use the "state" to store information on post authentication redirects
To stop DNOA setting a state automatically and allowing you to set your own one create a implementation of IClientAuthorizationTracker
Public Class TokenManager
Implements IClientAuthorizationTracker
Function GetAuthorizationState(callbackUrl As System.Uri, clientState As String) As IAuthorizationState Implements IClientAuthorizationTracker.GetAuthorizationState
Dim oAS As AuthorizationState = Nothing
If True Then
oAS = New AuthorizationState()
oAS.Callback = callbackUrl
End If
Return oAS
End Function
End Class
and then
oClient = New WebServerClient(MyAuthDesc)
...
oClient.AuthorizationTracker = New TokenManager
lastly (When ProcessUserAuthorization() returns Null/Nothing)
Dim owr As DotNetOpenAuth.Messaging.OutgoingWebResponse
owr = oClient.PrepareRequestUserAuthorization(scopes:=sScope, returnTo:=Request.Url)
oOAuthParams.Redirect = owr.Headers.Item("Location") & "&state=" & sReturnHere
When ProcessUserAuthorization succeeds and you verify your access token then you can read the state in the URL and do something with it (I do not use it to return I actually use it to discourage fraud)
I needed to do the above anyway to get DNOA working as I did not want to use the session object
Hope this helps.
来源:https://stackoverflow.com/questions/22677983/dotnetopenauth-oauth-2-0-authorization-with-google