Today I had the same problem and found the following solution:
Get all available suppliers first
GET /api/Account/ExternalLogins?returnUrl=%2F&generateState=true
The response message is a list in json format
[{"name":"Facebook", "url":"/api/Account/ExternalLogin?provider=Facebook&response_type=token&client_id=self&redirect_uri=http%3A%2F%2Flocalhost%3A15359%2F&state=QotufgXRptkAfJvcthIOWBnGZydgVkZWsx8YrQepeDk1", "state":"QotufgXRptkAfJvcthIOWBnGZydgVkZWsx8YrQepeDk1"}]
Now send a GET request to the address of the provider you want to use. You will be redirected to the external provider login page. Fill out your credentials and you will be redirected back to your site. Now access_token by url.
http://localhost:15359/
If the user already has a local account, the cookie .AspNet.Cookies set and everything is ready. If not, only the .AspNet.ExternalCookie cookie is .AspNet.ExternalCookie , and you must register a local account.
There is an api to find out if a user is registered:
GET /api/Account/UserInfo
Answer
{"userName":"xxx","hasRegistered":false,"loginProvider":"Facebook"}
To create a local user account, call
POST /api/Account/RegisterExternal Authorization: Bearer VPcd1RQ4X... (access_token from url) Content-Type: application/json {"UserName":"myusername"}
Now send the same request with the provider url as before
GET /api/Account/ExternalLogin?provider=Facebook&response_type=token&client_id=self&redirect_uri=http%3A%2F%2Flocalhost%3A15359%2F&state=QotufgXRptkAfJvcthIOWBnGZydgVkZWsx8YrQepeDk1
But this time, the user already has an account and receives authentication. You can verify this by calling /api/Account/UserInfo again.
Now access_token from the url. You must add an Authorization: Bearer [access_token] for each of your requests.