All geek questions in one place

Moving from a social cookie login to a token social login

This is kind of like a question that I posted on StackExchange programmers, I did not get an answer. Maybe it was wrong and should have been here. But in any case, I pounced on a few more, cut and changed the bits, and now I'm closer, but you need more help.

I am trying to implement Facebook logic (and later others) using Owin and various Katana libraries. I deal only with logins, without registration, without ASP.NET DB. I do not use ASP.NET Identity material (as when using the default ASP.NET project with separate accounts), as 90% of tutorials tell you. Sorry if I regret it. I managed to find other people who managed to break the mold and implemented OWIN without the gubbins personality, and I did quite a bit of reading about it. I think I just need help connecting the last few points.

This is for SPA with a back-end web API. So I naturally leaned towards the OAuth tokens.

I managed to get everything to work in cookie mode using some of the recommendations from this blog post . I applied my approach, and now I can log in to Facebook, and when the callback action is deleted, User.Identity is successfully configured for Facebook's identity.

The problem is that for my web API, I want to call auth / facebook or in some other way to get the OAuth token token of my identity for the user to use for future requests, and not for the cookie.

Am I best switching from this cookie to a token? And How? Or is there a better approach for this?

Here is my Startup.cs code

public class Startup
{
    // public static OAuthBearerAuthenticationOptions OAuthBearerOptions { get; private set; }

    public void Configuration(IAppBuilder app)
    {
        ConfigureOAuth(app);

        // other standard stuff (I think)
    }

    private void ConfigureOAuth(IAppBuilder app)
    {
        // lots of commented out code of me trying to do this using a custom provider and OAuth

        var cookieOptions = new CookieAuthenticationOptions
        {
            LoginPath = new PathString("api/auth/facebook")
        };

        app.UseCookieAuthentication(cookieOptions);
        app.SetDefaultSignInAsAuthenticationType(cookieOptions.AuthenticationType);

        app.UseFacebookAuthentication(new FacebookAuthenticationOptions
        {
            AppId = fbAppID,
            AppSecret = fbAppSecret,
        });
    }
}

And here is my controller code.

[RoutePrefix("api/auth")]
public class AuthController : ApiController
{
    [AllowAnonymous]
    [Route("facebook")]
    public IHttpActionResult GetFacebookChallenge()
    {
        return new ChallengeResult("Facebook", "api/auth/callback", this.Request);
    }

    [Route("callback")]
    [HttpGet]
    public IHttpActionResult Callback()
    {
        var info = Request.GetOwinContext().Authentication.GetExternalLoginInfo();
        return Ok(info);
    }
}

null, null, User.Identity , . , User.Identity, . , . ?

. , , , , .

+4

:

Source: https://habr.com/ru/post/1653061/

More articles:


All Articles