使用谷歌进行DotNetOpenAuth OAuth 2.0授权
使用谷歌进行DotNetOpenAuth OAuth 2.0授权
提问于 2014-03-27 11:57:47
我正在尝试通过OAuth 2.0使用DNOA来连接Facebook和Google。
同样的代码可以在Facebook上运行,但不能在Google上运行
IAuthorizationState authorization = client.ProcessUserAuthorization(request);
if (authorization == null) {
// Kick off authorization request
client.RequestUserAuthorization(openAuthClient.scope, new Uri(redirectUrl));
}问题是为什么?
我开始记录DNOA请求,发现了以下内容:
2014-03-27 12:20:19,497 (GMT+9) [6] DEBUG DotNetOpenAuth.Messaging.Channel - Preparing to send AccessTokenAuthorizationCodeRequestC (2.0) message.
2014-03-27 12:20:19,500 (GMT+9) [6] INFO DotNetOpenAuth.Messaging.Channel - Prepared outgoing AccessTokenAuthorizationCodeRequestC (2.0) message for https://accounts.google.com/o/oauth2/token:
code: 4/sFMRXFQwkQR_I1BsKXIA-XRO0eid.MoM8z1Q_qZEdPvB8fYmgkJxxjiYDigI
redirect_uri: http://test.almazcom.ru/asp/logon.aspx?Mode=OpenAuthLogon&Provider=google&Response=1&authuser=0&num_sessions=1&session_state=f1b3dbc278071954a1b03facd6d7053deac831f7..b3c2&prompt=none
grant_type: authorization_code
client_id: 514202796818.apps.googleusercontent.com
client_secret: ********
2014-03-27 12:20:19,500 (GMT+9) [6] DEBUG DotNetOpenAuth.Messaging.Channel - Sending AccessTokenAuthorizationCodeRequestC request.
2014-03-27 12:20:20,447 (GMT+9) [6] DEBUG DotNetOpenAuth.Http - HTTP POST https://accounts.google.com/o/oauth2/token
2014-03-27 12:20:20,533 (GMT+9) [6] ERROR DotNetOpenAuth.Http - https://accounts.google.com/o/oauth2/token returned 400 BadRequest: Bad Request
2014-03-27 12:20:20,533 (GMT+9) [6] DEBUG DotNetOpenAuth.Http - WebException from https://accounts.google.com/o/oauth2/token:
{
"error" : "invalid_request"
}然后,我更改参数redirect_uri并手动发送此请求。结果是好的!在我的谷歌应用程序中,指定了以下重定向uri:http://test.almazcom.ru/asp/logon.aspx?Mode=OpenAuthLogon&Provider=google&Response=1
如何使用不同的方法在用户授权(方法ProcessUserAuthorization)过程中更改uri?此URI必须与Google应用程序重定向uri完全相同。在其他情况下,我会从谷歌得到"invalid_request“
Stack Overflow用户
发布于 2014-05-16 13:20:09
您应该使用"state“来存储有关post身份验证重定向的信息
要停止DNOA自动设置状态并允许您设置自己的状态,请创建IClientAuthorizationTracker的实现
Public Class TokenManager
Implements IClientAuthorizationTracker
Function GetAuthorizationState(callbackUrl As System.Uri, clientState As String) As IAuthorizationState Implements IClientAuthorizationTracker.GetAuthorizationState
Dim oAS As AuthorizationState = Nothing
If True Then
oAS = New AuthorizationState()
oAS.Callback = callbackUrl
End If
Return oAS
End Function
End Class然后
oClient = New WebServerClient(MyAuthDesc)
...
oClient.AuthorizationTracker = New TokenManager最后(当ProcessUserAuthorization()返回Null/Nothing时)
Dim owr As DotNetOpenAuth.Messaging.OutgoingWebResponse
owr = oClient.PrepareRequestUserAuthorization(scopes:=sScope, returnTo:=Request.Url)
oOAuthParams.Redirect = owr.Headers.Item("Location") & "&state=" & sReturnHere当ProcessUserAuthorization成功并且您验证了您的访问令牌时,您就可以读取URL中的状态并对其执行某些操作(我不使用它来返回,我实际上使用它来阻止欺诈)
我需要执行上述操作才能使DNOA正常工作,因为我不想使用session对象
希望这能有所帮助。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/22677983
复制相关文章
相似问题
腾讯云开发者
