Thinktecture身份服务器v3 - Facebook断言流程

时间:2014-12-14 13:11:48

标签: oauth-2.0 facebook-authentication thinktecture-ident-server

是否有可能在Thinktecture Identity Server v3中使用Facebook配置OAuth2 AssertionFlow?

leastprivilege.com上有关于为Microsoft OAuth和AuthorizationServer实施AssertionFlow的帖子,但我需要与Facebook集成,此外,AuthorizationServer被标记为已弃用且不再维护。

2 个答案:

答案 0 :(得分:4)

在回复@ NathanAldenSr的评论时,我发布了一些工作解决方案的代码。

服务器端 - 自定义验证器:

    public class FacebookCustomGrantValidator: ICustomGrantValidator
    {
        private readonly IUserService userService;
        private const string _FACEBOOK_PROVIDER_NAME = "facebook";
        // ...

        async Task<CustomGrantValidationResult>  ICustomGrantValidator.ValidateAsync(ValidatedTokenRequest request)
        {
            // check assetion type (you can have more than one in your app)
            if (request.GrantType != "assertion_fb")
                return await Task.FromResult<CustomGrantValidationResult>(null);

            // I assume that fb access token has been sent as a response form value (with 'assertion' key)
            var fbAccessToken = request.Raw.Get("assertion");
            if (string.IsNullOrWhiteSpace(assertion))
                return await Task.FromResult<CustomGrantValidationResult>(new CustomGrantValidationResult
                {
                    ErrorMessage = "Missing assertion."
                });

            AuthenticateResult authebticationResult = null;

            // if fb access token is invalid you won't be able to create Facebook client 
            var client = new Facebook.FacebookClient(fbAccessToken);
            dynamic response = client.Get("me", new { fields = "email, first_name, last_name" });

            // create idsrv identity for the user
            authebticationResult = await userService.AuthenticateExternalAsync(new ExternalIdentity()
            {
                Provider = _FACEBOOK_PROVIDER_NAME,
                ProviderId = response.id,
                Claims = new List<Claim>
                {
                    new Claim("Email", response.email),
                    new Claim("FirstName", response.first_name),
                    new Claim("LastName", response.last_name)
                    // ... and so on...
                }
            },
            new SignInMessage());

            return new CustomGrantValidationResult
            {
                Principal = authebticationResult.User
            };
        }
    }

您可以使用Thinktecture提供的OAuth2Client轻松测试它(在Thinktexture.IdentityModel Client Library nuget包中)。

string fbAccessToken = "facebook_access_token_you_aquired_while_logging_in";
string assertionType = "assertion_fb";

var client = new OAuth2Client(
                   new Uri("your_auth_server_url"),
                   "idsrv_client_id",
                   "idsrv_client_secret");

string idsrvAccessToken = client.RequestAssertionAsync(assetionType, fbAccessToken,).Result;

答案 1 :(得分:0)

IdentityServer v3还支持断言流。样本维基上有两个样本(称为“自定义拨款”):

https://github.com/thinktecture/Thinktecture.IdentityServer.v3.Samples/tree/master/source

相关问题
最新问题