我正在我的asp.net webapi 2中实现oAuth流程。我必须得到用户的许可才能访问他们的谷歌分析数据。为此,我在向Google oAuth2.0流程发送身份验证请求时添加了以下范围。响应于此,即使用户点击同意屏幕上的“允许访问”按钮,我也总是收到“Access_Denied”错误。
如果我没有在范围内添加Google Analytic,相同的代码工作正常并获得外部访问令牌。
此外,我已在Google开发者控制台中启用了Google分析API。
Google Analytic Scopes:
googleAuthOptions.Scope.Add(AnalyticsService.Scope.Analytics);
googleAuthOptions.Scope.Add(AnalyticsService.Scope.AnalyticsReadonly);
googleAuthOptions.Scope.Add(AnalyticsService.Scope.AnalyticsManageUsers);
用WebApi的startup.cs文件编写的代码:
//Configure Google External Login
GoogleOAuth2AuthenticationOptions googleAuthOptions = new GoogleOAuth2AuthenticationOptions()
{
ClientId = ConfigurationManager.AppSettings["GoogleClientID"],
ClientSecret = ConfigurationManager.AppSettings["GoogleClientSecret"],
Provider = new GoogleAuthProvider()
};
//1st trial=>
//googleAuthOptions.Scope.Add("https://www.googleapis.com/auth/analytics");
//2nd trial
//googleAuthOptions.Scope.Add(AnalyticsService.Scope.Analytics);
//googleAuthOptions.Scope.Add(AnalyticsService.Scope.AnalyticsReadonly);
//googleAuthOptions.Scope.Add(AnalyticsService.Scope.AnalyticsManageUsers);
app.UseGoogleAuthentication(googleAuthOptions);
WebAPI控制器中的方法[ExternalLogin]:
[OverrideAuthentication]
[HostAuthentication(DefaultAuthenticationTypes.ExternalCookie)]
[AllowAnonymous]
[Route("ExternalLogin", Name = "ExternalLogin")]
public async Task<IHttpActionResult> GetExternalLogin(string provider, string error = null)
{
string redirectUri = string.Empty;
if (error != null)
{
return BadRequest(Uri.EscapeDataString(error));
}
if (!User.Identity.IsAuthenticated)
{
return new ChallengeResult(provider, this);
}
var redirectUriValidationResult = ValidateClientAndRedirectUri(this.Request, ref redirectUri);
if (!string.IsNullOrWhiteSpace(redirectUriValidationResult))
{
return BadRequest(redirectUriValidationResult);
}
ExternalLoginData externalLogin = ExternalLoginData.FromIdentity(User.Identity as ClaimsIdentity);
if (externalLogin == null)
{
return InternalServerError();
}
if (externalLogin.LoginProvider != provider)
{
Authentication.SignOut(DefaultAuthenticationTypes.ExternalCookie);
return new ChallengeResult(provider, this);
}
//IdentityUser user = await _repo.FindAsync(new UserLoginInfo(externalLogin.LoginProvider, externalLogin.ProviderKey));
int profileID = Convert.ToInt32(HttpContext.Current.Request.QueryString["profile_id"]);
var user = new UserRepository().SearchProfileByID(profileID);
bool hasRegistered = user != null;
redirectUri = string.Format("{0}#external_access_token={1}&provider={2}&haslocalaccount={3}&external_user_name={4}",
redirectUri,
externalLogin.ExternalAccessToken,
externalLogin.LoginProvider,
hasRegistered.ToString(),
externalLogin.UserName);
return Redirect(redirectUri);
}
我已按照this链接实施oAuth功能。
请帮我解决这个问题。
由于
答案 0 :(得分:0)
最后我得到了我的问题的解决方案,我们也需要添加“电子邮件”范围。 我添加了以下2个范围以使其正常工作:
googleAuthOptions.Scope.Add("email");
googleAuthOptions.Scope.Add("https://www.googleapis.com/auth/analytics.readonly");
现在返回我的外部令牌,可以访问google analytic api
由于
维杰