Question

我正在我的asp.net webapi 2中实现oAuth流程。我必须得到用户的许可才能访问他们的谷歌分析数据。为此，我在向Google oAuth2.0流程发送身份验证请求时添加了以下范围。响应于此，即使用户点击同意屏幕上的“允许访问”按钮，我也总是收到“Access_Denied”错误。

如果我没有在范围内添加Google Analytic，相同的代码工作正常并获得外部访问令牌。

此外，我已在Google开发者控制台中启用了Google分析API。

Google Analytic Scopes：

googleAuthOptions.Scope.Add(AnalyticsService.Scope.Analytics);
googleAuthOptions.Scope.Add(AnalyticsService.Scope.AnalyticsReadonly);
googleAuthOptions.Scope.Add(AnalyticsService.Scope.AnalyticsManageUsers);

用WebApi的startup.cs文件编写的代码：

//Configure Google External Login
GoogleOAuth2AuthenticationOptions googleAuthOptions = new GoogleOAuth2AuthenticationOptions()
{
    ClientId = ConfigurationManager.AppSettings["GoogleClientID"],
    ClientSecret = ConfigurationManager.AppSettings["GoogleClientSecret"],
    Provider = new GoogleAuthProvider()
};

//1st trial=> 
//googleAuthOptions.Scope.Add("https://www.googleapis.com/auth/analytics");

//2nd trial
//googleAuthOptions.Scope.Add(AnalyticsService.Scope.Analytics);
//googleAuthOptions.Scope.Add(AnalyticsService.Scope.AnalyticsReadonly);            
//googleAuthOptions.Scope.Add(AnalyticsService.Scope.AnalyticsManageUsers);

app.UseGoogleAuthentication(googleAuthOptions);

WebAPI控制器中的方法[ExternalLogin]：

[OverrideAuthentication]    
[HostAuthentication(DefaultAuthenticationTypes.ExternalCookie)]
    [AllowAnonymous]
    [Route("ExternalLogin", Name = "ExternalLogin")]
    public async Task<IHttpActionResult> GetExternalLogin(string provider, string error = null)
    {
        string redirectUri = string.Empty;

        if (error != null)
        {
            return BadRequest(Uri.EscapeDataString(error));
        }

        if (!User.Identity.IsAuthenticated)
        {
            return new ChallengeResult(provider, this);
        }

        var redirectUriValidationResult = ValidateClientAndRedirectUri(this.Request, ref redirectUri);

        if (!string.IsNullOrWhiteSpace(redirectUriValidationResult))
        {
            return BadRequest(redirectUriValidationResult);
        }

        ExternalLoginData externalLogin = ExternalLoginData.FromIdentity(User.Identity as ClaimsIdentity);

        if (externalLogin == null)
        {
            return InternalServerError();
        }

        if (externalLogin.LoginProvider != provider)
        {
            Authentication.SignOut(DefaultAuthenticationTypes.ExternalCookie);
            return new ChallengeResult(provider, this);
        }

        //IdentityUser user = await _repo.FindAsync(new UserLoginInfo(externalLogin.LoginProvider, externalLogin.ProviderKey));

        int profileID = Convert.ToInt32(HttpContext.Current.Request.QueryString["profile_id"]);

        var user = new UserRepository().SearchProfileByID(profileID);

        bool hasRegistered = user != null;

        redirectUri = string.Format("{0}#external_access_token={1}&provider={2}&haslocalaccount={3}&external_user_name={4}",
                                        redirectUri,
                                        externalLogin.ExternalAccessToken,
                                        externalLogin.LoginProvider,
                                        hasRegistered.ToString(),
                                        externalLogin.UserName);

        return Redirect(redirectUri);

    }

我已按照this链接实施oAuth功能。

请帮我解决这个问题。

由于

Answer 1

最后我得到了我的问题的解决方案，我们也需要添加“电子邮件”范围。我添加了以下2个范围以使其正常工作：

googleAuthOptions.Scope.Add("email");  
googleAuthOptions.Scope.Add("https://www.googleapis.com/auth/analytics.readonly");

现在返回我的外部令牌，可以访问google analytic api

由于

维杰

Google Analytics的“Access_Denied”

1 个答案: