我正在使用RESTfull Web 2构建ASP.NET后端。FTM有三个客户端: AngularJs web应用程序、ASP.NET和IPhone应用程序。
我需要通过谷歌和Facebook为他们建立登录,并需要您的帮助,以设计它。
我的想法如下(以Google为例):
- for AngularJS app (type Web application, with allowed origins)
- for Android (type Android)
- for IOs (type IOs)
- for WEB API backend (type Web application without any allowed origins)
好处很简单:
我的问题是:
发布于 2016-09-19 11:56:27
这个流程很好,但有一个例外:您只需要为实际的客户端应用程序(因此是)设置客户机ID(即Authorized JavaScript origins),而不是为后端设置。
至少在后端(只是一个不同的验证库),Facebook几乎是一样的,您应该不会有任何问题来抽象出一个通用的提供者接口。
至于在服务器端上验证ID令牌的完整性-在Google的端点上做一个GET来验证这个令牌,让他们担心验证算法:https://www.googleapis.com/oauth2/v3/tokeninfo?id_token={0}
以下是这幅画的样子:
private const string GoogleApiTokenInfoUrl = "https://www.googleapis.com/oauth2/v3/tokeninfo?id_token={0}";
public ProviderUserDetails GetUserDetails(string providerToken)
{
var httpClient = new MonitoredHttpClient();
var requestUri = new Uri(string.Format(GoogleApiTokenInfoUrl, providerToken));
HttpResponseMessage httpResponseMessage;
try
{
httpResponseMessage = httpClient.GetAsync(requestUri).Result;
}
catch (Exception ex)
{
return null;
}
if (httpResponseMessage.StatusCode != HttpStatusCode.OK)
{
return null;
}
var response = httpResponseMessage.Content.ReadAsStringAsync().Result;
var googleApiTokenInfo = JsonConvert.DeserializeObject<GoogleApiTokenInfo>(response);
if (!SupportedClientsIds.Contains(googleApiTokenInfo.aud))
{
Log.WarnFormat("Google API Token Info aud field ({0}) not containing the required client id", googleApiTokenInfo.aud);
return null;
}
return new ProviderUserDetails
{
Email = googleApiTokenInfo.email,
FirstName = googleApiTokenInfo.given_name,
LastName = googleApiTokenInfo.family_name,
Locale = googleApiTokenInfo.locale,
Name = googleApiTokenInfo.name,
ProviderUserId = googleApiTokenInfo.sub
};
}https://stackoverflow.com/questions/39570718
复制相似问题