使用ASP.NET Web API 2.0和Ionic Cordova应用程序启用社交登录(Enabling Social logins with ASP.NET Web API 2.0 and Io

使用ASP.NET Web API 2.0和Ionic Cordova应用程序启用社交登录(Enabling Social logins with ASP.NET Web API 2.0 and Ionic Cordova app)

我有一个ASP.NET Web API 2.0应用程序，我已连接到一个Ionic应用程序，该应用程序使用我的API进行登录，注册等。

我使用基于令牌的身份验证，以便当用户注册帐户并登录时，他们将被授予访问令牌，该令牌会在每个后续请求的标头中传递并用于对用户进行身份验证。 这工作正常。

现在我想允许用户通过登录Facebook或Google等社交账户来注册账户。

现在，我正在尝试集成Google身份验证，因此在我的Startup.Auth.cs文件中，我已经启用了它，如下所示：

app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions { ClientId = "###", ClientSecret = "###", });

我也有标准的AccountController方法，所以从我的Ionic应用程序中，我可以对'RegisterExternal'方法发出GET请求，看起来像这样：

/api/Account/ExternalLogin?provider=Google&response_type=token&client_id=self&redirect_uri=###

据我了解，此方法返回一个重定向URI，我应该在我的应用程序中导航到允许用户登录的重定向URI。 我想我会在我的应用程序中打开一个新窗口，以允许用户输入他们的详细信息？

但是，我不认为这是我想采取的方法。 对于现在的大多数应用程序，我可以简单地按下“使用Google登录”按钮，它可以在没有任何重定向或输入任何信息的情况下完成所有魔术。

我正在看看Cordova GooglePlus插件 ，这似乎是我需要的，因为它允许用户登录客户端。 成功回调还会返回以下内容：

obj.email // 'eddyverbruggen@gmail.com' obj.userId // user id obj.displayName // 'Eddy Verbruggen' obj.familyName // 'Verbruggen' obj.givenName // 'Eddy' obj.imageUrl // 'http://link-to-my-profilepic.google.com' obj.idToken // idToken that can be exchanged to verify user identity. obj.serverAuthCode // Auth code that can be exchanged for an access token and refresh token for offline access obj.accessToken // OAuth2 access token

所以我的问题是，我可以使用这些信息传递给我的ASP.NET服务的帐户服务来验证用户并为他们创建一个帐户，如果他们还没有？

我在这里读到，如果您将Google登录与通过后台服务器通信的应用程序一起使用，您可以通过将用户的ID令牌发送到我的服务器来验证它并创建帐户，从而识别服务器上当前登录的用户用户不在我的数据库中。

这表明我应该可以使用这个插件将我需要的信息发送到我的服务器。 如果这是可能的，我需要打哪个端点，我需要做什么？

我有一个AccountController.cs，它具有所有标准的东西，例如

AddExternalLogin GetExternalLogin RegisterExternal

等等。 这些有助于我吗？

I have an ASP.NET Web API 2.0 application which I have connected up to an Ionic app which uses my API for logon, registration and so on.

I am using token-based authentication so that when a user registers an account and logs in they will be granted an access token which is passed in the header of each subsequent request and used to authenticate the user. That works fine.

Now I want to allow a user to register an account by logging into a social account such as Facebook or Google.

For now, I am taking a stab at integrating Google authentication, and so in my Startup.Auth.cs file I have enabled it like so:

app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions { ClientId = "###", ClientSecret = "###", });

I also have the standard AccountController methods, so from my Ionic application I am able to make a GET request to the 'RegisterExternal' method which looks something like this:

/api/Account/ExternalLogin?provider=Google&response_type=token&client_id=self&redirect_uri=###

As I understand it, this method returns a redirect URI for which I should navigate to within my app to allow a user to login. I imagine I would open a new window in my app to allow a user to enter their details?

However, I don't think this is the approach I want to take. For most apps these days I can simply press a 'Login with Google' button and it does all the magic under the hood without any redirects or entering any info.

I was taking a look at the Cordova GooglePlus plugin and this appears to be what I need, as it allow a user to login client-side. A success callback also returns the following:

obj.email // 'eddyverbruggen@gmail.com' obj.userId // user id obj.displayName // 'Eddy Verbruggen' obj.familyName // 'Verbruggen' obj.givenName // 'Eddy' obj.imageUrl // 'http://link-to-my-profilepic.google.com' obj.idToken // idToken that can be exchanged to verify user identity. obj.serverAuthCode // Auth code that can be exchanged for an access token and refresh token for offline access obj.accessToken // OAuth2 access token

So my question is, can I use this information to pass to the account service of my ASP.NET service to authenticate the user and create an account for them if they don't have one already?

I read here that if you use Google Sign-In with an app that communicates with a backend server, you can identify the currently signed-in user on the server by sending the user's ID token to my server to validate it and create an account if the user isn't already in my database.

This suggests I should be able to use this plugin to send the information I need to my server. If this is possible, which endpoint do I need to hit and what do I need to do?

I have an AccountController.cs which has all the standard stuff, e.g.

AddExternalLogin GetExternalLogin RegisterExternal

and so on. Would any of these help me?

最满意答案

由于您已经拥有来自您首选的社交身份验证的访问令牌，因此您可以将其传递给ASP.NET。 但是，它没有办法处理这个问题，你可以在这里的博客中详细阐述这个答案 。

这将返回一个auth令牌，您可以使用auth header

PS不知道我是否应该在这里复制所有代码？ 这个太大了。

Since you already have the access token from your prefered social auth, you can pass that to ASP.NET. However, it does not have a way to process that, which you can add by following this answer also elaborated at the blog here.

Which will return an auth token you can use with auth header

P.S. Don't know if I should copy all code here as well? It's too big.