在我的web应用程序我已经注册谷歌作为一个单点登录服务提供商:
Within my web application I have registered Google as a single sign-on provider:
app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions { ClientId = "8765.......apps.googleusercontent", ClientSecret = "Secret" })我的应用程序不允许用户要注册/注册(而不是他们的帐户是由管理员创建的,但他们可以稍后关联帐户与谷歌)。
My app doesn't allow users to sign-up/register (instead their accounts are created by an administrator, but they can later link their account up with Google).
在我的在与谷歌的控制器,我试图发出挑战赛()重定向到谷歌。这可能不是thecorrect方式:
In my "Sign in with Google" controller, I am trying to issue a Challenge() to redirect to Google. This might not be thecorrect approach:
string redirectUri = "localhost:55262/SSO/Google/ProcessToken"; // actually created in code, but shown as string for clarity AuthenticationProperties properties = new AuthenticationProperties(); properties.RedirectUri = Server.UrlEncode(redirectUri); Context.GetOwinContext().Authentication.Challenge(properties, "Google");这正确地发送到用户的谷歌,但谷歌随后presents 错误:redirect_uri_mismatch ,说:
This correctly sends the user to Google, but Google then presents Error: redirect_uri_mismatch, saying that:
在请求重定向URI:的http://本地主机:55262 /登入,谷歌 没有注册的重定向URI相匹配。
The redirect URI in the request: localhost:55262/signin-google did not match a registered redirect URI.
我见过当返回URI集合中的谷歌控制面板不包含指定的 REDIRECT_URI 在此之前的错误。
I've seen this error before when the return URI collection in the Google control panel does not contain the redirect_uri specified.
如果我在VS2015调试,我可以看到 REDIRECT_URI 财产被在 AuthenticationProperties ,但正确设置似乎OWIN /武士刀是不是传递给谷歌。相反,当我打谷歌的return_uri是OWIN /武士刀使用的默认之一。一个我设置被忽略。
If I debug in VS2015, I can see the redirect_uri property being set correctly in the AuthenticationProperties, but it seems that OWIN/Katana is not passing it to Google. Instead, when I hit Google, the return_uri is the default one used by OWIN/Katana. The one I set is being ignored.
在谷歌要求的细节似乎证实了这一点:
The Google request details seem to confirm this:
scope=openid profile email response_type=code redirect_uri=localhost:55262/signin-google我在做什么错在这里吗?我不应该使用挑战进行(),允许用户自己的本地应用程序帐户与谷歌联系起来?
What am I doing wrong here please? Should I not be using Challenge() to allow users to link up their local application account with Google?
推荐答案注意的OWIN的开放认证有predefined方法。换句话说,在本地主机:端口/登入-谷歌中,OWIN等待用于调用的登入-谷歌的由外部认证服务(虽然你无法找到其在项目中实现)。在登入-谷歌的是一个有效的和工作路径和我prefoundly劝你们不要改变它(由于避免写一个新的实现作为控制器动作)。
Note that the OWIN's Open Authentication have predefined methods. In another words, in localhost:port/signin-google, the OWIN awaits for calling the signin-google by the external authentication service (Although you can't find its implementation inside the project). The signin-google is a valid and working path and I prefoundly exhort you not to change it (due to avoid writing a new implementation as a controller action).
我有类似的麻烦,花费很多疲惫天后,终于,我发现了问题来自于这是对发送 REDIRECT_URI 由OWIN有效的原始用户的URL 。很显然:
I had similar trouble, After spending many weary days, finally, I found out the problem comes from the original user's URL which is effective on the sent redirect_uri by the OWIN. Clearly:
- 如果您键入www.site→ REDIRECT_URI 等于 www.site/signin-google
- 如果您键入site→ REDIRECT_URI 等于 site/signin-google
- If you type www.site → redirect_uri equals to www.site/signin-google
- If you type site → redirect_uri equals to site/signin-google
和谷歌将返回 redirect_uri_mismatch 错误作为基于在控制台中输入的URL重定向的上述情况之一。我觉得你的问题来自于这个现实太和解决方案是设置控制台任何可能的URL。
And Google will return redirect_uri_mismatch Error for one of the above cases based on entered redirect URLs in Console. I think your problem comes from this reality too and the solution is setting any possible URLs in console.
更多推荐
AuthenticationProperties.RedirectUri不传递给谷歌在挑战赛()
发布评论