1. 首页
  2. 问答
  3. 与Google的DotNetOpenAuth OAuth 2.0授权

与Google的DotNetOpenAuth OAuth 2.0授权

2014-03-27 72 views
1

我试图使用DNOA通过OAuth 2.0与Facebook和Google连接。与Google的DotNetOpenAuth OAuth 2.0授权

相同的代码正在与Facebook,但不与谷歌

IAuthorizationState authorization = client.ProcessUserAuthorization(request); 
if (authorization == null) { 
    // Kick off authorization request 
    client.RequestUserAuthorization(openAuthClient.scope, new Uri(redirectUrl)); 
}

问题是,为什么工作?

我开始记录DNOA请求,并找到如下:

2014-03-27 12:20:19,497 (GMT+9) [6] DEBUG DotNetOpenAuth.Messaging.Channel - Preparing to send AccessTokenAuthorizationCodeRequestC (2.0) message. 

2014-03-27 12:20:19,500 (GMT+9) [6] INFO DotNetOpenAuth.Messaging.Channel - Prepared outgoing AccessTokenAuthorizationCodeRequestC (2.0) message for https://accounts.google.com/o/oauth2/token: 

code: 4/sFMRXFQwkQR_I1BsKXIA-XRO0eid.MoM8z1Q_qZEdPvB8fYmgkJxxjiYDigI 
redirect_uri: http://test.almazcom.ru/asp/logon.aspx?Mode=OpenAuthLogon&Provider=google&Response=1&authuser=0&num_sessions=1&session_state=f1b3dbc278071954a1b03facd6d7053deac831f7..b3c2&prompt=none 
grant_type: authorization_code 
client_id: 514202796818.apps.googleusercontent.com 
client_secret: ******** 

2014-03-27 12:20:19,500 (GMT+9) [6] DEBUG DotNetOpenAuth.Messaging.Channel - Sending AccessTokenAuthorizationCodeRequestC request. 

2014-03-27 12:20:20,447 (GMT+9) [6] DEBUG DotNetOpenAuth.Http - HTTP POST https://accounts.google.com/o/oauth2/token 

2014-03-27 12:20:20,533 (GMT+9) [6] ERROR DotNetOpenAuth.Http - https://accounts.google.com/o/oauth2/token returned 400 BadRequest: Bad Request 

2014-03-27 12:20:20,533 (GMT+9) [6] DEBUG DotNetOpenAuth.Http - WebException from https://accounts.google.com/o/oauth2/token: 
{ 
"error" : "invalid_request" 
}

然后我改变参数REDIRECT_URI并手动发送该请求。结果是OK!在我的Google应用程序中指定了以下重定向URI:http://test.almazcom.ru/asp/logon.aspx?Mode=OpenAuthLogon&Provider=google&Response=1

如何在不同的用户授权(方法ProcessUserAuthorization)期间更改uri?此uri必须与Google应用程序重定向URI完全相同。在其他情况下,我得到“INVALID_REQUEST”从谷歌

来源

2014-03-27 Krumberg Andrey

+0

没有人遇到过这个问题吗? –

回答

2

您应该使用“状态”来存储后的认证信息重定向

要停止DNOA自动设置状态,并允许您设置自己的一个创建一个实现IClientAuthorizationTracker

然后

oClient = New WebServerClient(MyAuthDesc) 
... 
oClient.AuthorizationTracker = New TokenManager

最后(当ProcessUserAuthorization()返回讷L /没有)

Dim owr As DotNetOpenAuth.Messaging.OutgoingWebResponse 
owr = oClient.PrepareRequestUserAuthorization(scopes:=sScope, returnTo:=Request.Url) 
oOAuthParams.Redirect = owr.Headers.Item("Location") & "&state=" & sReturnHere

当ProcessUserAuthorization成功和您确认您的访问令牌,那么你可以在URL中读取状态,并用它做的东西(我不使用它返回实际上我用它来阻止欺诈)

我需要做反正上面得到DNOA工作,我不想使用会话对象

希望这有助于。

来源

2014-05-16 05:20:08

相关问题

 相关问题