对于使用Google等外部提供商的用户身份验证,它使用的是特定的Owin中间件 . 例如Microsoft.Owin.Security.Google . WebAPI2模板使用它来支持隐式流认证(response_type = token) . 但是Code流程怎么样?

是否可以实现代码流(response_type = code)?

在调试这些OAuth提供程序后,我注意到将return_type =代码传递给Google,它成功进行身份验证并返回带有访问权限和刷新令牌的json,然后用户通过api / Account / ExternalLogin endpoints 登录,但在流程结束时我被重定向到http://localhost:50321/?error=unsupported_response_type# .

我无法真正找到流程在装配中设置此特定错误的位置和原因 .

Startup.Auth.cs看起来像这样:

public void ConfigureAuth(IAppBuilder app)
    {
        app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

        PublicClientId = "self";
        var tokenTimeSpanInHours = ConfigurationManager.AppSettings["AccessTokenLifeTimeInHours"];

        OAuthServerOptions = new OAuthAuthorizationServerOptions
        {
            Provider = new ApplicationOAuthProvider(PublicClientId),
            TokenEndpointPath = new PathString("/api/token"),
            AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),
            AccessTokenExpireTimeSpan = TimeSpan.FromHours(Convert.ToInt16(tokenTimeSpanInHours)),
            AllowInsecureHttp = true
        };

        app.UseOAuthBearerTokens(OAuthServerOptions);
        var googleOAuthOptions = new GoogleOAuth2AuthenticationOptions
        {
            AccessType = "offline",
            Provider = new CustomGoogleAuthProvider(),
            ClientId = ConfigurationManager.AppSettings["GoogleAccountClientId"].ToString(),
            ClientSecret = ConfigurationManager.AppSettings["GoogleAccountClientSecret"].ToString()           
        };
        googleOAuthOptions.Scope.Add("profile");
        googleOAuthOptions.Scope.Add("email");
        googleOAuthOptions.Scope.Add("https://www.googleapis.com/auth/gmail.send");
        app.UseGoogleAuthentication(googleOAuthOptions);
    }

问题出在哪里?我是否需要一些显式配置来告诉我需要代码流?是否支持?