对于使用Google等外部提供商的用户身份验证,它使用的是特定的Owin中间件 . 例如Microsoft.Owin.Security.Google . WebAPI2模板使用它来支持隐式流认证(response_type = token) . 但是Code流程怎么样?
是否可以实现代码流(response_type = code)?
在调试这些OAuth提供程序后,我注意到将return_type =代码传递给Google,它成功进行身份验证并返回带有访问权限和刷新令牌的json,然后用户通过api / Account / ExternalLogin endpoints 登录,但在流程结束时我被重定向到http://localhost:50321/?error=unsupported_response_type# .
我无法真正找到流程在装配中设置此特定错误的位置和原因 .
Startup.Auth.cs看起来像这样:
public void ConfigureAuth(IAppBuilder app)
{
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
PublicClientId = "self";
var tokenTimeSpanInHours = ConfigurationManager.AppSettings["AccessTokenLifeTimeInHours"];
OAuthServerOptions = new OAuthAuthorizationServerOptions
{
Provider = new ApplicationOAuthProvider(PublicClientId),
TokenEndpointPath = new PathString("/api/token"),
AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),
AccessTokenExpireTimeSpan = TimeSpan.FromHours(Convert.ToInt16(tokenTimeSpanInHours)),
AllowInsecureHttp = true
};
app.UseOAuthBearerTokens(OAuthServerOptions);
var googleOAuthOptions = new GoogleOAuth2AuthenticationOptions
{
AccessType = "offline",
Provider = new CustomGoogleAuthProvider(),
ClientId = ConfigurationManager.AppSettings["GoogleAccountClientId"].ToString(),
ClientSecret = ConfigurationManager.AppSettings["GoogleAccountClientSecret"].ToString()
};
googleOAuthOptions.Scope.Add("profile");
googleOAuthOptions.Scope.Add("email");
googleOAuthOptions.Scope.Add("https://www.googleapis.com/auth/gmail.send");
app.UseGoogleAuthentication(googleOAuthOptions);
}
问题出在哪里?我是否需要一些显式配置来告诉我需要代码流?是否支持?