Thinktecture Identity Server v3-Facebook断言流程

moody19871987 发表于 Dev

moody19871987

是否可以在Thinktecture Identity Server v3中使用Facebook配置OAuth2 AssertionFlow？

在minimumprivilege.com上有一则关于为Microsoft OAuth和AuthorizationServer实现AssertionFlow的帖子，但是我需要与Facebook集成，此外，AuthorizationServer被标记为已弃用，并且不再维护。

moody19871987

为了响应@NathanAldenSr的评论，我发布了一些我的工作解决方案的代码。

服务器端-自定义验证器：

    public class FacebookCustomGrantValidator: ICustomGrantValidator
    {
        private readonly IUserService userService;
        private const string _FACEBOOK_PROVIDER_NAME = "facebook";
        // ...

        async Task<CustomGrantValidationResult>  ICustomGrantValidator.ValidateAsync(ValidatedTokenRequest request)
        {
            // check assetion type (you can have more than one in your app)
            if (request.GrantType != "assertion_fb")
                return await Task.FromResult<CustomGrantValidationResult>(null);

            // I assume that fb access token has been sent as a response form value (with 'assertion' key)
            var fbAccessToken = request.Raw.Get("assertion");
            if (string.IsNullOrWhiteSpace(assertion))
                return await Task.FromResult<CustomGrantValidationResult>(new CustomGrantValidationResult
                {
                    ErrorMessage = "Missing assertion."
                });

            AuthenticateResult authebticationResult = null;

            // if fb access token is invalid you won't be able to create Facebook client 
            var client = new Facebook.FacebookClient(fbAccessToken);
            dynamic response = client.Get("me", new { fields = "email, first_name, last_name" });

            // create idsrv identity for the user
            authebticationResult = await userService.AuthenticateExternalAsync(new ExternalIdentity()
            {
                Provider = _FACEBOOK_PROVIDER_NAME,
                ProviderId = response.id,
                Claims = new List<Claim>
                {
                    new Claim("Email", response.email),
                    new Claim("FirstName", response.first_name),
                    new Claim("LastName", response.last_name)
                    // ... and so on...
                }
            },
            new SignInMessage());

            return new CustomGrantValidationResult
            {
                Principal = authebticationResult.User
            };
        }
    }

您可以使用Thinktecture也提供的OAuth2Client（在Thinktexture.IdentityModel客户端库nuget包中）轻松对其进行测试。

string fbAccessToken = "facebook_access_token_you_aquired_while_logging_in";
string assertionType = "assertion_fb";

var client = new OAuth2Client(
                   new Uri("your_auth_server_url"),
                   "idsrv_client_id",
                   "idsrv_client_secret");

string idsrvAccessToken = client.RequestAssertionAsync(assetionType, fbAccessToken,).Result;

本文收集自互联网，转载请注明来源。

如有侵权，请联系[email protected] 删除。