Google Hybrid OpenID+OAuth with dotnetopenauth
Posted
by
Max Favilli
on Stack Overflow
See other posts from Stack Overflow
or by Max Favilli
Published on 2012-10-18T22:57:21Z
Indexed on
2012/10/18
23:00 UTC
Read the original article
Hit count: 456
I have spent probably more than 10 hours in the last two days trying to understand how to implement user login with Google Hybrid OpenID+OAuth (Federated Login)
To trigger the authorization request I use:
InMemoryOAuthTokenManager tm = new InMemoryOAuthTokenManager( ConfigurationManager.AppSettings["googleConsumerKey"], ConfigurationManager.AppSettings["googleConsumerSecret"]);
using (OpenIdRelyingParty openid = new OpenIdRelyingParty())
{
Realm realm = HttpContext.Current.Request.Url.Scheme + Uri.SchemeDelimiter + ConfigurationManager.AppSettings["googleConsumerKey"] + "/";
IAuthenticationRequest request = openid.CreateRequest(identifier, Realm.AutoDetect, new Uri(HttpContext.Current.Request.Url.Scheme + "://" + HttpContext.Current.Request.Url.Authority + "/OAuth/google"));
var authorizationRequest = new AuthorizationRequest
{
Consumer = ConfigurationManager.AppSettings["googleConsumerKey"],
Scope = "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/plus.me",
};
request.AddExtension(authorizationRequest);
request.AddExtension(new ClaimsRequest
{
Email = DemandLevel.Request,
Gender = DemandLevel.Require
});
request.RedirectToProvider();
}
To retrieve the accesstoken I use:
using (OpenIdRelyingParty openid = new OpenIdRelyingParty())
{
IAuthenticationResponse authResponse = openid.GetResponse();
if (authResponse != null)
{
switch (authResponse.Status)
{
case AuthenticationStatus.Authenticated:
HttpContext.Current.Trace.Write("AuthenticationStatus", "Authenticated");
FetchResponse fr = authResponse.GetExtension<FetchResponse>();
InMemoryOAuthTokenManager tm = new InMemoryOAuthTokenManager(ConfigurationManager.AppSettings["googleConsumerKey"], ConfigurationManager.AppSettings["googleConsumerSecret"]);
ServiceProviderDescription spd = new ServiceProviderDescription {
spd.RequestTokenEndpoint = new DotNetOpenAuth.Messaging.MessageReceivingEndpoint("https://accounts.google.com/o/oauth2/token", HttpDeliveryMethods.AuthorizationHeaderRequest | HttpDeliveryMethods.GetRequest);
spd.AccessTokenEndpoint = new DotNetOpenAuth.Messaging.MessageReceivingEndpoint("https://accounts.google.com/o/oauth2/token", HttpDeliveryMethods.AuthorizationHeaderRequest | HttpDeliveryMethods.GetRequest);
spd.UserAuthorizationEndpoint = new DotNetOpenAuth.Messaging.MessageReceivingEndpoint("https://accounts.google.com/o/oauth2/auth?access_type=offline", HttpDeliveryMethods.AuthorizationHeaderRequest | HttpDeliveryMethods.GetRequest);
spd.TamperProtectionElements = new ITamperProtectionChannelBindingElement[] { new HmacSha1SigningBindingElement() };
WebConsumer wc = new WebConsumer(spd, tm);
AuthorizedTokenResponse accessToken = wc.ProcessUserAuthorization();
if (accessToken != null)
{
HttpContext.Current.Trace.Write("accessToken", accessToken.ToString());
}
else
{
}
break;
case AuthenticationStatus.Canceled:
HttpContext.Current.Trace.Write("AuthenticationStatus", "Canceled");
break;
case AuthenticationStatus.Failed:
HttpContext.Current.Trace.Write("AuthenticationStatus", "Failed");
break;
default:
break;
}
}
}
Unfortunatelly I get AuthenticationStatus.Authenticated but wc.ProcessUserAuthorization() is null.
What am I doing wrong?
Thanks a lot for any help.
© Stack Overflow or respective owner
