Last post Jun 16, 2014 02:47 PM by BrockAllen
Jun 10, 2014 04:34 AM|spdev101|LINK
I am using the GoogleOAuth2AuthenticationOptions class for authentication in my MVC5 Web App (SPA Template). Given below is the code
var g = new GoogleOAuth2AuthenticationOptions
ClientId = "clientid",
ClientSecret = "secret",
Provider = new GoogleOAuth2AuthenticationProvider
OnAuthenticated = async ctx =>
ctx.Identity.AddClaim(new Claim("urn:tokens:google:accesstoken", ctx.AccessToken));
// restrict the retrieved information to just signin information
The token I get is something like this
I am using this token in subsequent calls to a MVC WebAPI which uses OAuthBearerTokens for security. I send the access token through the header in my WebAPI call from my MVC Web app
Jun 10, 2014 06:56 PM|BrockAllen|LINK
The access token you get for google is only good for google's APIs. Google doesn't know about your APIs, and as such the access token you get back from google is no good for your APIs. If you want an access token for your own APIs, you need your own OAuth2
authorization server to issue them.
Jun 11, 2014 02:22 AM|spdev101|LINK
sessionStorage["accessToken"] || localStorage["accessToken"]
I always thought this was the token generated by Google, but after reading your reply I assume this is something generated internally from within ASP.NET itself.
Jun 11, 2014 07:45 AM|BrockAllen|LINK
The SPA temlate (last time I looked) uses the Katana OAuth2 authorization server middleware internally. So in short, the app is its own authorization server.
Jun 13, 2014 01:43 AM|spdev101|LINK
Is it possible to read this token in the GetExternalLogin method of the AccountController class?
Jun 13, 2014 11:40 AM|BrockAllen|LINK
IIRC, the last place you have access to it is in the OnAuthenticvated callback on the provider propery on the options class. So you'd add it to the claims collection on the identity and then that'd be available in your external callback in your controller.
The templates from VS really stink in this regard -- far too complex and trying to hide too many things.
Jun 16, 2014 06:09 AM|spdev101|LINK
If its not too much of trouble can you please give me the exact code sample please on how to get this. I checked the AuthorizeEndpoint method on the OAuthAuthorizationServerProvider derieved class but could not figure out how to get the token.
Jun 16, 2014 02:47 PM|BrockAllen|LINK
Sorry, I don't have the code. You'll have to look into the docs on the Provider propery on the GoogleOAuth2Options class.