Last post Jun 23, 2016 08:26 AM by Fei Han - MSFT
Jun 21, 2016 06:59 PM|SebTittley|LINK
I have a problem that I can't seem to solve. I'm currently working on a single page application that uses
AngularJS for the front-end and ASP.Net Core RC2 for the API. They are in separate projects (client and api).
On the authorization side of things what I want to do is log in with a
third-party OAuth 2 provider (i.e. GitHub). Then I would use the token to fetch the user's profile, validate that the user is registered in my application and then return my own token. The GitHub token would be use just once at log in.
I got this to kind of work by using the implicit grant, but I don't know if this is the way to go. Here is my current log in process:
So yeah this works BUT I remember in older version (before core), you could authorize with OAuth 2 on the API server using a popup window using "ChallengeResult" in the controller's action. I'm wondering how I could achieve this with ASP.Net Core RC2 (is
it even possible). I'm new to the whole SPA authorization (SPAs in general) and the implicit grant does not seem like the most secure way of doing this. I'd rather, if possible return the GitHub token directly to the API server and not have to send it to the
client and then send it back to the server.
Here's an example I found made with "old" asp.net: http://bitoftech.net/2014/06/01/token-based-authentication-asp-net-web-api-2-owin-asp-net-identity/
I don't know if my question was clear but thank you in advance
Jun 23, 2016 08:26 AM|Fei Han - MSFT|LINK
I remember in older version (before core), you could authorize with OAuth 2 on the API server using a popup window using "ChallengeResult" in the controller's action. I'm wondering how I could achieve this with ASP.Net Core RC2 (is it even possible).
From this documentation, we could find class ChallengeResult is contained in