C# 与OAuth 1.0的3个版本混淆

我的目标是：使用一次点击和重定向，我希望用户登录到我的网站，并给我授权accessToken访问他的Gmail。我想使用DNOA来授权并升级到accessToken

但是DNOA对我来说不太清楚，所以我使用了另一个dllhttp://www.matlus.com/oauth-c-library/ 在B

然后我意识到，我希望用户在第二次访问我的站点时得到身份验证和授权，这样在不将他再次重定向到站点X的情况下，我会请求对你的Gmail页面的权限

我知道我必须同时使用OpenID和OAuth。所以我用了C语言的代码

尽管有以上所有这些，我还是很困惑，不确定哪种代码最适合我的需要

也许一点也不合适？ 如何在本地主机上检查它们？参见C中的代码注释

你所能照亮的一切都将是感激的

A:

C:

考虑到您的需求，方法C似乎最正确。但是，不要基于当前请求设置域的方案http vs https。对于谷歌来说，OpenID领域绝对必须始终保持相同，因为这是您的一个选项，否则您的用户在登录时将被分配不同的声明标识符，并且在您的站点上有两个帐户，一个用于HTTP，另一个用于HTTPS，这不是您想要的

---

是的，考虑到Google的OAuth设计，您必须在URL中有一个可公开寻址的域才能进行测试。很遗憾，但这是真的，不管您使用哪种OAuth消费者库

---

我建议您使用如上所述调整的C，并对其进行修改，使其在localhost上运行时能够正常降级，这样您就有了一个用于测试的本地开发人员案例。

谢谢您的回答。请您再优雅地解释一下，在本地主机上运行时会降级。您建议如何降级？Google的OAuth设计您必须在URL中有一个可公开寻址的域才能进行测试。我已成功下载并试用了localhost。当您看到matlus库工作时，您是否将localhost领域与matlus库一起使用？我认为这个领域必须等于你在谷歌注册的用户密钥，所以我很惊讶它能起作用。是的，本地主机领域和matlus。

 public void PrepareAuthorizationRequest(Uri authCallbakUrl)
        {
            var consumer = new WebConsumer(GoogleConsumerConsts.ServiceDescription, mConsumerTokenManager);

            var requestParameters = new Dictionary<string, string>
                                        {
                                            {"scope", "https://www.googleapis.com/auth/userinfo#email"}};

            // request access
            consumer.Channel.Send(consumer.PrepareRequestUserAuthorization(authCallbakUrl, requestParameters, null));

            // throw new NoRedirectToAuthPageException();
        }

        public ProcessAuthorizationRequestResponse ProcessAuthorizationRequest()
        {
            ProcessAuthorizationRequestResponse response;
            // Process result from the service provider
            var consumer = new WebConsumer(GoogleConsumerConsts.ServiceDescription, mConsumerTokenManager);
            var accessTokenResponse = consumer.ProcessUserAuthorization();

            // If we didn't have an access token response, this wasn't called by the service provider
            if (accessTokenResponse == null)
                response = new ProcessAuthorizationRequestResponse
                               {
                                   IsAuthorized = false
                               };
            else
            {
                // Extract the access token
                string accessToken = accessTokenResponse.AccessToken;
                response = new ProcessAuthorizationRequestResponse
                 {
                     IsAuthorized = true,
                     Token = accessToken,
                     Secret = mConsumerTokenManager.GetTokenSecret(accessToken)
                 };
            }
            return response;
        }

public void GetAuthorizeRequestToken(OAuthProviderTypes authType)
{
    var consumer = mAuthorizationConsumerFactory.GetConsumer(authType);
    requestToken = GetRequestToken(consumer);
    AuthorizeRequestToken(requestToken, consumer);
}

public AccessToken UpgradeToAccessToken(OAuthProviderTypes authType, RequestToken requestToken)
{
    var consumer = mAuthorizationConsumerFactory.GetConsumer(authType);
    var oAuthConsumer = new OAuthConsumer();
    var accessToken = oAuthConsumer.GetOAuthAccessToken(consumer.AccessTokenEndpoint, _realm, consumer.ConsumerKey, consumer.ConsumerSecret, consumer.Token, consumer.Verifier, requestToken.TokenSecret);
    System.Web.HttpContext.Current.Response.Redirect("~/Authentication.htm?google");
    // Google Only - This method will get the email of the authenticated user
    //var responseText = oAuthConsumer.GetUserInfo("https://www.googleapis.com/userinfo/email", realm, consumerKey, consumerSecret, accessToken.Token, accessToken.TokenSecret);
    return new AccessToken();
}


private RequestToken GetRequestToken(IConsumer consumer)
{
    var oAuthConsumer = new OAuthConsumer();

    var requestToken = oAuthConsumer.GetOAuthRequestToken(consumer.RequestTokenEndpoint, _realm,
                                                          consumer.ConsumerKey, consumer.ConsumerSecret,
                                                          consumer.RequestTokenCallback);
    // PersistRequestToken(requestToken);

    return requestToken;
}

private void AuthorizeRequestToken(RequestToken requestToken, IConsumer consumer)
{
    System.Web.HttpContext.Current.Response.Redirect(consumer.AuthorizeTokenUrl + "?oauth_token=" + requestToken.Token);
}

private IAuthenticationRequest GetGoogleRequest()
        {
            // Google requires that the realm and consumer key be equal,
            // so we constrain the realm to match the realm in the web.config file.
            // This does mean that the return_to URL must also fall under the key,
            // which means this sample will only work on a public web site
            // that is properly registered with Google.
            // We will customize the realm to use http or https based on what the
            // return_to URL will be (which will be this page).

            var consumer = new WebConsumer(GoogleConsumerConsts.ServiceDescription, mConsumerTokenManager);

            //Realm realm = "http://localhost:8976/";
            Realm realm = System.Web.HttpContext.Current.Request.Url.Scheme + Uri.SchemeDelimiter + consumer.ConsumerKey + "/";
            IAuthenticationRequest authReq = GoogleConsumerConsts.RelyingParty.CreateRequest(GoogleConsumerConsts.GoogleOPIdentifier, realm);

            // Prepare the OAuth extension
            string scope = GoogleConsumerConsts.GetScopeUri(GoogleConsumerConsts.Applications.Contacts);
            consumer.AttachAuthorizationRequest(authReq, scope);

            // We also want the user's email address
            var fetch = new FetchRequest();
            fetch.Attributes.AddRequired(WellKnownAttributes.Contact.Email);
            authReq.AddExtension(fetch);

            return authReq;
        }