C# 丰富的Twitter数字/OpenIdDictServer谷歌认证
我们的应用程序需要通过手机号码或谷歌登录。我们计划使用Twitter数字进行手机号码认证 据我所知,注册和认证流程如下:C# 丰富的Twitter数字/OpenIdDictServer谷歌认证,c#,asp.net-authorization,asp.net-authentication,openiddict,C#,Asp.net Authorization,Asp.net Authentication,Openiddict,我们的应用程序需要通过手机号码或谷歌登录。我们计划使用Twitter数字进行手机号码认证 据我所知,注册和认证流程如下: 移动应用程序通过Twitter数字或谷歌登录进行丰富的身份验证(用户使用丰富的身份验证而不是打开web浏览器标签,这对用户来说是更好的用户体验)。Twitter数字/Google登录返回身份令牌 移动应用程序调用AuthServer登录并显示身份令牌 Identity server使用Digits服务或Google Auth服务验证提供的标识令牌 验证后,AuthServer
[HttpPost("~/connect/token")]
[Produces("application/json")]
public IActionResult Exchange(OpenIdConnectRequest request)
{
if (request.GrantType == "urn:ietf:params:oauth:grant-type:google_identity_token")
{
// Reject the request if the "assertion" parameter is missing.
if (string.IsNullOrEmpty(request.Assertion))
{
return BadRequest(new OpenIdConnectResponse
{
Error = OpenIdConnectConstants.Errors.InvalidRequest,
ErrorDescription = "The mandatory 'assertion' parameter was missing."
});
}
// Create a new ClaimsIdentity containing the claims that
// will be used to create an id_token and/or an access token.
var identity = new ClaimsIdentity(OpenIdConnectServerDefaults.AuthenticationScheme);
// Manually validate the identity token issued by Google,
// including the issuer, the signature and the audience.
// Then, copy the claims you need to the "identity" instance.
// Create a new authentication ticket holding the user identity.
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
new AuthenticationProperties(),
OpenIdConnectServerDefaults.AuthenticationScheme);
ticket.SetScopes(
OpenIdConnectConstants.Scopes.OpenId,
OpenIdConnectConstants.Scopes.OfflineAccess);
return SignIn(ticket.Principal, ticket.Properties, ticket.AuthenticationScheme);
}
return BadRequest(new OpenIdConnectResponse
{
Error = OpenIdConnectConstants.Errors.UnsupportedGrantType,
ErrorDescription = "The specified grant type is not supported."
});
}
请注意,您还必须在OpenIddict选项中启用它:
// Register the OpenIddict services.
services.AddOpenIddict()
// Register the Entity Framework stores.
.AddEntityFrameworkCoreStores<ApplicationDbContext>()
// Register the ASP.NET Core MVC binder used by OpenIddict.
// Note: if you don't call this method, you won't be able to
// bind OpenIdConnectRequest or OpenIdConnectResponse parameters.
.AddMvcBinders()
// Enable the token endpoint.
.EnableTokenEndpoint("/connect/token")
// Enable the refresh token flow and a custom grant type.
.AllowRefreshTokenFlow()
.AllowCustomFlow("urn:ietf:params:oauth:grant-type:google_identity_token")
// During development, you can disable the HTTPS requirement.
.DisableHttpsRequirement();
//注册OpenIddict服务。
services.AddOpenIddict()
//注册实体框架存储。
.AddEntityFrameworkCoreStores)。这太完美了!谢谢。