Oauth 2.0 我的OAuth2客户端能否从访问令牌检索规范用户ID?
使用OAUth2 web服务器流,我已经:Oauth 2.0 我的OAuth2客户端能否从访问令牌检索规范用户ID?,oauth-2.0,dotnetopenauth,Oauth 2.0,Dotnetopenauth,使用OAUth2 web服务器流,我已经: 用户尝试访问www.third-party.com/welcome 用户被重定向到www.myserver.com/oauth2/authorize MyServer对用户进行身份验证,并将其重定向到www.third-party.com/welcome?code= third party.com在后台与myserver.com对话,交换code以获得OAuth2访问和刷新令牌 一切都好。现在,third party.com需要确定用户的规范用户名,这
code
以获得OAuth2访问和刷新令牌 private OAuth2AuthorizationServerHost authHost {
get {
return (((OAuth2AuthorizationServerHost)authServer.AuthorizationServerServices));
}
}
public OAuth2Controller(AuthorizationServer authServer, IOAuth2ClientAuthorizationStore authStore) {
this.authServer = authServer;
this.authStore = authStore;
}
[AllowAnonymous]
public ActionResult Token() {
var result = this.authServer.HandleTokenRequest(this.Request);
return (result.AsActionResult());
}
public ActionResult Secure() {
return (Content("This is secure!"));
}
public ActionResult Authorize() {
var request = this.authServer.ReadAuthorizationRequest(this.Request);
if (authHost.CanBeAutoApproved(request)) {
var approval = this.authServer.PrepareApproveAuthorizationRequest(request, HttpContext.User.Identity.Name);
authStore.StoreAuthorization(request.ClientIdentifier, User.Identity.Name, request.Scope);
// Any way, at THIS point, to include the canonical username in the
// token exchange?
var response = this.authServer.Channel.PrepareResponse(approval);
return response.AsActionResult();
}
// no scope authorization workflow yet.
return (null);
}
}
我可以看到三种方法:
我猜(2)是个坏主意。(1)很容易实现,但我想知道方法(3)是否可行,以及我将如何进行。最常见的模式是与Facebook一样,用访问令牌交换用户详细信息: “令牌”端点提供访问令牌 “Me”端点提供与访问令牌(承载令牌)相关的用户详细信息(根据授予的范围)由请求作为授权头携带。Hi;我在寻找u响应,我想你在谈论这个模式,但有一件事我没有意识到,facebook如何仅使用访问令牌执行get/me调用?你知道吗?