来自服务器的无效状态。可能是伪造的!Xamarin.Auth中出错
为什么在尝试使用Xamarin.Auth Api时会收到此错误消息? 我在Android平台上运行,并使用Xamarin.Forms来自服务器的无效状态。可能是伪造的!Xamarin.Auth中出错,xamarin,xamarin.forms,oauth-2.0,xamarin.android,Xamarin,Xamarin.forms,Oauth 2.0,Xamarin.android,为什么在尝试使用Xamarin.Auth Api时会收到此错误消息? 我在Android平台上运行,并使用Xamarin.Forms OAuth2Authenticator auth = new OAuth2Authenticator ( clientId: AppKeyDropboxtoken, scope: "", authorizeUrl: new Uri("https://www.dr
OAuth2Authenticator auth = new OAuth2Authenticator
(
clientId: AppKeyDropboxtoken,
scope: "",
authorizeUrl: new Uri("https://www.dropbox.com/oauth2/authorize"),
redirectUrl: new Uri(RedirectUri),
isUsingNativeUI: false
);
auth.Completed += (sender, eventArgs) =>
{
if (eventArgs.IsAuthenticated)
{
// Use eventArgs.Account to do wonderful things
this.AccessToken = eventArgs.Account.Properties["access_token"].ToString();
Debug.WriteLine("AccessToken: " + this.AccessToken);
openDropboxFileList();
}
};
var presenter = new Xamarin.Auth.Presenters.OAuthLoginPresenter();
presenter.Login(auth);
创建一个类并在下面添加此代码:
public class AuthenticatorExtensions : OAuth2Authenticator
{
public AuthenticatorExtensions(string clientId, string clientSecret, string scope, Uri authorizeUrl, Uri redirectUrl, Uri accessTokenUrl, GetUsernameAsyncFunc getUsernameAsync = null, bool isUsingNativeUI = false) : base(clientId, clientSecret, scope, authorizeUrl, redirectUrl, accessTokenUrl, getUsernameAsync, isUsingNativeUI)
{
}
protected override void OnPageEncountered(Uri url, System.Collections.Generic.IDictionary<string, string> query, System.Collections.Generic.IDictionary<string, string> fragment)
{
// Remove state from dictionaries.
// We are ignoring request state forgery status
// as we're hitting an ASP.NET service which forwards
// to a third-party OAuth service itself
if (query.ContainsKey("state"))
{
query.Remove("state");
}
if (fragment.ContainsKey("state"))
{
fragment.Remove("state");
}
base.OnPageEncountered(url, query, fragment);
}
}
公共类AuthenticateTextensions:OAuth2Authenticator
{
public AuthenticatorExtensions(string clientId,string clientSecret,string scope,Uri authorizeUrl,Uri redirectUrl,Uri accessTokenUrl,getUsernameAsync=null,bool isUsingNativeUI=false):base(clientId,clientSecret,scope,authorizeUrl,redirectUrl,accessTokenUrl,getUsernameAsync,isUsingNativeUI)
{
}
遇到受保护的覆盖无效OnPageUri(Uri url、System.Collections.Generic.IDictionary查询、System.Collections.Generic.IDictionary片段)
{
//从字典中删除状态。
//我们正在忽略请求状态伪造状态
//当我们遇到一个ASP.NET服务时
//到第三方OAuth服务本身
if(query.ContainsKey(“state”))
{
查询。删除(“状态”);
}
if(fragment.ContainsKey(“状态”))
{
片段。移除(“状态”);
}
OnPageConferenced(url、查询、片段);
}
}
然后按如下方式使用:
[Obsolete]
private void SignInGoogleAuth()
{
try
{
string clientId = null;
string redirectUri = null;
//Xamarin.Auth.CustomTabsConfiguration.CustomTabsClosingMessage = null;
clientId = Constants.GoogleAndroidClientId;
redirectUri = Constants.GoogleAndroidRedirectUrl;
account = store.FindAccountsForService(Constants.AppName).FirstOrDefault();
var authenticator = new AuthenticatorExtensions(
clientId,
null,
Constants.GoogleScope,
new Uri(Constants.GoogleAuthorizeUrl),
new Uri(redirectUri),
new Uri(Constants.GoogleAccessTokenUrl),
null,
true);
authenticator.Completed += OnAuthCompleted;
authenticator.Error += OnAuthError;
AuthenticationState.Authenticator = authenticator;
var presenter = new Xamarin.Auth.Presenters.OAuthLoginPresenter();
presenter.Login(authenticator);
}
catch (Exception ex)
{
ShowAlert("Alert", ex.Message);
}
}
[Obsolete]
async void OnAuthCompleted(object sender, AuthenticatorCompletedEventArgs e)
{
var authenticator = sender as OAuth2Authenticator;
if (authenticator != null)
{
authenticator.Completed -= OnAuthCompleted;
authenticator.Error -= OnAuthError;
}
if (e.IsAuthenticated)
{
// If the user is authenticated, request their basic user data from Google
// UserInfoUrl = https://www.googleapis.com/oauth2/v2/userinfo
var request = new OAuth2Request("GET", new Uri(Constants.GoogleUserInfoUrl), null, e.Account);
var response = await request.GetResponseAsync();
if (response != null)
{
// Deserialize the data and store it in the account store
// The users email address will be used to identify data in SimpleDB
string userJson = await response.GetResponseTextAsync();
StaticVariables.googleProfile = JsonConvert.DeserializeObject<GoogleProfile>(userJson);
}
if (account != null)
{
store.Delete(account, Constants.AppName);
}
await store.SaveAsync(account = e.Account, Constants.AppName);
Application.Current.Properties.Remove("Id");
Application.Current.Properties.Remove("FirstName");
Application.Current.Properties.Remove("LastName");
Application.Current.Properties.Remove("DisplayName");
Application.Current.Properties.Remove("EmailAddress");
Application.Current.Properties.Remove("ProfilePicture");
Application.Current.Properties.Add("Id", StaticVariables.googleProfile.Id);
Application.Current.Properties.Add("FirstName", StaticVariables.googleProfile.GivenName);
Application.Current.Properties.Add("LastName", StaticVariables.googleProfile.FamilyName);
Application.Current.Properties.Add("DisplayName", StaticVariables.googleProfile.Name);
Application.Current.Properties.Add("EmailAddress", StaticVariables.googleProfile.Email);
Application.Current.Properties.Add("ProfilePicture", StaticVariables.googleProfile.Picture);
await Navigation.PushAsync(new GoogleProfilePage());
}
}
[Obsolete]
void OnAuthError(object sender, AuthenticatorErrorEventArgs e)
{
var authenticator = sender as OAuth2Authenticator;
if (authenticator != null)
{
authenticator.Completed -= OnAuthCompleted;
authenticator.Error -= OnAuthError;
}
Debug.WriteLine("Authentication error: " + e.Message);
}
[过时]
私有无效签名ogleauth()
{
尝试
{
字符串clientId=null;
字符串URI=null;
//Xamarin.Auth.CustomTabsConfiguration.CustomTabsClosingMessage=null;
clientId=常数。GoogleAndroidClientId;
redirectUri=Constants.GoogleAndroidRedirectUrl;
account=store.FindAccountsForService(Constants.AppName).FirstOrDefault();
var authenticator=新的AuthenticatorExtensions(
clientId,
无效的
Constants.GoogleScope,
新Uri(Constants.GoogleAuthorizeUrl),
新Uri(重定向Uri),
新Uri(Constants.GoogleAccessTokenUrl),
无效的
正确的);
authenticator.Completed+=OnAuthenticator已完成;
authenticator.Error+=OnAuthorError;
AuthenticationState.Authenticator=验证器;
var presenter=new Xamarin.Auth.Presenters.OAuthLoginPresenter();
演示者登录(验证器);
}
捕获(例外情况除外)
{
ShowAlert(“警报”,例如消息);
}
}
[过时]
AuthCompleted上的异步无效(对象发送方、AuthenticatorCompletedEventArgs e)
{
var authenticator=发送方作为OAuth2Authenticator;
if(验证器!=null)
{
authenticator.Completed-=OnAuthenticator已完成;
authenticator.Error-=OnAuthorError;
}
如果(如未经认证)
{
//如果用户已通过身份验证,请从Google请求其基本用户数据
//用户信息URL=https://www.googleapis.com/oauth2/v2/userinfo
var request=newoauth2request(“GET”,新Uri(Constants.GoogleUserInfoUrl),null,e.Account);
var response=wait request.GetResponseAsync();
if(响应!=null)
{
//反序列化数据并将其存储在帐户存储中
//用户的电子邮件地址将用于标识SimpleDB中的数据
字符串userJson=await response.GetResponseTextAsync();
StaticVariables.googleProfile=JsonConvert.DeserializeObject(userJson);
}
如果(帐户!=null)
{
store.Delete(account,Constants.AppName);
}
wait store.SaveAsync(account=e.account,Constants.AppName);
Application.Current.Properties.Remove(“Id”);
Application.Current.Properties.Remove(“FirstName”);
Application.Current.Properties.Remove(“LastName”);
Application.Current.Properties.Remove(“DisplayName”);
Application.Current.Properties.Remove(“EmailAddress”);
Application.Current.Properties.Remove(“ProfilePicture”);
Application.Current.Properties.Add(“Id”,StaticVariables.googleProfile.Id);
Application.Current.Properties.Add(“FirstName”,StaticVariables.googleProfile.GivenName);
Application.Current.Properties.Add(“LastName”,StaticVariables.googleProfile.FamilyName);
Application.Current.Properties.Add(“DisplayName”,StaticVariables.googleProfile.Name);
Application.Current.Properties.Add(“EmailAddress”,StaticVariables.googleProfile.Email);
Application.Current.Properties.Add(“ProfilePicture”,StaticVariables.googleProfile.Picture);
等待Navigation.PushAsync(新的GoogleProfilePage());
}
}
[过时]
AuthError无效(对象发送方、AuthenticateTorErrorEventArgs e)
{
var authenticator=发送方作为OAuth2Authenticator;
if(验证器!=null)
{
authenticator.Completed-=OnAuthenticator已完成;
authenticator.Error-=OnAuthorError;
}
Debug.WriteLine(“身份验证错误:+e.Message”);
}
我遇到了臭名昭著的“可能伪造!”错误,并像许多人所做的那样重写了OnPageConference()来解决它。这是不必要的,也是不安全的
Oauth2Authenticator为状态