来自web api的Google身份验证:access_denied错误
[英]Google authentication from web api: access_denied error
问题描述
I am trying to implement OAuth authentication to WebApi, i have created controller (directly from example) with method: 
我正在尝试对WebApi实施OAuth身份验证,我已经使用方法创建了控制器(直接来自示例):
[OverrideAuthentication]
[HostAuthentication(DefaultAuthenticationTypes.ExternalCookie)]
[AllowAnonymous]
[Route("ExternalLogin", Name = "ExternalLogin")]
public IHttpActionResult GetExternalLogin(string provider, string error = null)
{
string redirectUri = string.Empty;
if (error != null)
{
// However google api returns 'access_denied' as error.
return BadRequest(Uri.EscapeDataString(error));
}
if (!User.Identity.IsAuthenticated)
{
// This is runned on first execution.
return new ChallengeResult(provider, this);
}
// Here we should continue with google api callback.
... Rest doesnt matter here.
ChallengeResult: ChallengeResult:
public class ChallengeResult : IHttpActionResult
{
public string LoginProvider { get; set; }
public HttpRequestMessage Request { get; set; }
public ChallengeResult(string loginProvider, ApiController controller)
{
LoginProvider = loginProvider;
Request = controller.Request;
}
public Task<HttpResponseMessage> ExecuteAsync(CancellationToken cancellationToken)
{
Request.GetOwinContext().Authentication.Challenge(LoginProvider);
var response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
response.RequestMessage = Request;
return Task.FromResult(response);
}
}
GetExternalLogin method is called twice, first is from me, after that api send ChallengeResult to google. GetExternalLogin方法被调用两次,首先是来自我,之后api发送ChallengeResult到google。 I am redirected to google site and asked questions for valid scope (can i access. eg to email, profile information and so on), i press yes yes everything is okay for me. 我被重定向到谷歌网站,并询问有效范围的问题(我可以访问。例如电子邮件,个人资料信息等),我按是是的一切都对我好。 However after that google callback returns 'access_denied' error string to this method. 但是之后谷歌回调会向此方法返回'access_denied'错误字符串。
Any idea what may be wrong? 知道什么可能是错的吗? Call i used was: 我使用的电话是:
http://localhost:8080/api/Account/ExternalLogin?provider=Google&response_type=token&client_id=49235566333-78t8252p46lo75j5e52vda3o1t8fskgc.apps.googleusercontent.com&redirect_uri=http://localhost:8080
Client_id is replaced with dummy account. Client_id被虚拟帐户替换。
redirect_uri is defined correctly to google console, error is different if its is incorrect. redirect_uri正确定义为谷歌控制台,如果错误,则错误不同。
Tried: Listing Circles with Google+ for Domains API fails in access_denied but id:s are identical. 尝试: 使用Google+ for Domains列出圈子API在access_denied中失败,但ID:s是相同的。
Edit: After hours of debugging have figured out that problem between my solution and example is Microsoft.Owing.Security.Google package. 编辑:经过几个小时的调试已经发现我的解决方案和示例之间的问题是Microsoft.Owing.Security.Google包。 In example version used is 2.1.0 and if i update it to 3.0.0 this problem appear. 在示例中使用的版本是2.1.0,如果我将其更新为3.0.0,则会出现此问题。
No idea of root reason yet through. 不知道根本原因。
2 个解决方案
解决方案1
4 2015-03-17 03:08:18
I had this issue as well. 我也有这个问题。 To resolve the issue, try modifying your Google app to use the Google + API. 要解决此问题,请尝试修改您的Google应用以使用Google + API。 I was using only the "Identity Toolkit API" before. 我之前只使用过“Identity Toolkit API”。 According to the article that Pranav pointed out, when you upgrade to Google Middleware 3.0.0(Microsoft.Owin.Security.Google) you need to use the Google + API. 根据Pranav指出的文章,当您升级到Google Middleware 3.0.0(Microsoft.Owin.Security.Google)时,您需要使用Google + API。
解决方案2
1 2014-08-26 17:03:59
Have you looked at this post and change the callback settings as well? 您是否看过这篇文章并更改了回调设置? http://blogs.msdn.com/b/webdev/archive/2014/07/02/changes-to-google-oauth-2-0-and-updates-in-google-middleware-for-3-0-0-rc-release.aspx http://blogs.msdn.com/b/webdev/archive/2014/07/02/changes-to-google-oauth-2-0-and-updates-in-google-middleware-for-3-0- 0-RC-release.aspx
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.