处理OAuth 2.0身份验证 - 在ASP.NET MVC应用程序中获取令牌重定向令牌响应
[英]Handle OAuth 2.0 Authentication - Get token redirect token response in ASP.NET MVC application
问题描述
I recently started fiddling with OneDrive API which uses OAuth 2.0 authentication / authorization flow. 
我最近开始摆弄使用OAuth 2.0身份验证/授权流程的OneDrive API。
OneDrive API OAuth 2.0 OneDrive API OAuth 2.0
I am trying to follow along the Token Flow to get access token using an ASP.NET MVC Application. 我试图跟随Token Flow使用ASP.NET MVC应用程序获取访问令牌。
The request I make is something similar to the following: 我提出的请求类似于以下内容:
GET https://login.live.com/oauth20_authorize.srf?client_id={client_id}&scope={scope}&response_type=token&redirect_uri={redirect_uri}
On successful authorization from the user the web browser will be redirected to your redirect URL with additional parameters added to the URL . 在用户成功授权后,Web浏览器将重定向到您的重定向URL, 并在URL中添加其他参数。
The redirect URL is similar to the following: https://login.live.com/oauth20_authorize.srf#access_token={access_token}&authentication_token={authentication_token}&token_type=bearer&expires_in=3600&scope=onedrive.info%20onedrive.full&user_id={user_id} 重定向URL类似于以下内容: https://login.live.com/oauth20_authorize.srf#access_token={access_token}&authentication_token={authentication_token}&token_type=bearer&expires_in=3600&scope=onedrive.info%20onedrive.full&user_id={user_id} : https://login.live.com/oauth20_authorize.srf#access_token={access_token}&authentication_token={authentication_token}&token_type=bearer&expires_in=3600&scope=onedrive.info%20onedrive.full&user_id={user_id}
Notice the # in the above format URL. 请注意上述格式URL中的# 。 This is as per specification of OAuth 2.0 protocol standards. 这是根据OAuth 2.0协议标准的规范。
Question: If I have a redirect URL to handle in my MVC application which has query parameters section starting with ? 问题:如果我在我的MVC应用程序中有一个重定向URL,其查询参数部分以?开头? then it can be handled very easily using a controller's action with proper input parameters mapping the query string key / values. 然后可以使用控制器的操作非常轻松地处理它,并使用适当的输入参数映射查询字符串键/值。
How can I handle a URL in my MVC application that has query string section starting with # and get all query string key / values from it? 如何处理我的MVC应用程序中的URL,该URL具有以#开头的查询字符串部分并从中获取所有查询字符串键/值?
Side note: I would request not to suggest using any third party API / Libraries / Routines in this case. 附注:在这种情况下,我会要求不建议使用任何第三方API /库/例程。 Considering the fact that I wish to do the OAuth process plain and simple way. 考虑到我希望以简单明了的方式完成OAuth流程。 Thanks 谢谢
1 个解决方案
解决方案1
3 已采纳 2015-03-04 18:59:22
The method you have chosen which is the Token Flow also known as the Implicit Grant Flow intentionally uses a # (fragment). 您选择的方法Token Flow也称为Implicit Grant Flow,故意使用#(片段)。 This is for security purposes to avoid man in the middle attacks. 这是为了安全起见,以避免中间人攻击。 The answer in this link provides some description on the topic OAuth2.0 Implicit Grant flow. 此链接中的答案提供了有关OAuth2.0隐式授权流主题的一些说明。 Why use url hash fragments? 为什么要使用url哈希片段?
However if you still want to use the Token Flow, you can read the values on the client side in JavaScript using window.location.hash and then process those values with probably an Ajax submit to the server. 但是,如果您仍想使用令牌流,则可以使用window.location.hash在JavaScript中读取客户端上的值,然后将这些值与Ajax提交到服务器。
I would suggest you use the Code Flow which is meant for the scenario you have explained in your question. 我建议您使用代码流,这是针对您在问题中解释的方案。 The Code Flow is available on the same link https://github.com/OneDrive/onedrive-api-docs/blob/master/auth/msa_oauth.md#code-flow 代码流可在同一链接上获得https://github.com/OneDrive/onedrive-api-docs/blob/master/auth/msa_oauth.md#code-flow
Incidentally, the above link has a # (fragment) in it too :) 顺便说一下,上面的链接里面也有#(片段):)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.