MVC5使用哪个OAuth 2.0身份验证流程?
[英]Which OAuth 2.0 Authentication Flow does the MVC5 use?
问题描述
I was going through this Example . 
我正在看这个例子 。 Does this example(for facebook) use Explicit Authentication flow or Implicit Authentication flow? 此示例(针对facebook)是否使用显式身份验证流程或隐式身份验证流程?
1 个解决方案
解决方案1
1 已采纳 2016-03-03 11:56:06
Looking at FacebookAuthenticationHandler.ApplyResponseChallengeAsync() code in the Katana Microsoft.Owin.Security.Facebook namespace, it looks like it always initiates the "Authorisation Code" flow when an HTTP 401 is encountered. 查看Katana Microsoft.Owin.Security.Facebook命名空间中的FacebookAuthenticationHandler.ApplyResponseChallengeAsync()代码,它看起来总是在遇到HTTP 401时启动“授权代码”流。
string authorizationEndpoint =
"https://www.facebook.com/dialog/oauth" +
"?response_type=code" +
"&client_id=" + Uri.EscapeDataString(Options.AppId) +
"&redirect_uri=" + Uri.EscapeDataString(redirectUri) +
"&scope=" + Uri.EscapeDataString(scope) +
"&state=" + Uri.EscapeDataString(state);
So that's why you have to provide both your clientId and secret in the config. 因此,这就是为什么您必须在配置中同时提供clientId和secret的原因。 For implicit flow you would not use the secret anywhere. 对于隐式流,您不会在任何地方使用秘密。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.