如何在.Net Core API中验证Facebook JWT
[英]How to authenticate Facebook JWT in .Net Core API
问题描述
I am in the process of creating a mobile app that allows users to log in via Facebook. 
我正在创建一个允许用户通过Facebook登录的移动应用程序。 Once logged in, the app holds on to a Bearer token used to make further requests. 登录后,应用程序会保留用于进一步请求的Bearer令牌。 I am attempting to pass this token along to a C# .Net Core API. 我试图将此令牌传递给C#.Net Core API。 I'm attempting to write as little auth code as possible as doing it myself is prone to huge security issues. 我试图编写尽可能少的auth代码,因为我自己这样做很容易出现巨大的安全问题。
Currently my code in Startup.cs looks like this: 目前我在Startup.cs代码如下所示:
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) {
app.UseJwtBearerAuthentication(new JwtBearerOptions {
AuthenticationScheme = "Bearer",
});
app.UseFacebookAuthentication(new FacebookOptions {
AppId = "****",
AppSecret = "****",
SignInScheme = "Bearer"
});
app.UseMvc();
}
With this, all requests return 401, even with a valid Bearer token. 这样,即使使用有效的承载令牌,所有请求都返回401。 Now I'm not 100% sure UseJwtBearerAuthentication is even compatible with UseFacebookAuthentication , and if it is I'm sure I'm missing some code here. 现在我不是100%确定UseJwtBearerAuthentication甚至与UseFacebookAuthentication兼容,如果是,我确定我在这里缺少一些代码。 What steps should I take to get this working? 我应该采取哪些步骤来实现这一目标?
1 个解决方案
解决方案1
0 2017-07-20 16:04:37
I've posted some day ago the same question but I didn't received any answer. 我前一天发布了相同的问题,但我没有收到任何答复。 Anyway, googling, I've found the only (?) possible solution. 无论如何,谷歌搜索,我找到了唯一的(?)可能的解决方案。 When your client logged into Facebook, you have to send your Facebook token to a custom endpoint of your server. 当您的客户登录Facebook时,您必须将您的Facebook令牌发送到服务器的自定义端点。 This endpoint shall: 该端点应:
- Verify if the token received is valid using Facebook API (very easy) 使用Facebook API验证收到的令牌是否有效(非常简单)
- Try to log the user using
ExternalLoginSignInAsyncmethod ofSignInManager<User>class:var result = await _signInManager.ExternalLoginSignInAsync(provider, userId, isPersistent: false);尝试使用SignInManager<User>类的ExternalLoginSignInAsync方法记录用户:var result = await _signInManager.ExternalLoginSignInAsync(provider, userId, isPersistent: false);whereuserIdis the Facebook id user其中userId是Facebook id用户 - if result.Succeeded is false: 如果result.Succeeded为false:
- Get the Facebook user info using
https://graph.facebook.com/{userId}endpoint使用https://graph.facebook.com/{userId}端点获取Facebook用户信息 - Create a User entity with that information 使用该信息创建用户实体
- Create the user in the database using
await _userManager.AddLoginAsync(user, userLoginInfo);使用await _userManager.AddLoginAsync(user, userLoginInfo);在数据库中创建用户await _userManager.AddLoginAsync(user, userLoginInfo);, whereuserLoginInfoshould contains theprovider(Facebook),userId(Facebook user Id) andapplication(your app name), userLoginInfo应包含provider(Facebook),userId(Facebook用户ID)和application(您的应用程序名称) - Call
await _signInManager.SignInAsync(user, false);调用await _signInManager.SignInAsync(user, false);to sign the user签署用户
- Get the Facebook user info using
You can get the user from the database using _userManager.FindByIdAsync(userId); 您可以使用_userManager.FindByIdAsync(userId);从数据库中获取用户_userManager.FindByIdAsync(userId);
Now your API can returns a token that will be accepted as Authorization header 现在,您的API可以返回一个将被接受为Authorization标头的令牌
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.