自定义用户服务不适用于 Facebook 作为 Identity Server v3 中的外部登录提供者
Custom user service doesn't work with Facebook as external login provider in Identity Server v3
我已经下载了 Microsoft.Owin.Security.Facebook 包,以便能够将 Facebook 集成为外部登录提供程序。我已将其添加到应用程序构建器中,如下所示:
var fbOptions = new FacebookAuthenticationOptions()
{
AuthenticationType = "Facebook",
Caption = "Facebook",
SignInAsAuthenticationType = signInAsType,
AppId = "17*****************5",
AppSecret = "3a*****************************16",
Provider = new FacebookAuthenticationProvider()
{
OnAuthenticated = (context) =>
{
return Task.FromResult(0);
}
},
};
app.UseFacebookAuthentication(fbOptions);
当然,在https://developers.facebook.com我已经注册了我的应用程序以获得App ID和App secret。我已经通过标准方式注册了自定义用户服务:
public class CustomUserService : UserServiceBase
{
....
// gets called whenever the user uses external identity provider to authenticate
// now we will try to map external user to a local user
public override Task AuthenticateExternalAsync(ExternalAuthenticationContext context)
....
}
然后在Startup.cs:
// use custom user service
var customUserService = new CustomUserService();
idServerServiceFactory.UserService = new Registration<IUserService>(resolver => customUserService);
在登录屏幕中,我有 Facebook 作为选项。我可以 select 它,我可以导航到它并成功输入我的凭据。在我从 Facebook 返回到我的 Identity Server 3 实施后,问题就发生了。
浏览器中的消息是:
There was an error logging into the external provider. The error message is: access_denied
浏览器 url 是:
https://localhost:44317/identity/callback?error=access_denied#_=_
以及日志中的一个:
iisexpress.exe Information: 0 : 2017-12-07 17:44:26.687 +02:00 [Information] User is not authenticated. Redirecting to login.
iisexpress.exe Information: 0 : 2017-12-07 17:44:26.694 +02:00 [Information] End authorize request
iisexpress.exe Information: 0 : 2017-12-07 17:44:26.701 +02:00 [Information] Redirecting to login page
iisexpress.exe Information: 0 : 2017-12-07 17:44:26.796 +02:00 [Information] Login page requested
iisexpress.exe Information: 0 : 2017-12-07 17:44:26.834 +02:00 [Information] rendering login page
iisexpress.exe Information: 0 : 2017-12-07 17:44:28.425 +02:00 [Information] External login requested for provider: "Facebook"
iisexpress.exe Information: 0 : 2017-12-07 17:44:28.427 +02:00 [Information] Triggering challenge for external identity provider
iisexpress.exe Information: 0 : 2017-12-07 17:44:49.508 +02:00 [Information] Callback invoked from external identity provider
iisexpress.exe Error: 0 : 2017-12-07 17:44:49.508 +02:00 [Error] External identity provider returned error: "access_denied"
注意:我从未在
中遇到过断点
public override Task AuthenticateExternalAsync(ExternalAuthenticationContext context)
如果有帮助,我是 运行 本地主机上身份服务器 3 的实例。
除此之外,在使用 Fiddler 时,我看到对主机进行了调用:graph.facebook.com 并且调用成功。
{"access_token":"EAAYxR1NxxxMBAHLOW17nfS2xTDqXgIU3FY5ZBpw8EJFfzpoQpS5H6eVjsda2ZAN6ABLGu2а21fGleam8LbhPJTZCh8vBdbnQaijEZAwAQqGDyIZCXhR3twL3Fnq1gZBT8zUsPshZBjTFJ9tU0mWb6s8Up4sX9dUdQDCFefqEf4XKZBEZBHmshm","token_type":"bearer","expires_in":5181406}
但紧接着,localhost 发生故障。
我的解决方案是更新以下 nuget 包:
Microsoft.Owin
Microsoft.Owin.Security
Microsoft.Owin.Security.Facebook
Microsoft.Owin.Security.Google
从我现在的版本(3.0.1)升级到3.1.0.
通过这种方式,我开始在我的 Identity Server 实例上访问端点,到目前为止看起来还不错。
我已经下载了 Microsoft.Owin.Security.Facebook 包,以便能够将 Facebook 集成为外部登录提供程序。我已将其添加到应用程序构建器中,如下所示:
var fbOptions = new FacebookAuthenticationOptions()
{
AuthenticationType = "Facebook",
Caption = "Facebook",
SignInAsAuthenticationType = signInAsType,
AppId = "17*****************5",
AppSecret = "3a*****************************16",
Provider = new FacebookAuthenticationProvider()
{
OnAuthenticated = (context) =>
{
return Task.FromResult(0);
}
},
};
app.UseFacebookAuthentication(fbOptions);
当然,在https://developers.facebook.com我已经注册了我的应用程序以获得App ID和App secret。我已经通过标准方式注册了自定义用户服务:
public class CustomUserService : UserServiceBase
{
....
// gets called whenever the user uses external identity provider to authenticate
// now we will try to map external user to a local user
public override Task AuthenticateExternalAsync(ExternalAuthenticationContext context)
....
}
然后在Startup.cs:
// use custom user service
var customUserService = new CustomUserService();
idServerServiceFactory.UserService = new Registration<IUserService>(resolver => customUserService);
在登录屏幕中,我有 Facebook 作为选项。我可以 select 它,我可以导航到它并成功输入我的凭据。在我从 Facebook 返回到我的 Identity Server 3 实施后,问题就发生了。
浏览器中的消息是:
There was an error logging into the external provider. The error message is: access_denied
浏览器 url 是:
https://localhost:44317/identity/callback?error=access_denied#_=_
以及日志中的一个:
iisexpress.exe Information: 0 : 2017-12-07 17:44:26.687 +02:00 [Information] User is not authenticated. Redirecting to login.
iisexpress.exe Information: 0 : 2017-12-07 17:44:26.694 +02:00 [Information] End authorize request
iisexpress.exe Information: 0 : 2017-12-07 17:44:26.701 +02:00 [Information] Redirecting to login page
iisexpress.exe Information: 0 : 2017-12-07 17:44:26.796 +02:00 [Information] Login page requested
iisexpress.exe Information: 0 : 2017-12-07 17:44:26.834 +02:00 [Information] rendering login page
iisexpress.exe Information: 0 : 2017-12-07 17:44:28.425 +02:00 [Information] External login requested for provider: "Facebook"
iisexpress.exe Information: 0 : 2017-12-07 17:44:28.427 +02:00 [Information] Triggering challenge for external identity provider
iisexpress.exe Information: 0 : 2017-12-07 17:44:49.508 +02:00 [Information] Callback invoked from external identity provider
iisexpress.exe Error: 0 : 2017-12-07 17:44:49.508 +02:00 [Error] External identity provider returned error: "access_denied"
注意:我从未在
中遇到过断点public override Task AuthenticateExternalAsync(ExternalAuthenticationContext context)
如果有帮助,我是 运行 本地主机上身份服务器 3 的实例。
除此之外,在使用 Fiddler 时,我看到对主机进行了调用:graph.facebook.com 并且调用成功。
{"access_token":"EAAYxR1NxxxMBAHLOW17nfS2xTDqXgIU3FY5ZBpw8EJFfzpoQpS5H6eVjsda2ZAN6ABLGu2а21fGleam8LbhPJTZCh8vBdbnQaijEZAwAQqGDyIZCXhR3twL3Fnq1gZBT8zUsPshZBjTFJ9tU0mWb6s8Up4sX9dUdQDCFefqEf4XKZBEZBHmshm","token_type":"bearer","expires_in":5181406}
但紧接着,localhost 发生故障。
我的解决方案是更新以下 nuget 包:
Microsoft.Owin
Microsoft.Owin.Security
Microsoft.Owin.Security.Facebook
Microsoft.Owin.Security.Google
从我现在的版本(3.0.1)升级到3.1.0.
通过这种方式,我开始在我的 Identity Server 实例上访问端点,到目前为止看起来还不错。