[Web API]AspNet.Security.OAuth.BattleNet OAuth 2.0 问题
[Web API]AspNet.Security.OAuth.BattleNet OAuth 2.0 issue
基本上我的 Login with BattleNet Button 在这里发送请求:
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddCookie(options =>
{
options.LoginPath = "/login";
options.LogoutPath = "/logout";
})
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = Configuration["Jwt:Issuer"],
ValidAudience = Configuration["Jwt:Audience"],
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["Jwt:Key"]))
};
})
.AddBattleNet(options =>
{
options.ClientId = Configuration["BattleNet:ClientId"];
options.ClientSecret = Configuration["BattleNet:ClientSecret"];
options.Region = BattleNetAuthenticationRegion.Europe;
})
[AllowAnonymous]
[HttpPost(nameof(ExternalLogin))]
public IActionResult ExternalLogin(string provider, string returnUrl = null)
{
var properties = new AuthenticationProperties
{
RedirectUri = Url.Action("ExternalLoginCallback"),
Items =
{
{ "scheme", provider},
{ "returnUrl", returnUrl }
}
};
return Challenge(properties, provider);
}
然后我突然收到这个错误
CORS 错误:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://eu.battle.net/oauth/authorize?client_id=*&scope=d3.profile%20openid&response_type=code&redirect_uri=https%3A%2F%2Flocalhost%3A44333%2Fapi%2Fuser%2Fexternallogincallback&state=CfDJ8GNva7rF4-dPly4Z3xuUAIb6108sCNggQc6reYXjMJrGmdWZbri-N715ueCZ2Ksw9Q47k8SX1xG-c3zDck-mXT8h8mvEY5_41ox7C9OsU-PStXqUsD6npNcMBhCr16Qh1valIQ6REKTMjLiilO5wbnx1349I2SwQfJevGwKZqC4o4PElfF6kPaPmRa5Eslquh4Sfwbn3HTKeaArxx2v8jD4. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
HTTP 请求:
如果我在另一个选项卡中打开此请求,我将获得身份验证并重定向到 ExternalLoginCallback.
PS:我正在使用 AspNet.Security.OAuth.BattleNet 并且我没有使用 ASP.NET Core Identity 进行身份验证(使用自定义逻辑) .
您不应该使用 AJAX/XHR 启动授权代码流。相反,只需将您的用户重定向到您的 ExternalLogin 端点。
基本上我的 Login with BattleNet Button 在这里发送请求:
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddCookie(options =>
{
options.LoginPath = "/login";
options.LogoutPath = "/logout";
})
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = Configuration["Jwt:Issuer"],
ValidAudience = Configuration["Jwt:Audience"],
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["Jwt:Key"]))
};
})
.AddBattleNet(options =>
{
options.ClientId = Configuration["BattleNet:ClientId"];
options.ClientSecret = Configuration["BattleNet:ClientSecret"];
options.Region = BattleNetAuthenticationRegion.Europe;
})
[AllowAnonymous]
[HttpPost(nameof(ExternalLogin))]
public IActionResult ExternalLogin(string provider, string returnUrl = null)
{
var properties = new AuthenticationProperties
{
RedirectUri = Url.Action("ExternalLoginCallback"),
Items =
{
{ "scheme", provider},
{ "returnUrl", returnUrl }
}
};
return Challenge(properties, provider);
}
然后我突然收到这个错误
CORS 错误:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://eu.battle.net/oauth/authorize?client_id=*&scope=d3.profile%20openid&response_type=code&redirect_uri=https%3A%2F%2Flocalhost%3A44333%2Fapi%2Fuser%2Fexternallogincallback&state=CfDJ8GNva7rF4-dPly4Z3xuUAIb6108sCNggQc6reYXjMJrGmdWZbri-N715ueCZ2Ksw9Q47k8SX1xG-c3zDck-mXT8h8mvEY5_41ox7C9OsU-PStXqUsD6npNcMBhCr16Qh1valIQ6REKTMjLiilO5wbnx1349I2SwQfJevGwKZqC4o4PElfF6kPaPmRa5Eslquh4Sfwbn3HTKeaArxx2v8jD4. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
HTTP 请求:
如果我在另一个选项卡中打开此请求,我将获得身份验证并重定向到 ExternalLoginCallback.
PS:我正在使用 AspNet.Security.OAuth.BattleNet 并且我没有使用 ASP.NET Core Identity 进行身份验证(使用自定义逻辑) .
您不应该使用 AJAX/XHR 启动授权代码流。相反,只需将您的用户重定向到您的 ExternalLogin 端点。