public async Task <IHttpActionResult> ObtainLocalAccessToken([FromUri] ExternalLocalAccessToken model) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } ParsedExternalAccessToken verifiedAccessToken = await VerifyExternalAccessToken(model.Provider, model.ExternalAccessToken); if (verifiedAccessToken == null) { return(BadRequest("Invalid Provider or External Access Token")); } IdentityUser <Guid, CustomUserLogin, CustomUserRole, CustomUserClaim> user = await _authRepository.FindAsync(new UserLoginInfo(model.Provider.ToString(), verifiedAccessToken.UserID)); bool hasRegistered = user != null; if (!hasRegistered) { return(BadRequest("External user is not registered")); } //generate access token response var accessTokenResponse = await GenerateLocalAccessTokenResponse(user.UserName, model.ClientID); return(Ok(accessTokenResponse)); }
private async Task <ParsedExternalAccessToken> VerifyExternalAccessToken(string provider, string accessToken) { if (string.Compare(provider, FacebookProvider, true) != 0) { return(null); } var appToken = ConfigurationManager.AppSettings["Facebook.AppToken"]; var verifyTokenEndPoint = string.Format("https://graph.facebook.com/debug_token?input_token={0}&access_token={1}", accessToken, appToken); ParsedExternalAccessToken parsedToken = null; var client = new HttpClient(); var uri = new Uri(verifyTokenEndPoint); var response = await client.GetAsync(uri); if (!response.IsSuccessStatusCode) { return(parsedToken); } parsedToken = await GetParsedTokenFromRequestContent(parsedToken, response); if (!string.Equals(Startup.FacebookAuthOptions.AppId, parsedToken.app_id, StringComparison.OrdinalIgnoreCase)) { return(null); } return(parsedToken); }
public async Task <IHttpActionResult> ObtainLocalAccessToken(string provider, string externalAccessToken) { if (string.IsNullOrWhiteSpace(provider) || string.IsNullOrWhiteSpace(externalAccessToken)) { return(BadRequest("Provider or external access token is not sent")); } ParsedExternalAccessToken verifiedAccessToken = await VerifyExternalAccessToken(provider, externalAccessToken); if (verifiedAccessToken == null) { return(BadRequest("Invalid Provider or External Access Token")); } IdentityUser user = await repo.FindAsync(new UserLoginInfo(provider, verifiedAccessToken.UserId)); bool hasRegistered = user != null; if (!hasRegistered) { return(BadRequest("External user is not registered")); } //generate access token response JObject accessTokenResponse = GenerateLocalAccessTokenResponse(user.UserName); return(Ok(accessTokenResponse)); }
private async Task <ParsedExternalAccessToken> VerifyExternalAccessToken(string provider, string accessToken) { ParsedExternalAccessToken parsedToken = null; var verifyTokenEndPoint = ""; if (provider == "Facebook") { //You can get it from here: https://developers.facebook.com/tools/accesstoken/ //More about debug_tokn here: http://stackoverflow.com/questions/16641083/how-does-one-get-the-app-access-token-for-debug-token-inspection-on-facebook // this will expire and cause mayhem var appToken = "146338829036652|tw_hXryh7oL2aR1msUBKzQiwyRc"; verifyTokenEndPoint = string.Format("https://graph.facebook.com/debug_token?input_token={0}&access_token={1}", accessToken, appToken); } else if (provider == "Google") { verifyTokenEndPoint = string.Format("https://www.googleapis.com/oauth2/v1/tokeninfo?access_token={0}", accessToken); } else { return(null); } var client = new HttpClient(); var uri = new Uri(verifyTokenEndPoint); var response = await client.GetAsync(uri); if (response.IsSuccessStatusCode) { var content = await response.Content.ReadAsStringAsync(); dynamic jObj = (JObject)Newtonsoft.Json.JsonConvert.DeserializeObject(content); parsedToken = new ParsedExternalAccessToken(); if (provider == "Facebook") { parsedToken.user_id = jObj["data"]["user_id"]; parsedToken.app_id = jObj["data"]["app_id"]; if (!string.Equals(Startup.facebookAuthOptions.AppId, parsedToken.app_id, StringComparison.OrdinalIgnoreCase)) { return(null); } } else if (provider == "Google") { parsedToken.user_id = jObj["user_id"]; parsedToken.app_id = jObj["audience"]; if (!string.Equals(Startup.googleAuthOptions.ClientId, parsedToken.app_id, StringComparison.OrdinalIgnoreCase)) { return(null); } } } return(parsedToken); }
private async Task <ParsedExternalAccessToken> VerifyExternalAccessToken(string provider, string accessToken) { ParsedExternalAccessToken parsedToken = null; var verifyTokenEndPoint = string.Empty; if (provider == "Facebook") { var appToken = "1656794197865890|tkbTxWcV572d1xSRNUS8cEnueVY"; verifyTokenEndPoint = string.Format("https://graph.facebook.com/debug_token?input_token={0}&access_token={1}", accessToken, appToken); } else if (provider == "Google") { verifyTokenEndPoint = string.Format("https://www.googleapis.com/oauth2/v1/tokeninfo?access_token={0}", accessToken); } else { return(null); } var client = new HttpClient(); var uri = new Uri(verifyTokenEndPoint); var response = await client.GetAsync(uri); if (response.IsSuccessStatusCode) { var content = await response.Content.ReadAsStringAsync(); dynamic jObj = (JObject)Newtonsoft.Json.JsonConvert.DeserializeObject(content); parsedToken = new ParsedExternalAccessToken(); if (provider == "Facebook") { parsedToken.user_id = jObj["data"]["user_id"]; parsedToken.app_id = jObj["data"]["app_id"]; if (!string.Equals(Startup.facebookOptions.AppId, parsedToken.app_id, StringComparison.OrdinalIgnoreCase)) { return(null); } } else if (provider == "Google") { parsedToken.user_id = jObj["user_id"]; parsedToken.app_id = jObj["audience"]; if (!string.Equals(Startup.googleOptions.ClientId, parsedToken.app_id, StringComparison.OrdinalIgnoreCase)) { return(null); } } } return(parsedToken); }
private async Task <ParsedExternalAccessToken> VerifyExternalAccessTokenAsync(string provider, string accessToken) { Uri tokenVerificationEndpoint; if (provider == "Facebook") { var applicationToken = ConfigurationManager.AppSettings["fb_app_token"]; tokenVerificationEndpoint = new Uri(string.Format("https://graph.facebook.com/debug_token?input_token={0}&access_token={1}", accessToken, applicationToken)); } else if (provider == "Google") { tokenVerificationEndpoint = new Uri(string.Format("https://www.googleapis.com/oauth2/v1/tokeninfo?access_token={0}", accessToken)); } else { return(null); } using (var client = new HttpClient()) { var response = await client.GetAsync(tokenVerificationEndpoint); if (response.IsSuccessStatusCode) { var content = await response.Content.ReadAsStringAsync(); var jObject = JsonConvert.DeserializeObject <JObject>(content); var parsedToken = new ParsedExternalAccessToken(); if (provider == "Facebook") { parsedToken.UserId = jObject["data"]["user_id"].Value <string>(); parsedToken.ApplicationId = jObject["data"]["app_id"].Value <string>(); if (!Startup.FacebookOptions.AppId.Equals(parsedToken.ApplicationId, StringComparison.InvariantCultureIgnoreCase)) { return(null); } } else if (provider == "Google") { parsedToken.UserId = jObject["user_id"].Value <string>(); parsedToken.ApplicationId = jObject["audience"].Value <string>(); if (!Startup.GoogleAuthOptions.ClientId.Equals(parsedToken.ApplicationId, StringComparison.InvariantCultureIgnoreCase)) { return(null); } } return(parsedToken); } return(null); } }
private async Task <ParsedExternalAccessToken> VerifyExternalAccessToken(string provider, string accessToken) { ParsedExternalAccessToken parsedToken = null; var verifyTokenEndPoint = ""; if (provider == "Facebook") { var appToken = "1487705754840266|DazWSPoZxsEWAPiHNhnWN0kyS_g"; verifyTokenEndPoint = string.Format("https://graph.facebook.com/debug_token?input_token={0}&access_token={1}", accessToken, appToken); } else if (provider == "Google") { verifyTokenEndPoint = string.Format("https://www.googleapis.com/oauth2/v1/tokeninfo?access_token={0}", accessToken); } else { return(null); } var client = new HttpClient(); var uri = new Uri(verifyTokenEndPoint); var response = await client.GetAsync(uri); if (response.IsSuccessStatusCode) { var content = await response.Content.ReadAsStringAsync(); var jsonContent = (JObject)JsonConvert.DeserializeObject(content); parsedToken = new ParsedExternalAccessToken(); if (provider == "Facebook") { parsedToken.user_id = jsonContent["data"]["user_id"].ToString(); parsedToken.app_id = jsonContent["data"]["app_id"].ToString(); } if (!string.Equals(Startup.FacebookAuthOptions.AppId, parsedToken.app_id, StringComparison.OrdinalIgnoreCase)) { return(null); } else if (provider == "Google") { parsedToken.user_id = jsonContent["user_id"].ToString(); parsedToken.app_id = jsonContent["audience"].ToString(); if (!string.Equals(Startup.GoogleAuthOptions.ClientId, parsedToken.app_id, StringComparison.OrdinalIgnoreCase)) { return(null); } } } return(parsedToken); }
private async Task <ParsedExternalAccessToken> VerifyExternalAccessToken(string provider, string accessToken) { ParsedExternalAccessToken parsedToken = null; var verifyTokenEndPoint = ""; if (provider == "Facebook") { var appToken = "332333880510904|c82dSSPzEzFi9832ltrLExFE14Y"; verifyTokenEndPoint = string.Format("https://graph.facebook.com/debug_token?input_token={0}&access_token={1}", accessToken, appToken); } //else if (provider == "Google") //{ // verifyTokenEndPoint = string.Format("https://www.googleapis.com/oauth2/v1/tokeninfo?access_token={0}", accessToken); //} else { return(null); } var client = new HttpClient(); var uri = new Uri(verifyTokenEndPoint); var response = await client.GetAsync(uri); if (response.IsSuccessStatusCode) { var content = await response.Content.ReadAsStringAsync(); dynamic jObj = (JObject)Newtonsoft.Json.JsonConvert.DeserializeObject(content); parsedToken = new ParsedExternalAccessToken(); if (provider == "Facebook") { parsedToken.user_id = jObj["data"]["user_id"]; parsedToken.app_id = jObj["data"]["app_id"]; if (!string.Equals(Startup.FacebookAuthOptions.AppId, parsedToken.app_id, StringComparison.OrdinalIgnoreCase)) { return(null); } } //else if (provider == "Google") //{ // parsedToken.user_id = jObj["user_id"]; // parsedToken.app_id = jObj["audience"]; // if (!string.Equals(Startup.googleAuthOptions.ClientId, parsedToken.app_id, StringComparison.OrdinalIgnoreCase)) // { // return null; // } //} } return(parsedToken); }
public async Task <IHttpActionResult> RegisterExternal(RegisterExternalBindingModel model) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } ParsedExternalAccessToken verifiedAccessToken = await VerifyExternalAccessToken(model.Provider, model.ExternalAccessToken); if (verifiedAccessToken == null) { return(BadRequest("Invalid Provider or External Access Token")); } ApplicationUser user = await repo.FindAsync(new UserLoginInfo(model.Provider, verifiedAccessToken.UserId)); bool hasRegistered = user != null; if (hasRegistered) { return(BadRequest("External user is already registered")); } user = new ApplicationUser { UserName = model.UserName }; IdentityResult result = await repo.CreateAsync(user); if (!result.Succeeded) { return(GetErrorResult(result)); } var info = new ExternalLoginInfo { DefaultUserName = model.UserName, Login = new UserLoginInfo(model.Provider, verifiedAccessToken.UserId) }; result = await repo.AddLoginAsync(user.Id, info.Login); if (!result.Succeeded) { return(GetErrorResult(result)); } //generate access token response JObject accessTokenResponse = GenerateLocalAccessTokenResponse(model.UserName); return(Ok(accessTokenResponse)); }
public async Task <IHttpActionResult> Register(RegisterExternalBindingModel model) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } ParsedExternalAccessToken verifiedAccessToken = await VerifyExternalAccessToken(model.Provider, model.ExternalAccessToken); if (verifiedAccessToken == null) { return(BadRequest("Invalid Provider or External Access Token")); } IdentityUser <Guid, CustomUserLogin, CustomUserRole, CustomUserClaim> user = await _authRepository.FindAsync(new UserLoginInfo(model.Provider.ToString(), verifiedAccessToken.UserID)); bool hasRegistered = user != null; if (hasRegistered) { return(BadRequest("External user is already registered")); } ApplicationUser appUser = _applicationUserFactory.Create(model.UserName, verifiedAccessToken.Email); appUser.EmailConfirmed = true; IdentityResult result = await _authRepository.CreateAsync(appUser); if (!result.Succeeded) { return(GetErrorResult(result)); } var info = new ExternalLoginInfo() { DefaultUserName = model.UserName, Login = new UserLoginInfo(model.Provider.ToString(), verifiedAccessToken.UserID) }; result = await _authRepository.AddLoginAsync(appUser.Id, info.Login); if (!result.Succeeded) { return(GetErrorResult(result)); } //generate access token response var accessTokenResponse = await GenerateLocalAccessTokenResponse(model.UserName, model.ClientID); return(Ok(accessTokenResponse)); }
private async Task <ParsedExternalAccessToken> GetParsedTokenFromRequestContent(ParsedExternalAccessToken parsedToken, HttpResponseMessage response) { var content = await response.Content.ReadAsStringAsync(); dynamic jObj = (JObject)Newtonsoft.Json.JsonConvert.DeserializeObject(content); parsedToken = new ParsedExternalAccessToken(); parsedToken.user_id = jObj["data"]["user_id"]; parsedToken.app_id = jObj["data"]["app_id"]; return(parsedToken); }
private async Task <ParsedExternalAccessToken> VerifyExternalAccessToken(string provider, string accessToken) { if (string.IsNullOrWhiteSpace(provider) || string.IsNullOrWhiteSpace(accessToken)) { throw new ValidationException(Resources.InvalidProviderOrExternalToken); } ParsedExternalAccessToken parsedToken = null; var verifyTokenEndPoint = ""; if (string.Equals(provider, AuthConstants.Providers.Facebook)) { var appToken = ConfigurationManager.AppSettings["FacebookAppToken"]; verifyTokenEndPoint = string.Format(AuthConstants.Providers.FacebookVerifyTokenEndPoint, accessToken, appToken); } else if (string.Equals(provider, AuthConstants.Providers.Google)) { verifyTokenEndPoint = string.Format(AuthConstants.Providers.GoogleVerifyTokenEndPoint, accessToken); } else { return(null); } var client = new HttpClient(); var uri = new Uri(verifyTokenEndPoint); var response = await client.GetAsync(uri); if (response.IsSuccessStatusCode) { var content = await response.Content.ReadAsStringAsync(); dynamic jObj = (JObject)Newtonsoft.Json.JsonConvert.DeserializeObject(content); parsedToken = new ParsedExternalAccessToken(); if (string.Equals(provider, AuthConstants.Providers.Facebook)) { parsedToken.user_id = jObj["data"]["user_id"]; parsedToken.app_id = jObj["data"]["app_id"]; if (!string.Equals(Startup.FacebookAuthOptions.AppId, parsedToken.app_id, StringComparison.OrdinalIgnoreCase)) { return(null); } } } return(parsedToken); }
public async Task <IHttpActionResult> RegisterExternal(RegisterExternalModel model) { var verifiedAccessToken = new ParsedExternalAccessToken(); if (ModelState.IsValid) { var helper = OauthHelper.Create(); if (!string.IsNullOrEmpty(model.Provider) && !string.IsNullOrEmpty(model.ExternalAccessToken)) { verifiedAccessToken = await helper.VerifyExternalAccessToken(model.Provider, model.ExternalAccessToken); if (verifiedAccessToken == null) { return(this.JsonError(HttpStatusCode.BadRequest, 10, "Invalid Provider or External Access Token", ModelState)); } } var loginInfo = await SignInManager.AuthenticationManager.GetExternalLoginInfoAsync(); ExternalLoginData externalLogin = ExternalLoginData.FromIdentity(loginInfo.ExternalIdentity as ClaimsIdentity); var registerGeneral = new RegisterGeneralModel() { UserName = model.UserName, Email = model.Email, //FirstName = externalLogin.UserName.Split(' ')[0], //First Name //LastName = externalLogin.UserName.Split(' ').LastOrDefault(), //Last Name ExternalAccessToken = model.ExternalAccessToken, Provider = model.Provider }; var regResult = await RegisterInternal(registerGeneral); if (regResult.HasError) { return(JsonError(regResult.HttpStatusCode, regResult.ServerErrorCode, regResult.ErrorMessage, regResult.ModelState)); } else { var result = new { userId = regResult.UserId }; return(Json(result)); } } else { return(JsonError(HttpStatusCode.BadRequest, 10, "Warning", ModelState)); } }
private async Task <ParsedExternalAccessToken> VerifyExternalAccessToken(string provider, string accessToken) { ParsedExternalAccessToken parsedToken = null; string verifyTokenEndPoint; if (provider.ToLower() == "facebook") { //You can get it from here: https://developers.facebook.com/tools/accesstoken/ //More about debug_tokn here: http://stackoverflow.com/questions/16641083/how-does-one-get-the-app-access-token-for-debug-token-inspection-on-facebook var appToken = "368446986668931|ayca71CIxnRnK64m2h0ZYeEQCX8"; verifyTokenEndPoint = string.Format("https://graph.facebook.com/debug_token?input_token={0}&access_token={1}", accessToken, appToken); } else { parsedToken = new ParsedExternalAccessToken(); var identity = User.Identity as ClaimsIdentity; var login = ExternalLoginData.FromIdentity(identity); parsedToken.UserId = login.ProviderKey; return(parsedToken); } var client = new HttpClient(); var uri = new Uri(verifyTokenEndPoint); var response = await client.GetAsync(uri); if (response.IsSuccessStatusCode) { var content = await response.Content.ReadAsStringAsync(); dynamic jObj = (JObject)JsonConvert.DeserializeObject(content); parsedToken = new ParsedExternalAccessToken(); if (provider == "Facebook") { parsedToken.UserId = jObj["data"]["user_id"]; parsedToken.AppId = jObj["data"]["app_id"]; } else if (provider == "Google") { parsedToken.UserId = jObj["user_id"]; parsedToken.AppId = jObj["audience"]; } } return(parsedToken); }
private async Task <ParsedExternalAccessToken> ParseTokenInfo(string verifyTokenEndPoint, string provider) { var client = new HttpClient(); var uri = new Uri(verifyTokenEndPoint); var response = await client.GetAsync(uri); if (response.IsSuccessStatusCode) { var content = await response.Content.ReadAsStringAsync(); dynamic jObj = (JObject)JsonConvert.DeserializeObject(content); var parsedToken = new ParsedExternalAccessToken(); if (provider == LoginType.Facebook.ToString()) { parsedToken.user_id = jObj["data"]["user_id"]; parsedToken.app_id = jObj["data"]["app_id"]; if (!string.Equals(Startup.FacebookAuthOptions.AppId, parsedToken.app_id, StringComparison.OrdinalIgnoreCase)) { return(null); } } else if (provider == LoginType.Google.ToString()) { parsedToken.user_id = jObj["user_id"]; parsedToken.app_id = jObj["audience"]; //if (!string.Equals(Startup.GoogleAuthOptions.ClientId, parsedToken.app_id, StringComparison.OrdinalIgnoreCase)) //{ // return null; //} } //else if (provider == LoginType.Instagram.ToString()) //{ // parsedToken.user_id = jObj["data"]["id"]; // parsedToken.app_id = string.Empty; //} //else if (provider == LoginType.LinkedIn.ToString()) //{ // parsedToken.user_id = jObj["id"]; //} return(parsedToken); } return(null); }
private async Task <ParsedExternalAccessToken> ParseAccessToken(string provider, string accessToken) { await this.VerifyExternalAccessToken(provider, accessToken); string json; string url = ""; if (provider == "Facebook") { url = string.Format("https://graph.facebook.com/me?access_token={0}", accessToken); } else if (provider == "Google") { url = string.Format("https://www.googleapis.com/oauth2/v2/userinfo?access_token={0}", accessToken); } else { throw new ApplicationException("Provider not supported."); } using (var client = new HttpClient()) { json = await client.GetStringAsync(url); } dynamic jsonObject = JsonConvert.DeserializeObject(json); var parsedToken = new ParsedExternalAccessToken { Email = jsonObject.email, UserName = jsonObject.name, UserIdProvider = jsonObject.id }; if (jsonObject.gender == "male") { parsedToken.Gender = Gender.Man; } else if (jsonObject.gender == "female") { parsedToken.Gender = Gender.Woman; } else { parsedToken.Gender = Gender.NotSpecified; } return(parsedToken); }
private async Task <ParsedExternalAccessToken> VerifyExternalAccessToken(string provider, string accessToken) { ParsedExternalAccessToken parsedToken = null; var verifyTokenEndPoint = ""; if (provider == "Facebook") { //You can get it from here: https://developers.facebook.com/tools/accesstoken/ //More about debug_tokn here: http://stackoverflow.com/questions/16641083/how-does-one-get-the-app-access-token-for-debug-token-inspection-on-facebook var appToken = "3058390497587092|56486ff5e9af123b45a8fadce341eb91"; verifyTokenEndPoint = string.Format("https://graph.facebook.com/debug_token?input_token={0}&access_token={1}", accessToken, appToken); } else { return(null); } var client = new HttpClient(); var uri = new Uri(verifyTokenEndPoint); var response = await client.GetAsync(uri); if (response.IsSuccessStatusCode) { var content = await response.Content.ReadAsStringAsync(); dynamic jObj = (JObject)Newtonsoft.Json.JsonConvert.DeserializeObject(content); parsedToken = new ParsedExternalAccessToken(); if (provider == "Facebook") { parsedToken.user_id = jObj["data"]["user_id"]; parsedToken.app_id = jObj["data"]["app_id"]; if (!string.Equals(Startup.facebookAuthOptions.AppId, parsedToken.app_id, StringComparison.OrdinalIgnoreCase)) { return(null); } } } return(parsedToken); }
private async Task <ParsedExternalAccessToken> VerifyExternalAccessToken(string provider, string accessToken) { ParsedExternalAccessToken parsedToken = null; var verifyTokenEndPoint = ""; if (provider == "Google") { verifyTokenEndPoint = string.Format("https://www.googleapis.com/oauth2/v1/tokeninfo?access_token={0}", accessToken); } else { return(null); } var client = new HttpClient(); var uri = new Uri(verifyTokenEndPoint); var response = await client.GetAsync(uri); if (response.IsSuccessStatusCode) { var content = await response.Content.ReadAsStringAsync(); dynamic jObj = (JObject)Newtonsoft.Json.JsonConvert.DeserializeObject(content); parsedToken = new ParsedExternalAccessToken(); if (provider == "Google") { parsedToken.user_id = jObj["email"]; parsedToken.app_id = jObj["audience"]; if (!string.Equals(Startup.GoogleAuthOptions.ClientId, parsedToken.app_id, StringComparison.OrdinalIgnoreCase)) { return(null); } } else { throw new NotImplementedException(); } } return(parsedToken); }
/// <summary> /// Creates a new user based on a external access token. /// </summary> /// <param name="provider"></param> /// <param name="verifiedAccessToken"></param> /// <param name="externalAccessToken"></param> /// <returns></returns> private async Task <IHttpActionResult> CreateNewUserFromExternalAccesToken(string provider, ParsedExternalAccessToken verifiedAccessToken, string externalAccessToken) { RegisterExternalBindingModel model = new RegisterExternalBindingModel() { UserName = verifiedAccessToken.email, // this is null Provider = provider, ExternalAccessToken = externalAccessToken }; Student student = new Student(); student.username = verifiedAccessToken.email; student.email = verifiedAccessToken.email; KompetansetorgetServerContext db = new KompetansetorgetServerContext(); db.students.Add(student); db.SaveChanges(); return(await RegisterExternal(model)); }
private static void loadUserProfile(string provider, ParsedExternalAccessToken verifiedAccessToken, JObject accessTokenResponse) { if (provider == LinkedIn) { accessTokenResponse.Add("userProfile", JToken.FromObject(verifiedAccessToken.userProfile)); } if (provider == GitHub) { accessTokenResponse.Add("githubUserProfile", JToken.FromObject(verifiedAccessToken.githubUserProfile)); } if (provider == StackExchange) { accessTokenResponse.Add("stackexchangeUserProfile", JToken.FromObject(verifiedAccessToken.stackexchangeUserProfile)); } if (provider == Twitter) { accessTokenResponse.Add("twitterUserProfile", JToken.FromObject(verifiedAccessToken.twitterUserProfile)); } }
public async Task <ParsedExternalAccessToken> VerifyExternalAccessToken(string provider, string accessToken) { ParsedExternalAccessToken parsedToken = null; string verifyTokenEndPoint; if (provider == "Facebook") { var appToken = ConfigurationManager.AppSettings["FacebookAppToken"]; verifyTokenEndPoint = $"https://graph.facebook.com/debug_token?input_token={accessToken}&access_token={appToken}"; } else { return(null); } var client = new HttpClient(); var uri = new Uri(verifyTokenEndPoint); var response = await client.GetAsync(uri); if (response.IsSuccessStatusCode) { var content = await response.Content.ReadAsStringAsync(); dynamic jObj = (JObject)Newtonsoft.Json.JsonConvert.DeserializeObject(content); parsedToken = new ParsedExternalAccessToken(); if (provider == "Facebook") { parsedToken.user_id = jObj["data"]["user_id"]; parsedToken.app_id = jObj["data"]["app_id"]; if (!string.Equals(AuthConfig.FacebookAuthOptions.AppId, parsedToken.app_id, StringComparison.OrdinalIgnoreCase)) { return(null); } } } return(parsedToken); }
private async Task <ParsedExternalAccessToken> GetUserIdwithAccessToken(string provider, string accessToken) { ParsedExternalAccessToken parsedToken = null; var client = new HttpClient(); // Add a new Request Message HttpRequestMessage requestMessage = new HttpRequestMessage(HttpMethod.Get, "https://api.pushbullet.com/v2/users/me"); // Add our custom headers requestMessage.Headers.Add("Access-Token", accessToken); //requestMessage.Headers.Add("Content-Type", "application/json"); // Send the request to the server HttpResponseMessage response = await client.SendAsync(requestMessage); //// Just as an example I'm turning the response into a string here //string responseAsString = await response.Content.ReadAsStringAsync(); //var uri = new Uri("https://api.pushbullet.com/v2/users/me");//verifyTokenEndPoint); //client.DefaultRequestHeaders.Add("Accept", "application/json"); //client.DefaultRequestHeaders.Add("Content-Type", "application/json"); //client.DefaultRequestHeaders.Add("Access-Token", accessToken); //var response = await client.GetAsync(uri); if (response.IsSuccessStatusCode) { var content = await response.Content.ReadAsStringAsync(); dynamic jObj = (JObject)Newtonsoft.Json.JsonConvert.DeserializeObject(content); //JObject jObj = (JObject)Newtonsoft.Json.JsonConvert.DeserializeObject(content); parsedToken = new ParsedExternalAccessToken(); parsedToken.user_name = jObj.name; parsedToken.user_id = jObj.iden; } return(parsedToken); }
private async Task <ParsedExternalAccessToken> VerifyExternalAccessToken(string provider, string accessToken) { ParsedExternalAccessToken parsedToken = null; var verifyTokenEndPoint = ""; if (provider == "Facebook") { //You can get it from here: https://developers.facebook.com/tools/accesstoken/ //More about debug_tokn here: http://stackoverflow.com/questions/16641083/how-does-one-get-the-app-access-token-for-debug-token-inspection-on-facebook var appToken = "xxxxxx"; verifyTokenEndPoint = string.Format("https://graph.facebook.com/debug_token?input_token={0}&access_token={1}", accessToken, appToken); } else if (provider == "Google") { verifyTokenEndPoint = string.Format("https://www.googleapis.com/oauth2/v1/tokeninfo?access_token={0}", accessToken); } else { return(null); } var client = new HttpClient(); var uri = new Uri(verifyTokenEndPoint); var response = await client.GetAsync(uri); if (response.IsSuccessStatusCode) { var content = await response.Content.ReadAsStringAsync(); dynamic jObj = (JObject)Newtonsoft.Json.JsonConvert.DeserializeObject(content); parsedToken = new ParsedExternalAccessToken(); } return(parsedToken); }
public async Task <IHttpActionResult> ObtainLocalAccessToken(string provider, string externalAccessToken) { if (string.IsNullOrWhiteSpace(provider) || string.IsNullOrWhiteSpace(externalAccessToken)) { return(BadRequest("Provider or external access token is not sent")); } // Verify that the access token supplied is valid ParsedExternalAccessToken verifiedAccessToken = await VerifyExternalAccessToken(provider, externalAccessToken); if (verifiedAccessToken == null) { return(BadRequest("Invalid Provider or External Access Token")); } // Find the user in our repository IUser user = repository.GetUser(verifiedAccessToken.user_id, provider); if (user == null) { // Register now user = accountBusiness.CreateNewUser( new User { AuthenticationUserId = verifiedAccessToken.user_id, AuthenticationProvider = provider, UserName = verifiedAccessToken.username }); } //generate access token response var accessTokenResponse = GenerateLocalAccessTokenResponse(user); // Return success with the bearer token for authorized access return(Ok(new { token = accessTokenResponse, profile = user })); }
private async Task<ParsedExternalAccessToken> VerifyExternalAccessToken(string provider, string accessToken) { ParsedExternalAccessToken parsedToken = null; var verifyTokenEndPoint = ""; if (provider == "Facebook") { //You can get it from here: https://developers.facebook.com/tools/accesstoken/ //More about debug_tokn here: http://stackoverflow.com/questions/16641083/how-does-one-get-the-app-access-token-for-debug-token-inspection-on-facebook var appToken = "1617509121824168|U-Kz0PRxEa1QJ80G0R_aADzLlBk"; verifyTokenEndPoint = string.Format("https://graph.facebook.com/debug_token?input_token={0}&access_token={1}", accessToken, appToken); } else if (provider == "Google") { verifyTokenEndPoint = string.Format("https://www.googleapis.com/oauth2/v1/tokeninfo?access_token={0}", accessToken); } else { return null; } var client = new HttpClient(); var uri = new Uri(verifyTokenEndPoint); var response = await client.GetAsync(uri); if (response.IsSuccessStatusCode) { var content = await response.Content.ReadAsStringAsync(); dynamic jObj = (JObject)JsonConvert.DeserializeObject(content); parsedToken = new ParsedExternalAccessToken(); if (provider == "Facebook") { parsedToken.UserId = jObj["data"]["user_id"]; parsedToken.AppId = jObj["data"]["app_id"]; parsedToken.Claims = new List<Claim> { new Claim("user_id", jObj["data"]["user_id"].ToString()), new Claim("app_id", jObj["data"]["app_id"].ToString()), }; if (!string.Equals(Startup.FacebookAuthOptions.AppId, parsedToken.AppId, StringComparison.OrdinalIgnoreCase)) { return null; } } if (provider == "Google") { parsedToken.UserId = jObj["user_id"]; parsedToken.AppId = jObj["audience"]; parsedToken.Claims = new List<Claim> { new Claim("issued_to", jObj["issued_to"].ToString()), new Claim("audience", jObj["audience"].ToString()), new Claim("user_id", jObj["user_id"].ToString()), new Claim("scope", jObj["scope"].ToString()), new Claim("expires_in", jObj["expires_in"].ToString()), new Claim("email", jObj["email"].ToString()), new Claim("verified_email", jObj["verified_email"].ToString()), new Claim("access_type", jObj["access_type"].ToString()) }; if (!string.Equals(Startup.GoogleAuthOptions.ClientId, parsedToken.AppId, StringComparison.OrdinalIgnoreCase)) { return null; } } } return parsedToken; }
private async Task <ParsedExternalAccessToken> VerifyExternalAccessToken(string provider, string accessToken) { ParsedExternalAccessToken parsedToken = null; var verifyTokenEndPoint = ""; switch (provider) { case LinkedIn: // verifyTokenEndPoint = string.Format("https://api.linkedin.com/v1/companies/universal-name=victor:(id,name,ticker,description)?oauth2_access_token={0}", accessToken); verifyTokenEndPoint = string.Format("https://api.linkedin.com/v1/people/~:(id,first-name,last-name,formatted-name,email-address,positions,headline,location,public-profile-url)?oauth2_access_token={0}", accessToken); break; case GitHub: verifyTokenEndPoint = string.Format("https://api.github.com/user?access_token={0}", accessToken); break; case Twitter: verifyTokenEndPoint = string.Format("https://api.twitter.com/1.1/users/show.json?access_token={0}", accessToken); break; case StackExchange: verifyTokenEndPoint = string.Format("https://api.stackexchange.com/2.2/me?order=desc&sort=reputation&site=stackoverflow&access_token={0}&key={1}", accessToken, Startup.stackexchangeAuthOptions.Key); break; case Facebook: //You can get it from here: https://developers.facebook.com/tools/accesstoken/ //More about debug_tokn here: http://stackoverflow.com/questions/16641083/how-does-one-get-the-app-access-token-for-debug-token-inspection-on-facebook var appToken = "xxxxx"; verifyTokenEndPoint = string.Format("https://graph.facebook.com/debug_token?input_token={0}&access_token={1}", accessToken, appToken); break; case GooglePlus: verifyTokenEndPoint = string.Format("https://www.googleapis.com/oauth2/v1/tokeninfo?access_token={0}", accessToken); break; case Stripe: const string UserInfoEndpoint = "https://api.stripe.com/v1/account"; HttpRequestMessage userRequest; var httpClient = getWebClient(accessToken, UserInfoEndpoint, out userRequest); HttpResponseMessage graphResponse = await httpClient.SendAsync(userRequest); graphResponse.EnsureSuccessStatusCode(); var content = await graphResponse.Content.ReadAsStringAsync(); dynamic jObj = (JObject)Newtonsoft.Json.JsonConvert.DeserializeObject(content); parsedToken = new ParsedExternalAccessToken(); parsedToken.user_id = jObj["id"]; //parsedToken.email = jObj["email"]; return(parsedToken); default: break; } var client = new HttpClient(); if (provider == StackExchange) { var handler = new HttpClientHandler(); if (handler.SupportsAutomaticDecompression) { handler.AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate; } client = new HttpClient(handler); } var uri = new Uri(verifyTokenEndPoint); if (provider.Equals(LinkedIn, StringComparison.InvariantCultureIgnoreCase)) { client.DefaultRequestHeaders.Add("x-li-format", "json"); } if (provider.Equals(GitHub, StringComparison.InvariantCultureIgnoreCase)) { client.DefaultRequestHeaders.Add("User-Agent", ClientName); } var response = await client.GetAsync(uri); if (response.IsSuccessStatusCode) { string content = await response.Content.ReadAsStringAsync(); dynamic jObj = (JObject)Newtonsoft.Json.JsonConvert.DeserializeObject(content); JObject profile = jObj as JObject; parsedToken = new ParsedExternalAccessToken(); switch (provider) { case LinkedIn: parsedToken.user_id = jObj["id"]; parsedToken.userProfile = profile.ToObject <UserProfile>(); parsedToken.email = parsedToken.userProfile.emailAddress; //if (!string.Equals(Startup.linkedinAuthOptions.ClientId, parsedToken.app_id, StringComparison.OrdinalIgnoreCase)) //{ // return null; //} break; case GitHub: parsedToken.user_id = jObj["id"]; parsedToken.githubUserProfile = profile.ToObject <GitHubUserProfile>(); parsedToken.email = parsedToken.githubUserProfile.email; break; case Twitter: parsedToken.user_id = jObj["id"]; parsedToken.twitterUserProfile = profile.ToObject <TwitterUserProfile>(); parsedToken.email = parsedToken.twitterUserProfile.email; break; case StackExchange: parsedToken.stackexchangeUserProfile = profile.ToObject <Angjobs.Models.StackExchange.RootObject>().items[0]; parsedToken.user_id = parsedToken.stackexchangeUserProfile.user_id.ToString(); break; case "Facebook": parsedToken.user_id = jObj["data"]["user_id"]; parsedToken.app_id = jObj["data"]["app_id"]; if (!string.Equals(Startup.facebookAuthOptions.AppId, parsedToken.app_id, StringComparison.OrdinalIgnoreCase)) { return(null); } break; case "GooglePlus": parsedToken.user_id = jObj["user_id"]; parsedToken.app_id = jObj["audience"]; //parsedToken.email = jObj["email"]; if (!string.Equals(Startup.googleAuthOptions.ClientId, parsedToken.app_id, StringComparison.OrdinalIgnoreCase)) { return(null); } break; default: break; } } return(parsedToken); }
private async Task <ParsedExternalAccessToken> VerifyExternalAccessToken(ExternalLoginProviderName provider, string accessToken) { var verifyTokenEndPoint = ""; if (provider == ExternalLoginProviderName.Facebook) { //You can get it from here: https://developers.facebook.com/tools/accesstoken/ //More about debug_tokn here: http://stackoverflow.com/questions/16641083/how-does-one-get-the-app-access-token-for-debug-token-inspection-on-facebook var appToken = ConfigurationManager.AppSettings["facebook:AppToken"]; verifyTokenEndPoint = string.Format("https://graph.facebook.com/debug_token?input_token={0}&access_token={1}", accessToken, appToken); } else if (provider == ExternalLoginProviderName.Google) { verifyTokenEndPoint = string.Format("https://www.googleapis.com/oauth2/v1/tokeninfo?access_token={0}", accessToken); } else { return(null); } var client = new HttpClient(); var uri = new Uri(verifyTokenEndPoint); var response = await client.GetAsync(uri); if (!response.IsSuccessStatusCode) { return(null); } var content = await response.Content.ReadAsStringAsync(); dynamic jObj = (JObject)Newtonsoft.Json.JsonConvert.DeserializeObject(content); ParsedExternalAccessToken parsedToken = new ParsedExternalAccessToken(); if (provider == ExternalLoginProviderName.Facebook) { parsedToken.UserID = jObj["data"]["user_id"]; parsedToken.AppID = jObj["data"]["app_id"]; if (!string.Equals(Startup.FacebookAuthOptions.AppId, parsedToken.AppID, StringComparison.OrdinalIgnoreCase)) { return(null); } var fbClient = new FacebookClient(accessToken); dynamic userEmailInfo = fbClient.Get("/me?fields=email"); parsedToken.Email = userEmailInfo.email; } else if (provider == ExternalLoginProviderName.Google) { parsedToken.UserID = jObj["user_id"]; parsedToken.AppID = jObj["audience"]; parsedToken.Email = jObj["email"]; if (!string.Equals(Startup.GoogleAuthOptions.ClientId, parsedToken.AppID, StringComparison.OrdinalIgnoreCase)) { return(null); } } return(parsedToken); }
private async Task<ParsedExternalAccessToken> VerifyExternalAccessToken(string provider, string accessToken) { ParsedExternalAccessToken parsedToken = null; var verifyTokenEndPoint = ""; if (provider == "Facebook") { //You can get it from here: https://developers.facebook.com/tools/accesstoken/ //More about debug_tokn here: http://stackoverflow.com/questions/16641083/how-does-one-get-the-app-access-token-for-debug-token-inspection-on-facebook var appToken = "xxxxxx"; verifyTokenEndPoint = string.Format("https://graph.facebook.com/debug_token?input_token={0}&access_token={1}", accessToken, appToken); } else if (provider == "Google") { verifyTokenEndPoint = string.Format("https://www.googleapis.com/oauth2/v1/tokeninfo?access_token={0}", accessToken); } else { return null; } var client = new HttpClient(); var uri = new Uri(verifyTokenEndPoint); var response = await client.GetAsync(uri); if (response.IsSuccessStatusCode) { var content = await response.Content.ReadAsStringAsync(); dynamic jObj = (JObject)Newtonsoft.Json.JsonConvert.DeserializeObject(content); parsedToken = new ParsedExternalAccessToken(); if (provider == "Facebook") { parsedToken.user_id = jObj["data"]["user_id"]; parsedToken.app_id = jObj["data"]["app_id"]; if (!string.Equals(Startup.facebookAuthOptions.AppId, parsedToken.app_id, StringComparison.OrdinalIgnoreCase)) { return null; } } else if (provider == "Google") { parsedToken.user_id = jObj["user_id"]; parsedToken.app_id = jObj["audience"]; if (!string.Equals(Startup.googleAuthOptions.ClientId, parsedToken.app_id, StringComparison.OrdinalIgnoreCase)) { return null; } } } return parsedToken; }
public async Task <ParsedExternalAccessToken> VerifyExternalAccessToken(MixExternalLoginProviders provider, string accessToken, MixAuthenticationConfigurations appConfigs) { ParsedExternalAccessToken parsedToken = null; string verifyTokenEndPoint; switch (provider) { case MixExternalLoginProviders.Facebook: //You can get it from here: https://developers.facebook.com/tools/accesstoken/ //More about debug_tokn here: http://stackoverflow.com/questions/16641083/how-does-one-get-the-app-access-token-for-debug-token-inspection-on-facebook var appToken = $"{appConfigs.Facebook.AppId}|{appConfigs.Facebook.AppSecret}"; verifyTokenEndPoint = string.Format("https://graph.facebook.com/debug_token?input_token={0}&access_token={1}", accessToken, appToken); break; case MixExternalLoginProviders.Google: verifyTokenEndPoint = string.Format("https://www.googleapis.com/oauth2/v1/tokeninfo?access_token={0}", accessToken); break; case MixExternalLoginProviders.Twitter: case MixExternalLoginProviders.Microsoft: default: return(null); } var client = new HttpClient(); var uri = new Uri(verifyTokenEndPoint); var response = await client.GetAsync(uri); if (response.IsSuccessStatusCode) { var content = await response.Content.ReadAsStringAsync(); dynamic jObj = JObject.Parse(content); parsedToken = new ParsedExternalAccessToken(); if (provider == MixExternalLoginProviders.Facebook) { parsedToken.user_id = jObj["data"]["user_id"]; parsedToken.app_id = jObj["data"]["app_id"]; if (!string.Equals(appConfigs.Facebook.AppId, parsedToken.app_id, StringComparison.OrdinalIgnoreCase)) { return(null); } } else if (provider == MixExternalLoginProviders.Google) { parsedToken.user_id = jObj["user_id"]; parsedToken.app_id = jObj["audience"]; if (!string.Equals(appConfigs.Google.AppId, parsedToken.app_id, StringComparison.OrdinalIgnoreCase)) { return(null); } } } return(parsedToken); }
private async Task <ParsedExternalAccessToken> VerifyExternalAccessToken(string provider, string accessToken) { try { ParsedExternalAccessToken parsedToken = null; var verifyTokenEndPoint = ""; if (provider == "Facebook") { //You can get it from here: https://developers.facebook.com/tools/accesstoken/ //More about debug_tokn here: http://stackoverflow.com/questions/16641083/how-does-one-get-the-app-access-token-for-debug-token-inspection-on-facebook var appToken = ConfigurationManager.AppSettings["fbAppToken"]; //"1616809328551404|qRN7xVIJWnNJxDXH-BHxgznZnnE"; verifyTokenEndPoint = string.Format("https://graph.facebook.com/debug_token?input_token={0}&access_token={1}", accessToken, appToken); } else if (provider == "Google") { verifyTokenEndPoint = string.Format("https://www.googleapis.com/oauth2/v1/tokeninfo?access_token={0}", accessToken); } else { return(null); } var client = new HttpClient(); var uri = new Uri(verifyTokenEndPoint); var response = await client.GetAsync(uri); if (response.IsSuccessStatusCode) { var content = await response.Content.ReadAsStringAsync(); dynamic jObj = (JObject)Newtonsoft.Json.JsonConvert.DeserializeObject(content); parsedToken = new ParsedExternalAccessToken(); if (provider == "Facebook") { parsedToken.user_id = jObj["data"]["user_id"]; parsedToken.app_id = jObj["data"]["app_id"]; if (!string.Equals(Startup.facebookAuthOptions.AppId, parsedToken.app_id, StringComparison.OrdinalIgnoreCase)) { return(null); } } else if (provider == "Google") { parsedToken.user_id = jObj["user_id"]; parsedToken.app_id = jObj["audience"]; if (!string.Equals(Startup.googleAuthOptions.ClientId, parsedToken.app_id, StringComparison.OrdinalIgnoreCase)) { return(null); } } } return(parsedToken); } catch (Exception ex) { var x = ex.Message + " - " + ex.InnerException; return(new ParsedExternalAccessToken()); //return Ok(); } }
private static async Task <ParsedExternalAccessToken> VerifyExternalAccessToken(string provider, string accessToken) { ParsedExternalAccessToken parsedToken = null; var verifyTokenEndPoint = ""; switch (provider) { case "Facebook": //You can get it from here: https://developers.facebook.com/tools/accesstoken/ //More about debug_tokn here: http://stackoverflow.com/questions/16641083/how-does-one-get-the-app-access-token-for-debug-token-inspection-on-facebook const string appToken = "xxxxxx"; verifyTokenEndPoint = string.Format("https://graph.facebook.com/debug_token?input_token={0}&access_token={1}", accessToken, appToken); break; case "Google": verifyTokenEndPoint = string.Format("https://www.googleapis.com/oauth2/v1/tokeninfo?access_token={0}", accessToken); break; default: return(null); } var client = new HttpClient(); var uri = new Uri(verifyTokenEndPoint); var response = await client.GetAsync(uri); if (!response.IsSuccessStatusCode) { return(null); } var content = await response.Content.ReadAsStringAsync(); dynamic jObj = (JObject)JsonConvert.DeserializeObject(content); parsedToken = new ParsedExternalAccessToken(); switch (provider) { case "Facebook": parsedToken.user_id = jObj["data"]["user_id"]; parsedToken.app_id = jObj["data"]["app_id"]; if (!string.Equals(Startup.FacebookAuthOptions.AppId, parsedToken.app_id, StringComparison.OrdinalIgnoreCase)) { return(null); } break; case "Google": parsedToken.user_id = jObj["user_id"]; parsedToken.app_id = jObj["audience"]; if (!string.Equals(Startup.GoogleAuthOptions.ClientId, parsedToken.app_id, StringComparison.OrdinalIgnoreCase)) { return(null); } break; } return(parsedToken); }
public async Task <JsonResult> ExternalLoginGetToken(string provider, string accessToken) { ParsedExternalAccessToken token = await this.ParseAccessToken(provider, accessToken); IdentityUser user = await _authService.FindUser(new UserLoginInfo(provider, token.UserIdProvider)); if (user == null) { var result = await _authService.Create(new IdentityUser { Email = token.Email, UserName = token.Email }); if (result.Errors.Any()) { return(Json(new { error = result.Errors.First(), success = false }, JsonRequestBehavior.AllowGet)); } Guid userId = await this.FindUserIdFromEmail(token.Email); await _authService.AddLoginExtenalLogin(userId.ToString(), new UserLoginInfo(provider, token.UserIdProvider)); await _userService.CreateUser(userId, token.Email, token.UserName); string photoUrl; switch (provider) { case "Facebook": photoUrl = await this.DownloadFacebookProfilePhoto(userId, token.UserIdProvider); break; case "Google": photoUrl = await this.DownloadGoogleProfilePhoto(userId, accessToken); break; default: throw new ApplicationException("Provider not supported"); } await _userService.SetProfilePhotoUrl(userId, photoUrl); await _userService.UpdateGender(userId, token.Gender); user = await _authService.FindUser(new UserLoginInfo(provider, token.UserIdProvider)); } //generate access token response var accessTokenResponse = TokenGenerator.GenerateAccessToken(user.Id, user.Email); return(Json(new { token = new { userName = accessTokenResponse.Value <string>("userName"), access_token = accessTokenResponse.Value <string>("access_token"), token_type = accessTokenResponse.Value <string>("token_type"), expires_in = accessTokenResponse.Value <string>("expires_in") }, success = true }, JsonRequestBehavior.AllowGet)); }