public async Task <IHttpActionResult> AddExternalLogin(AddExternalLoginBindingModel model)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
ExternalAccessToken token = ExternalTokenHandler.Unprotect(model.ExternalAccessToken);
if (token == null || !token.IsValid)
{
return(BadRequest("External login failure."));
}
string userId = await IdentityStore.GetUserIdForLogin(token.LoginProvider, token.ProviderKey);
if (!String.IsNullOrEmpty(userId))
{
return(BadRequest("The external login is already associated with an account."));
}
// The current user is logged in, just add the new account
if (!await IdentityStore.AddLogin(User.Identity.GetUserId(), token.LoginProvider, token.ProviderKey))
{
return(BadRequest("Failed to add the external login."));
}
return(OK());
}
protected override async Task <AuthenticationTicket> AuthenticateCore()
{
_logger.WriteVerbose("AuthenticateCore");
AuthenticationExtra extra = null;
try
{
IDictionary <string, string[]> query = Request.GetQuery();
var protectedRequestToken = Request.GetCookies()[StateCookie];
var requestToken = _tokenProtectionHandler.Unprotect(protectedRequestToken);
if (requestToken == null)
{
_logger.WriteWarning("Invalid state", null);
return(null);
}
extra = requestToken.Extra;
if (!query.ContainsKey("oauth_token"))
{
_logger.WriteWarning("Missing oauth_token", null);
return(new AuthenticationTicket(null, extra));
}
if (!query.ContainsKey("oauth_verifier"))
{
_logger.WriteWarning("Missing oauth_verifier", null);
return(new AuthenticationTicket(null, extra));
}
var returnedToken = query["oauth_token"].FirstOrDefault();
string oauthVerifier = query["oauth_verifier"].FirstOrDefault();
if (returnedToken != requestToken.Token)
{
_logger.WriteWarning("Unmatched token", null);
return(new AuthenticationTicket(null, extra));
}
if (string.IsNullOrWhiteSpace(oauthVerifier))
{
_logger.WriteWarning("Blank oauth_verifier", null);
return(new AuthenticationTicket(null, extra));
}
var accessToken = await ObtainAccessToken(Options.ConsumerKey, Options.ConsumerSecret, requestToken, oauthVerifier);
var context = new TwitterAuthenticatedContext(Request.Environment, accessToken.UserId, accessToken.ScreenName);
context.Identity = new ClaimsIdentity(
new[]
{
new Claim(ClaimTypes.NameIdentifier, accessToken.UserId, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType),
new Claim(ClaimTypes.Name, accessToken.ScreenName, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType),
new Claim("urn:twitter:userid", accessToken.UserId, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType),
new Claim("urn:twitter:screenname", accessToken.ScreenName, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType),
},
Options.AuthenticationType,
ClaimsIdentity.DefaultNameClaimType,
ClaimsIdentity.DefaultRoleClaimType);
context.Extra = requestToken.Extra;
Response.DeleteCookie(StateCookie);
await Options.Provider.Authenticated(context);
return(new AuthenticationTicket(context.Identity, context.Extra));
}
catch (Exception ex)
{
_logger.WriteError("Authentication failed", ex);
return(new AuthenticationTicket(null, extra));
}
}