public async Task <IHttpActionResult> ExternalLoginComplete(string access_token)
{
ExternalAccessToken externalToken = ExternalTokenHandler.Unprotect(access_token);
if (externalToken == null || !externalToken.IsValid)
{
return(BadRequest("External login failure."));
}
string userId = await IdentityStore.GetUserIdForLogin(externalToken.LoginProvider,
externalToken.ProviderKey);
if (String.IsNullOrEmpty(userId))
{
return(Content(HttpStatusCode.OK, new RegisterExternalLoginViewModel
{
UserName = externalToken.DisplayName,
LoginProvider = externalToken.LoginProvider
}));
}
ClaimsIdentity identity = await GetIdentityAsync(userId);
string token = CreateAccessToken(identity);
IUser user = await IdentityStore.Context.Users.Find(userId);
return(OAuthAccessToken(token, "bearer", user.UserName));
}
public async Task <IHttpActionResult> AddExternalLogin(AddExternalLoginBindingModel model)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
ExternalAccessToken token = ExternalTokenHandler.Unprotect(model.ExternalAccessToken);
if (token == null || !token.IsValid)
{
return(BadRequest("External login failure."));
}
string userId = await IdentityStore.GetUserIdForLogin(token.LoginProvider, token.ProviderKey);
if (!String.IsNullOrEmpty(userId))
{
return(BadRequest("The external login is already associated with an account."));
}
// The current user is logged in, just add the new account
if (!await IdentityStore.AddLogin(User.Identity.GetUserId(), token.LoginProvider, token.ProviderKey))
{
return(BadRequest("Failed to add the external login."));
}
return(OK());
}
private static async Task <ExternalAccessToken> VerifyExternalAccessToken(string provider, string accessToken)
{
ExternalAccessToken externalAccessToken = null;
string verifyTokenEndPoint;
if (provider == "Facebook")
{
var facebookAppToken = "1540544966219959|eATZ1vQ6TzVBWDE5SS4MGo_5ymw";
verifyTokenEndPoint = string.Format("https://graph.facebook.com/debug_token?input_token={0}&access_token={1}", accessToken, facebookAppToken);
}
else if (provider == "Google")
{
verifyTokenEndPoint = string.Format("https://www.googleapis.com/oauth2/v1/tokeninfo?access_token={0}", accessToken);
}
else
{
return(null);
}
var client = new HttpClient();
var uri = new Uri(verifyTokenEndPoint);
var response = await client.GetAsync(uri);
if (response.IsSuccessStatusCode)
{
var content = await response.Content.ReadAsStringAsync();
dynamic jObj = Newtonsoft.Json.JsonConvert.DeserializeObject(content);
externalAccessToken = new ExternalAccessToken();
if (provider == "Facebook")
{
externalAccessToken.user_id = jObj["data"]["user_id"];
externalAccessToken.app_id = jObj["data"]["app_id"];
if (!string.Equals(Startup.FacebookAuthOptions.AppId, externalAccessToken.app_id, StringComparison.OrdinalIgnoreCase))
{
return(null);
}
}
else if (provider == "Google")
{
externalAccessToken.user_id = jObj["user_id"];
externalAccessToken.app_id = jObj["audience"];
if (!string.Equals(Startup.GoogleAuthOptions.ClientId, externalAccessToken.app_id, StringComparison.OrdinalIgnoreCase))
{
return(null);
}
}
}
return(externalAccessToken);
}
public async Task <IHttpActionResult> RegisterExternal(RegisterExternalBindingModel model)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
ExternalAccessToken externalToken = ExternalTokenHandler.Unprotect(model.ExternalAccessToken);
if (externalToken == null || !externalToken.IsValid)
{
return(BadRequest("External login failure."));
}
string existingUserId = await IdentityStore.GetUserIdForLogin(externalToken.LoginProvider,
externalToken.ProviderKey);
if (!String.IsNullOrEmpty(existingUserId))
{
return(BadRequest("The external login is already associated with an account."));
}
if (await IdentityStore.GetUserIdForLocalLogin(model.UserName) != null)
{
return(BadRequest("A user with the name '{0}' already exists.", model.UserName));
}
// Create a profile and link the local account before signing in the user
User user = new User(model.UserName);
try
{
if (!await IdentityStore.CreateExternalUser(user, externalToken.LoginProvider,
externalToken.ProviderKey))
{
return(BadRequest("Failed to create login for '{0}'.", model.UserName));
}
}
catch (IdentityException e)
{
return(BadRequest(e.ToString()));
}
InitiateDatabaseForNewUser(user.Id);
ClaimsIdentity identity = await GetIdentityAsync(user.Id);
string token = CreateAccessToken(identity);
return(OAuthAccessToken(token, "bearer", user.UserName));
}
private string CreateExternalAccessToken(ClaimsIdentity identity, TimeSpan expiresIn)
{
Claim providerKeyClaim = identity.FindFirst(ClaimTypes.NameIdentifier);
if (providerKeyClaim == null || String.IsNullOrEmpty(providerKeyClaim.Issuer))
{
return(null);
}
ExternalAccessToken token = new ExternalAccessToken
{
LoginProvider = providerKeyClaim.Issuer,
ProviderKey = providerKeyClaim.Value,
DisplayName = identity.Name,
Expires = DateTime.UtcNow.Add(expiresIn)
};
return(ExternalTokenHandler.Protect(token));
}
