/// <summary>
/// Creates a new user based on a external access token.
/// </summary>
/// <param name="provider"></param>
/// <param name="verifiedAccessToken"></param>
/// <param name="externalAccessToken"></param>
/// <returns></returns>
private async Task<IHttpActionResult> CreateNewUserFromExternalAccesToken(string provider,
ParsedExternalAccessToken verifiedAccessToken, string externalAccessToken)
{
RegisterExternalBindingModel model = new RegisterExternalBindingModel()
{
UserName = verifiedAccessToken.email, // this is null
Provider = provider,
ExternalAccessToken = externalAccessToken
};
Student student = new Student();
student.username = verifiedAccessToken.email;
student.email = verifiedAccessToken.email;
KompetansetorgetServerContext db = new KompetansetorgetServerContext();
db.students.Add(student);
db.SaveChanges();
return await RegisterExternal(model);
}
/// <summary>
/// Verifies with the provider that the token is indeed valid and contains the correct client id
/// (not a login token for another application).
/// </summary>
/// <param name="provider"></param>
/// <param name="accessToken"></param>
/// <returns></returns>
private async Task<ParsedExternalAccessToken> VerifyExternalAccessToken(string provider, string accessToken)
{
ParsedExternalAccessToken parsedToken = null;
var verifyTokenEndPoint = "";
if (provider == "Facebook")
{
//You can get it from here: https://developers.facebook.com/tools/accesstoken/
//More about debug_tokn here: http://stackoverflow.com/questions/16641083/how-does-one-get-the-app-access-token-for-debug-token-inspection-on-facebook
var appToken = "xxxxx";
verifyTokenEndPoint = string.Format("https://graph.facebook.com/debug_token?input_token={0}&access_token={1}", accessToken, appToken);
}
else if (provider == "Google")
{
verifyTokenEndPoint = string.Format("https://www.googleapis.com/oauth2/v1/tokeninfo?access_token={0}", accessToken);
}
else
{
return null;
}
var client = new HttpClient();
var uri = new Uri(verifyTokenEndPoint);
var response = await client.GetAsync(uri);
if (response.IsSuccessStatusCode)
{
var content = await response.Content.ReadAsStringAsync();
dynamic jObj = (JObject)Newtonsoft.Json.JsonConvert.DeserializeObject(content);
parsedToken = new ParsedExternalAccessToken();
if (provider == "Facebook")
{
parsedToken.user_id = jObj["data"]["user_id"];
parsedToken.app_id = jObj["data"]["app_id"];
if (!string.Equals(Startup.facebookAuthOptions.AppId, parsedToken.app_id, StringComparison.OrdinalIgnoreCase))
{
return null;
}
}
else if (provider == "Google")
{
parsedToken.user_id = jObj["user_id"];
parsedToken.app_id = jObj["audience"];
// The email attribute might be null unless correct scope is given at the clients Google login implementation.
parsedToken.email = jObj["email"];
if (
!string.Equals(Startup.googleAuthOptions.ClientId, parsedToken.app_id,
StringComparison.OrdinalIgnoreCase))
{
return null;
}
}
}
return parsedToken;
}
