droid应用程序通过Facebook令牌对WebAPI进行身份

droid应用程序通过Facebook令牌对WebAPI进行身份

本文介绍了通过Android应用程序通过Facebook令牌对WebAPI进行身份验证访问的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我试图让我的Android应用程序登录到我的WebAPI服务。我想分享我的想法,以验证他们。

I'm trying to make my Android Application to log into my WebAPI services. I want to share my ideas in order to verify them.

如果通过WebSite执行对WebAPI的访问,步骤如下:

If the access to WebAPI is performed via WebSite the steps are:

1-调用WebAPI方法登录

1- Call WebAPI method for logging in

2- WebAPI将客户端重定向到Facebook

2- WebAPI redirect client to facebook

3- Facebook登录并返回令牌

3- Facebook login and returns a Token

4-如果我在下次呼叫中使用该令牌,我将被认证为正确的用户。

4- If I use that token in the next calls I'll be authenticated as the right user.

这样做。

如果通过Android APP执行对WebAPI的访问,我该如何获取访问令牌?
其实我在做这样的事情:

If the access to WebAPI is performed via Android APP, how can I get the access token?Actually I'm doing something like:

1-通过登录按钮联系Facebook

1- Contact Facebook via Login Button

2 - 将登录的ID记录到接收令牌的Facebook

2- Getting logged id to Facebook receiving a Token

3-尝试执行WebAPI调用,将认证:承载CODE添加到我的呼叫中

3- Trying to perform WebAPI calls adding the Authentication: Bearer CODE to my calls

在那一刻我正在徘徊..

At that point I'm wandering..

我的应用程序现在是我特别的用户?如果我执行类似

How can my application now that I'm THAT particular user? If I perform something like

GET /API/METHOD1
Authentication: Bearer CODE

如果Android应用从未告诉过他,那么它如何知道CODE是我?应用程序是否自动与Facebook联系以便收到一个答案,如是的,我发布该令牌,它与...有关

How can it knows that the CODE is me if the Android Application never told him? Does the application automatically contact Facebook in order to receive an answer like "yeah! I release that token, it is related to..."

或者我误会了一切?

另一种方法我可以弄清楚,我必须使用混合方法,如:

The other way I can figure it out is that I must use an "hybrid approach" like:

1-呼叫WebAPI(通过浏览器)
2-获取重定向链接到Facebook
3-获取令牌

1- Call WebAPI (as via browser)2- Get Redirect link to Facebook3- Get the token

但是在那点,我怎么可以在Facebook应用程序/ Facebook网站之间切换到我的Android应用程序?

But.. At that point, how can I swith between Facebook App / Facebook Site to my Android application again?

对不起,我想找出这个验证旁边的逻辑

Sorry for the mess, I'm trying to find out the logic beside this auth process.

推荐答案

好吧,我想我已经有了!

Ok, I think I've got it!

当WebAPI收到Facebook令牌不知道任何关于用户和授权。但是,由于令牌,可以访问Facebook作为呼叫者。

when WebAPI receives the Facebook Token doesn't know anything about user and authorizations. BUT, due to the token, can access to Facebook "as the caller".

通过这种方式,应用程序可以执行如下操作:

By this way the application could perform something like:


  1. Android - > Facebook登录 - >获取FBToken

  1. Android -> Facebook Login -> Get FBToken

Android - > Web API - >发送FBToken

Android -> Web API -> Send FBToken

Web API - > Facebook - > / me发送FBToken

Web API -> Facebook -> /me Sending FBToken

Facebook - > Web API - >身份

Facebook -> Web API -> Identity

Web API - > Andoid - >这是您身份的令牌

Web API -> Andoid -> This is the token for you Identity

Android - > Web API - >给我Auth方法,授权:承载WebAPIToken

Android -> Web API -> Give me Auth Method, Authorization: Bearer WebAPIToken

我在线发现了一个有用的类:(基于)

I found out a useful class online: (based on WebApi ASP.NET Identity Facebook login)

private async Task<FacebookUserViewModel> VerifyFacebookAccessToken(string accessToken)
{
    FacebookUserViewModel fbUser = null;
     var path = "https://graph.facebook.com/me?access_token=" + accessToken;
     var client = new HttpClient();
     var uri = new Uri(path);
     var response = await client.GetAsync(uri);
     if (response.IsSuccessStatusCode)
     {
         var content = await response.Content.ReadAsStringAsync();
         fbUser = Newtonsoft.Json.JsonConvert.DeserializeObject<FacebookUserViewModel>     (content);
     }

     return fbUser;
 }


 public class FacebookUserViewModel
 {
     [JsonProperty("id")]
     public string ID { get; set; }
     [JsonProperty("first_name")]
     public string FirstName { get; set; }
     [JsonProperty("last_name")]
     public string LastName { get; set; }
     [JsonProperty("username")]
     public string Username { get; set; }
     [JsonProperty("email")]
     public string Email { get; set; }
 }

所以,你可以有一个WebAPI,如:

So, you could have a WebAPI like:

    [HttpGet]
    [AllowAnonymous]
    public async Task<string> GetTokenFromFacebook(string accessToken)
    {
        var user = await VerifyFacebookAccessToken(accessToken);
        //Search on your DB for the user ID or email
        //Get token for user
        return token;
    }

完整而完美的解释如下:

A complete and perfect explanation is here:http://thewayofcode.wordpress.com/2014/03/01/asp-net-webapi-identity-system-how-to-login-with-facebook-access-token/

创建标记示例

        var tokenExpirationTimeSpan = TimeSpan.FromDays(14);
        var identity = new ClaimsIdentity(Startup.OAuthBearerOptions.AuthenticationType);
        identity.AddClaim(new Claim(ClaimTypes.Name, UserName, null, "Facebook"));
        identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, user.ToString(), null, "LOCAL_AUTHORITY"));
        AuthenticationTicket ticket = new AuthenticationTicket(identity, new AuthenticationProperties());
        var currentUtc = new Microsoft.Owin.Infrastructure.SystemClock().UtcNow;
        ticket.Properties.IssuedUtc = currentUtc;
        ticket.Properties.ExpiresUtc = currentUtc.Add(tokenExpirationTimeSpan);
        var accesstoken = Startup.OAuthBearerOptions.AccessTokenFormat.Protect(ticket);

我希望它有帮助!

这篇关于通过Android应用程序通过Facebook令牌对WebAPI进行身份验证访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

07-22 20:21