问题描述
我决定尝试一下新的 Google Oauth2 中间件,它几乎打破了一切.这是我来自 startup.auth.cs 的提供者配置.打开后,包括谷歌提供者在内的所有提供者都会在 Challenge 中获得 500 内部服务器.但是,内部服务器错误的详细信息不可用,我无法弄清楚如何为 Katana 中间件打开任何调试或跟踪.在我看来,他们急于将 google Oauth 中间件推出门外.
I decided to give the new Google Oauth2 middleware a try and it has pretty much broken everything. Here is my provider config from startup.auth.cs.. When turned on, all of the providers including the google provider get a 500 internal server on Challenge. However the details of the internal server error are not available and I cant figure out how to turn on any debugging or tracing for the Katana middleware. Seems to me like they were in a rush to get the google Oauth middleware out the door.
//// GOOGLE
var googleOptions = new GoogleOAuth2AuthenticationOptions
{
ClientId = "228",
ClientSecret = "k",
CallbackPath = new PathString("/users/epsignin")
SignInAsAuthenticationType = DefaultAuthenticationTypes.ExternalCookie,
Provider = new GoogleOAuth2AuthenticationProvider
{
OnAuthenticated = context =>
{
foreach (var x in context.User)
{
string claimType = string.Format("urn:google:{0}", x.Key);
string claimValue = x.Value.ToString();
if (!context.Identity.HasClaim(claimType, claimValue))
context.Identity.AddClaim(new Claim(claimType, claimValue, XmlSchemaString, "Google"));
}
return Task.FromResult(0);
}
}
};
app.UseGoogleAuthentication(googleOptions);
操作方法代码:
[AllowAnonymous]
public ActionResult ExternalProviderSignIn(string provider, string returnUrl)
{
var ctx = Request.GetOwinContext();
ctx.Authentication.Challenge(
new AuthenticationProperties
{
RedirectUri = Url.Action("EPSignIn", new { provider })
},
provider);
return new HttpUnauthorizedResult();
}
推荐答案
这花了我几个小时才弄明白,但问题是@CrazyCoder 提到的 CallbackPath
.我意识到 public void ConfigureAuth(IAppBuilder app)
必须 中的 CallbackPath
与在 ChallengeResult.如果它们相同,则在 OWIN 中抛出 500 错误.
This took me hours to figure out, but the issue is the CallbackPath
as mentioned by @CrazyCoder. I realised that the CallbackPath
in public void ConfigureAuth(IAppBuilder app)
MUST be different to when it is being set in the ChallengeResult
. If they are the same a 500 error is thrown in OWIN.
我的代码用于 ConfigureAuth(IAppBuilder app)
是
var googleOptions = new Microsoft.Owin.Security.Google.GoogleOAuth2AuthenticationOptions
{
ClientId = "xxx",
ClientSecret = "yyy",
CallbackPath = new PathString("/callbacks/google"), //this is never called by MVC, but needs to be registered at your oAuth provider
Provider = new GoogleOAuth2AuthenticationProvider
{
OnAuthenticated = (context) =>
{
context.Identity.AddClaim(new Claim("picture", context.User.GetValue("picture").ToString()));
context.Identity.AddClaim(new Claim("profile", context.User.GetValue("profile").ToString()));
return Task.FromResult(0);
}
}
};
googleOptions.Scope.Add("email");
app.UseGoogleAuthentication(googleOptions);
我的回调"控制器代码是:
My 'callbacks' Controller code is:
// GET: /callbacks/googlereturn - callback Action
[AllowAnonymous]
public async Task<ActionResult> googlereturn()
{
return View();
}
//POST: /Account/GooglePlus
public ActionResult GooglePlus()
{
return new ChallengeResult("Google", Request.Url.GetLeftPart(UriPartial.Authority) + "/callbacks/googlereturn", null);
//Needs to be a path to an Action that will handle the oAuth Provider callback
}
private class ChallengeResult : HttpUnauthorizedResult
{
public ChallengeResult(string provider, string redirectUri)
: this(provider, redirectUri, null)
{
}
public ChallengeResult(string provider, string redirectUri, string userId)
{
LoginProvider = provider;
RedirectUri = redirectUri;
UserId = userId;
}
public string LoginProvider { get; set; }
public string RedirectUri { get; set; }
public string UserId { get; set; }
public override void ExecuteResult(ControllerContext context)
{
var properties = new AuthenticationProperties() { RedirectUri = RedirectUri };
if (UserId != null)
{
properties.Dictionary[XsrfKey] = UserId;
}
context.HttpContext.GetOwinContext().Authentication.Challenge(properties, LoginProvider);
}
}
- 回调/谷歌似乎由 OWIN 处理
- 回调/googlereturn 似乎由 MVC 处理
现在一切正常,尽管很想知道引擎盖下"到底发生了什么
It is all working now, although would love to know exactly what is happening 'under the bonnet'
除非您有其他要求,否则我的建议是让 OWIN 使用默认重定向路径,并确保您不会自己使用它们.
My advice, unless you have another requirement, is to let OWIN use default redirect paths and make sure you don't use them yourself.
这篇关于GoogleOauth2 问题获取内部服务器 500 错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!