需求:OAuth2实现第三方网站授权并获取其相关数据来实现登录等功能
暂时支持Facebook ,LinkedIn ,基本大同小异,只是返回时的数据不同,需根据具体返回类型进行相应处理
1.OAuth2认证流程
OAuth2认证协议涉及3方(应用、用户和服务方),加之流程较为繁琐,实现命名不尽相同,
容易忘记和混淆,简述认证流程如下
1、向使用OAuth2认证的服务方申请应用,获取应用的client_id(应用唯一标识)和client_secret(应用私钥)
2、使用key/secret向服务方请求用户授权Token(code也就是authorization_code)
3、使用用户授权Token换取用户信息访问Token(access_token ),
4、使用access_token(用户信息访问令牌)获取相关信息
2.授权访问流程
1、向第三方平台申请访问权限得到(client_id和client_secret)
2、填写Oauth2.0本站返回链接
3、向第三方平台发送授权请求
4、再返回url中进行业务潮处理
注意:申请的网址需要与实际访问的url保持一致
3. AuthHelper代码
public abstract class AuthHelper { public static AuthToken GetToken(string code, string token_url, string cliend_id, string client_secret, string return_url) { var strResult = GetTokenStr(code, token_url, cliend_id, client_secret, return_url); try { var res = JsonConvert.DeserializeObject<AuthToken>(strResult); return res; } catch (Exception ex) { Tool.Log.Write(ex.ToString()); } return default(AuthToken); } /// <summary> /// 向第三方平台发送获取token请求 /// </summary> /// <param name="code"></param> /// <param name="token_url"></param> /// <param name="cliend_id"></param> /// <param name="client_secret"></param> /// <param name="return_url"></param> /// <returns></returns> public static string GetTokenStr(string code, string token_url, string cliend_id, string client_secret, string return_url) { Dictionary<string, string> dicPara = new Dictionary<string, string>(); dicPara.Add("grant_type", "authorization_code"); dicPara.Add("code", code); dicPara.Add("redirect_uri", return_url); dicPara.Add("client_id", cliend_id); dicPara.Add("client_secret", client_secret); var token = WebApiHelper.PostResponseStr(token_url, dicPara); return token; } /// <summary> /// header中发送token /// </summary> /// <param name="accessToken"></param> /// <param name="profile_url"></param> /// <returns></returns> public static string GetProFileAuth(string accessToken, string profile_url) { Dictionary<string, string> dicAuth = new Dictionary<string, string>(); dicAuth.Add("Authorization", "Bearer " + accessToken); var profile = WebApiHelper.GetResponseStr(profile_url, null, dicAuth); return profile; } /// <summary> /// get方式获取token /// </summary> /// <param name="accessToken"></param> /// <param name="profile_url"></param> /// <returns></returns> public static string GetProFileStr(string accessToken, string profile_url) { Dictionary<string, string> dicQuery = new Dictionary<string, string>(); dicQuery.Add("access_token", accessToken); var profile = WebApiHelper.GetResponseStr(profile_url, dicQuery, null); return profile; } }
4.返回业务处理
public ActionResult ReturnLinkedin() { string description = string.Empty; string code = RequestString("code"); string state = RequestString("state"); string error = RequestString("error"); string error_description = RequestString("error_description"); if (code == "" || error != "") { if (code == "user_cancelled_authorize" || code == "user_cancelled_login ") { description = code; } else description = error != "" ? error_description : "no authentication !"; } else { var res = Tools.Auth.LinkinHelper.GetToken(code, Tools.Auth.LinkinConfig.ReturnUrl); if (res.access_token != "") { var entity = Tools.Auth.LinkinHelper.GetProFileStr(res.access_token, Tools.Auth.LinkinConfig.ProfileResourceUrl); description = entity;
/***具体业务处理
**/ } else { description = "access token error"; } } ViewBag.Description = description; return View(); }
Github地址:https://github.com/willianchen/Chml.Oauth
第一次发博客 ,有疑问或者有建议的请留言