当通过UseOpenIdConnectAuthentication登录时,loginInfo总是空的
本文关键字:loginInfo UseOpenIdConnectAuthentication 登录 | 更新日期: 2023-09-27 18:04:19
我尝试将标准MVC验证示例(http://www.asp.net/mvc/overview/security/create-an-aspnet-mvc-5-app-with-facebook-and-google-oauth2-and-openid-sign-on)与OpenID连接身份验证扩展到Thinktecture IdentityServer (https://github.com/IdentityServer/IdentityServer3.Samples/tree/master/source/Simplest%20OAuth2%20Walkthrough)的实例。
我将'openid'范围添加到IdentityServer的范围中。我使用https://github.com/IdentityServer/IdentityServer3.Samples/blob/master/source/MVC%20Authentication/EmbeddedMvc/Startup.cs中的示例代码添加了对userinfo端点的额外调用。
在认证中间件链的上层是——按照MVC认证的例子——UseCookieAuthentication和UseExternalSignInCookie。
当我在OpenIdConnectAuthenticationNotifications.SecurityTokenValidated中放置一个断点时,我可以看到所有的声明都很好地进入。因此,与IdentityServer的通信是正确的。
但是当我到达AccountController.ExternalLoginCallback时,调用
var loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync();
总是返回null。
当我登录谷歌OAuth2时,它不是空的。
我怀疑UseOpenIdConnectAuthentication设置(或不设置)Cookie信息的方式与UseCookieAuthentication提取Cookie信息的方式不匹配。但是我不知道如何解决这个问题。
结果是https://github.com/IdentityServer/IdentityServer3.Samples/blob/master/source/MVC%20Authentication/EmbeddedMvc/Startup.cs中的示例代码确实用类型
覆盖了声明"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier".
如果没有找到此声明,则没有找到loginInfo。
问题代码(Startup.Auth.cs):var nid = new ClaimsIdentity(
n.AuthenticationTicket.Identity.AuthenticationType,
Constants.ClaimTypes.GivenName, // "given_name"
Constants.ClaimTypes.Role // "role"
);
解决方案是保留原来的声明,像这样:
var nid = new ClaimsIdentity(
n.AuthenticationTicket.Identity,
n.AuthenticationTicket.Identity.Claims
);
我有一个类似的问题,虽然我没有想出为什么你有时可以验证并带回一个身份的声明的原因,但我确实通过下载和调试微软代码设法弄清楚为什么ExternalLoginInfo总是为空。
我的问题是在OpenIdConnectAuthenticationOptions中提供的ResponseType -我将其设置为OpenIdConnectResponseType。代码错误…将其设置为OpenIdConnectResponseType。CodeIdToken使其始终工作
这是我的Startup.Auth.vb源代码的副本:
Public Sub ConfigureAuth(app As IAppBuilder)
app.CreatePerOwinContext(AddressOf ApplicationDbContext.Create)
app.CreatePerOwinContext(Of ApplicationUserManager)(AddressOf ApplicationUserManager.Create)
app.CreatePerOwinContext(Of ApplicationSignInManager)(AddressOf ApplicationSignInManager.Create)
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType)
app.UseCookieAuthentication(New CookieAuthenticationOptions() With {
.AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
.Provider = New CookieAuthenticationProvider() With {
.OnValidateIdentity = SecurityStampValidator.OnValidateIdentity(Of ApplicationUserManager, ApplicationUser)(
validateInterval:=TimeSpan.FromMinutes(30),
regenerateIdentity:=Function(manager, user) user.GenerateUserIdentityAsync(manager))},
.LoginPath = New PathString("/Account/Login")})
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie)
Dim facebookOptions = New FacebookAuthenticationOptions With {
.AppId = ConfigurationManager.AppSettings("FacebookClientID"),
.AppSecret = ConfigurationManager.AppSettings("FacebookClientSecret"),
.Provider = New FacebookAuthenticationProvider With {
.OnAuthenticated = Function(context)
context.Identity.AddClaim(New Claim("Provider", "Facebook"))
context.Identity.AddClaim(New Claim("provider:name", context.Identity.FindFirstValue(ClaimTypes.Name)))
context.Identity.AddClaim(New Claim("provider:accesstoken", context.AccessToken, ClaimValueTypes.String, "Facebook"))
context.Identity.AddClaim(New Claim("provider:picture", String.Format("//graph.facebook.com/{0}/picture?type=square", context.User.Value(Of String)("id"))))
Dim email = context.Identity.FindFirstValue(ClaimTypes.Email)
If email IsNot Nothing Then
context.Identity.AddClaim(New Claim("provider:email", email))
Else
Dim fb = New Facebook.FacebookClient(context.AccessToken)
Dim myInfo = fb.Get("/me?fields=email")
email = myInfo("email")
If email IsNot Nothing Then
context.Identity.AddClaim(New Claim("provider:email", email))
Else
Throw New ArgumentNullException("myInfo.Email")
End If
End If
Return Task.FromResult(0)
End Function}}
facebookOptions.Scope.Add("email")
app.UseFacebookAuthentication(facebookOptions)
app.UseGoogleAuthentication(New GoogleOAuth2AuthenticationOptions() With {
.ClientId = ConfigurationManager.AppSettings("GoogleClientID"),
.ClientSecret = ConfigurationManager.AppSettings("GoogleClientSecret"),
.Provider = New GoogleOAuth2AuthenticationProvider With {.OnAuthenticated = Function(context)
context.Identity.AddClaim(New Claim("Provider", "Google"))
context.Identity.AddClaim(New Claim("provider:name", context.Identity.FindFirstValue(ClaimTypes.Name)))
context.Identity.AddClaim(New Claim("provider:email", context.Identity.FindFirstValue(ClaimTypes.Email)))
context.Identity.AddClaim(New Claim("provider:accesstoken", context.AccessToken, ClaimValueTypes.String, "Google"))
context.Identity.AddClaim(New Claim("provider:picture", context.User.SelectToken("image")?.Value(Of String)("url")))
Return Task.FromResult(0)
End Function}})
app.UseLinkedInAuthentication(New LinkedInAuthenticationOptions With {
.ClientId = ConfigurationManager.AppSettings("LinkedInClientID"),
.ClientSecret = ConfigurationManager.AppSettings("LinkedInClientSecret"),
.Provider = New LinkedInAuthenticationProvider With {.OnAuthenticated = Function(context)
context.Identity.AddClaim(New Claim("Provider", "LinkedIn"))
context.Identity.AddClaim(New Claim("provider:name", context.Name))
context.Identity.AddClaim(New Claim("provider:email", context.Email))
context.Identity.AddClaim(New Claim("provider:accesstoken", context.AccessToken, ClaimValueTypes.String, "LinkedIn"))
context.Identity.AddClaim(New Claim("provider:picture", context.User.SelectToken("pictureUrl").ToString))
Return Task.FromResult(0)
End Function}})
Dim oktaOptions = New OpenIdConnect.OpenIdConnectAuthenticationOptions With {
.AuthenticationType = "okta",
.SignInAsAuthenticationType = "Cookies",
.Authority = ConfigurationManager.AppSettings("okta:Authority"),
.ResponseType = Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectResponseType.CodeIdToken,
.ClientId = ConfigurationManager.AppSettings("okta:ClientId"),
.ClientSecret = ConfigurationManager.AppSettings("okta:ClientSecret"),
.RedirectUri = ConfigurationManager.AppSettings("okta:RedirectUri"),
.TokenValidationParameters = New Microsoft.IdentityModel.Tokens.TokenValidationParameters With {.ValidateIssuer = True},
.Scope = "openid profile email"
}
app.UseOpenIdConnectAuthentication(oktaOptions)
Dim auth0Options = New OpenIdConnect.OpenIdConnectAuthenticationOptions With {
.AuthenticationType = "auth0",
.SignInAsAuthenticationType = "Cookies",
.Authority = ConfigurationManager.AppSettings("auth0:Authority"),
.ResponseType = Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectResponseType.CodeIdToken,
.ClientId = ConfigurationManager.AppSettings("auth0:ClientId"),
.ClientSecret = ConfigurationManager.AppSettings("auth0:ClientSecret"),
.RedirectUri = ConfigurationManager.AppSettings("auth0:RedirectUri"),
.TokenValidationParameters = New Microsoft.IdentityModel.Tokens.TokenValidationParameters With {.ValidateIssuer = True},
.Scope = "openid profile email"
}
app.UseOpenIdConnectAuthentication(auth0Options)
app.MapSignalR
GlobalHost.DependencyResolver.Register(GetType(IUserIdProvider), Function() New MySignalRIdProvider())
End Sub