需求:OAuth2实现第三方网站授权并获取其相关数据来实现登录等功能
暂时支持Facebook ,LinkedIn ,基本大同小异,只是返回时的数据不同,需根据具体返回类型进行相应处理
1.OAuth2认证流程
OAuth2认证协议涉及3方(应用、用户和服务方),加之流程较为繁琐,实现命名不尽相同,
容易忘记和混淆,简述认证流程如下
1、向使用OAuth2认证的服务方申请应用,获取应用的client_id(应用唯一标识)和client_secret(应用私钥)
2、使用key/secret向服务方请求用户授权Token(code也就是authorization_code)
3、使用用户授权Token换取用户信息访问Token(access_token ),
4、使用access_token(用户信息访问令牌)获取相关信息
2.授权访问流程
1、向第三方平台申请访问权限得到(client_id和client_secret)
2、填写Oauth2.0本站返回链接
3、向第三方平台发送授权请求
4、再返回url中进行业务潮处理
注意:申请的网址需要与实际访问的url保持一致
3. AuthHelper代码
public abstract class AuthHelper
{
public static AuthToken GetToken(string code, string token_url, string cliend_id, string client_secret, string return_url)
{
var strResult = GetTokenStr(code, token_url, cliend_id, client_secret, return_url);
try
{
var res = JsonConvert.DeserializeObject<AuthToken>(strResult);
return res;
}
catch (Exception ex)
{
Tool.Log.Write(ex.ToString());
}
return default(AuthToken);
} /// <summary>
/// 向第三方平台发送获取token请求
/// </summary>
/// <param name="code"></param>
/// <param name="token_url"></param>
/// <param name="cliend_id"></param>
/// <param name="client_secret"></param>
/// <param name="return_url"></param>
/// <returns></returns>
public static string GetTokenStr(string code, string token_url, string cliend_id, string client_secret, string return_url)
{
Dictionary<string, string> dicPara = new Dictionary<string, string>();
dicPara.Add("grant_type", "authorization_code");
dicPara.Add("code", code);
dicPara.Add("redirect_uri", return_url);
dicPara.Add("client_id", cliend_id);
dicPara.Add("client_secret", client_secret); var token = WebApiHelper.PostResponseStr(token_url, dicPara);
return token;
} /// <summary>
/// header中发送token
/// </summary>
/// <param name="accessToken"></param>
/// <param name="profile_url"></param>
/// <returns></returns>
public static string GetProFileAuth(string accessToken, string profile_url)
{
Dictionary<string, string> dicAuth = new Dictionary<string, string>();
dicAuth.Add("Authorization", "Bearer " + accessToken);
var profile = WebApiHelper.GetResponseStr(profile_url, null, dicAuth);
return profile;
}
/// <summary>
/// get方式获取token
/// </summary>
/// <param name="accessToken"></param>
/// <param name="profile_url"></param>
/// <returns></returns>
public static string GetProFileStr(string accessToken, string profile_url)
{
Dictionary<string, string> dicQuery = new Dictionary<string, string>();
dicQuery.Add("access_token", accessToken);
var profile = WebApiHelper.GetResponseStr(profile_url, dicQuery, null);
return profile;
}
}
4.返回业务处理
public ActionResult ReturnLinkedin()
{
string description = string.Empty; string code = RequestString("code");
string state = RequestString("state");
string error = RequestString("error");
string error_description = RequestString("error_description");
if (code == "" || error != "")
{
if (code == "user_cancelled_authorize" || code == "user_cancelled_login ")
{
description = code;
}
else
description = error != "" ? error_description : "no authentication !";
}
else
{
var res = Tools.Auth.LinkinHelper.GetToken(code, Tools.Auth.LinkinConfig.ReturnUrl);
if (res.access_token != "")
{
var entity = Tools.Auth.LinkinHelper.GetProFileStr(res.access_token, Tools.Auth.LinkinConfig.ProfileResourceUrl);
description = entity;
/***具体业务处理
**/
}
else
{
description = "access token error";
}
}
ViewBag.Description = description;
return View();
}
Github地址:https://github.com/willianchen/Chml.Oauth
第一次发博客 ,有疑问或者有建议的请留言