当前位置: 文江博客话题详情

DotNetOpenAuth 声称来自 Facebook 的标识符永远不会相同

发布于 2024-12-06 02:01:00 字数 3136 浏览 0 评论 0原文

我正在使用 DotNetOpenAuth v3.5.0.10357,每次用户针对 Facebook 进行身份验证时,我都会得到一个不同的声明标识符。该令牌看起来是加密的,因此我假设 DNOA 以某种方式对令牌及其过期时间进行加密。谁能证实这一点吗?还是我使用错误:

    public ActionResult FacebookLogOn(string returnUrl)
    {
        IAuthorizationState authorization = m_FacebookClient.ProcessUserAuthorization();
        if (authorization == null)
        {
            // Kick off authorization request
            return new FacebookAuthenticationResult(m_FacebookClient, returnUrl);
        }
        else
        {
            // TODO: can we check response status codes to see if request was successful?
            var baseTokenUrl = "https://graph.facebook.com/me?access_token=";
            var requestUrl = String.Format("{0}{1}", baseTokenUrl, Uri.EscapeDataString(authorization.AccessToken));
            var claimedIdentifier = String.Format("{0}{1}", baseTokenUrl, authorization.AccessToken.Split('|')[0]);

            var request = WebRequest.Create(requestUrl);
            using (var response = request.GetResponse())
            {
                using (var responseStream = response.GetResponseStream())
                {
                    var graph = FacebookGraph.Deserialize(responseStream);
                    var token = RelyingPartyLogic.User.ProcessUserLogin(graph, claimedIdentifier);
                    this.FormsAuth.SignIn(token.ClaimedIdentifier, false);
                }
            }

            return RedirectAfterLogin(returnUrl);
        }
    }

这是 FacebookAuthenticationResult 的代码:

    public class FacebookAuthenticationResult : ActionResult
{
    private FacebookClient m_Client;
    private OutgoingWebResponse m_Response;

    public FacebookAuthenticationResult(FacebookClient client, string returnUrl)
    {
        m_Client = client;

        var authorizationState = new AuthorizationState(new String[] { "email" });
        if (!String.IsNullOrEmpty(returnUrl))
        {
            var currentUri = HttpContext.Current.Request.Url;
            var path = HttpUtility.UrlDecode(returnUrl);

            authorizationState.Callback = new Uri(String.Format("{0}?returnUrl={1}", currentUri.AbsoluteUri, path));

        }
        m_Response = m_Client.PrepareRequestUserAuthorization(authorizationState);
    }

    public FacebookAuthenticationResult(FacebookClient client) : this(client, null) { }

    public override void ExecuteResult(ControllerContext context)
    {
        m_Response.Send();
    }
}

另外,我正在使用 DNOA 示例中包含的 RelyingPartyLogic 项目,但我为 facebook 特有的 ProcessUserLogin 添加了一个重载:

    public static AuthenticationToken ProcessUserLogin(FacebookGraph claim, string claimedIdentifier)
    {
        string name = claim.Name;
        string email = claim.Email;
        if (String.IsNullOrEmpty(name))
            name = String.Format("{0} {1}", claim.FirstName, claim.LastName).TrimEnd();
        return ProcessUserLogin(claimedIdentifier, "http://facebook.com", email, name, claim.Verified);
    }

看起来好像 FacebookClient 继承自 WebServerClient 但我看起来对于 GitHub 上的源代码,我没有看到与相应 v3.5 版本相关(或至少没有标记)的分支或标签。

原文

I'm using DotNetOpenAuth v3.5.0.10357 and each time a user authenticates against Facebook I get a different claimed identifier back. The token looks to be encrypted so I assume DNOA is somehow encrypting the token along with the expiry. Can anyone confirm this? Or am I using it wrong:

    public ActionResult FacebookLogOn(string returnUrl)
    {
        IAuthorizationState authorization = m_FacebookClient.ProcessUserAuthorization();
        if (authorization == null)
        {
            // Kick off authorization request
            return new FacebookAuthenticationResult(m_FacebookClient, returnUrl);
        }
        else
        {
            // TODO: can we check response status codes to see if request was successful?
            var baseTokenUrl = "https://graph.facebook.com/me?access_token=";
            var requestUrl = String.Format("{0}{1}", baseTokenUrl, Uri.EscapeDataString(authorization.AccessToken));
            var claimedIdentifier = String.Format("{0}{1}", baseTokenUrl, authorization.AccessToken.Split('|')[0]);

            var request = WebRequest.Create(requestUrl);
            using (var response = request.GetResponse())
            {
                using (var responseStream = response.GetResponseStream())
                {
                    var graph = FacebookGraph.Deserialize(responseStream);
                    var token = RelyingPartyLogic.User.ProcessUserLogin(graph, claimedIdentifier);
                    this.FormsAuth.SignIn(token.ClaimedIdentifier, false);
                }
            }

            return RedirectAfterLogin(returnUrl);
        }
    }

Here's the code for FacebookAuthenticationResult:

    public class FacebookAuthenticationResult : ActionResult
{
    private FacebookClient m_Client;
    private OutgoingWebResponse m_Response;

    public FacebookAuthenticationResult(FacebookClient client, string returnUrl)
    {
        m_Client = client;

        var authorizationState = new AuthorizationState(new String[] { "email" });
        if (!String.IsNullOrEmpty(returnUrl))
        {
            var currentUri = HttpContext.Current.Request.Url;
            var path = HttpUtility.UrlDecode(returnUrl);

            authorizationState.Callback = new Uri(String.Format("{0}?returnUrl={1}", currentUri.AbsoluteUri, path));

        }
        m_Response = m_Client.PrepareRequestUserAuthorization(authorizationState);
    }

    public FacebookAuthenticationResult(FacebookClient client) : this(client, null) { }

    public override void ExecuteResult(ControllerContext context)
    {
        m_Response.Send();
    }
}

Also, I am using the RelyingPartyLogic project included in the DNOA samples, but I added an overload for ProcessUserLogin that's specific to facebook:

    public static AuthenticationToken ProcessUserLogin(FacebookGraph claim, string claimedIdentifier)
    {
        string name = claim.Name;
        string email = claim.Email;
        if (String.IsNullOrEmpty(name))
            name = String.Format("{0} {1}", claim.FirstName, claim.LastName).TrimEnd();
        return ProcessUserLogin(claimedIdentifier, "http://facebook.com", email, name, claim.Verified);
    }

It looks as though FacebookClient inherits from WebServerClient but I looked for the source on GitHub and I don't see a branch or a tag related (or at least not labeled) with the corresponding v3.5 version.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

埋情葬爱 2024-12-13 02:01:00

Facebook 不支持 OpenID。声明的标识符是一个 OpenID 术语。 Facebook 使用 OAuth 2.0,因此您混淆了 OpenID 和 OAuth。

Facebook 每次都会发送不同的访问令牌,这对于 OAuth 协议来说是正常的。您必须使用访问令牌来查询 Facebook,以获取每次访问时都一致的用户 ID。

Facebook does not support OpenID. Claimed Identifier is an OpenID term. Facebook uses OAuth 2.0, so you're mixing up OpenID and OAuth.

Facebook sends a different access token every time, which is normal for the OAuth protocol. You have to use the access token to query Facebook for the user id that is consistent on every visit.

回复 原文
知你几分 2024-12-13 02:01:00

我认为您还需要在令牌请求中添加离线访问权限,请参阅 https:// /developers.facebook.com/docs/reference/api/permissions/

I think you need to add the offline_access permission in the token request as well, see https://developers.facebook.com/docs/reference/api/permissions/

回复 原文
~没有更多了~

关于作者

迟到的我

暂无简介

0 文章
0 评论
24 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

離殇

文章 0 评论 0

小姐丶请自重

文章 0 评论 0

Aik

文章 0 评论 0

国产ˉ祖宗

文章 0 评论 0

猥琐帝

文章 0 评论 0

半仙

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文