需求:OAuth2實現第三方網站授權並獲取其相關數據來實現登錄等功能
暫時支持Facebook ,LinkedIn ,基本大同小異,只是返回時的數據不同,需根據具體返回類型進行相應處理
1.OAuth2認證流程
OAuth2認證協議涉及3方(應用、用戶和服務方),加之流程較為繁瑣,實現命名不盡相同,
容易忘記和混淆,簡述認證流程如下
1、向使用OAuth2認證的服務方申請應用,獲取應用的client_id(應用唯一標識)和client_secret(應用私鑰)
2、使用key/secret向服務方請求用戶授權Token(code也就是authorization_code)
3、使用用戶授權Token換取用戶信息訪問Token(access_token ),
4、使用access_token(用戶信息訪問令牌)獲取相關信息
2.授權訪問流程
1、向第三方平台申請訪問權限得到(client_id和client_secret)
2、填寫Oauth2.0本站返回鏈接
3、向第三方平台發送授權請求
4、再返回url中進行業務潮處理
注意:申請的網址需要與實際訪問的url保持一致
3. AuthHelper代碼
public abstract class AuthHelper
{
public static AuthToken GetToken(string code, string token_url, string cliend_id, string client_secret, string return_url)
{
var strResult = GetTokenStr(code, token_url, cliend_id, client_secret, return_url);
try
{
var res = JsonConvert.DeserializeObject<AuthToken>(strResult);
return res;
}
catch (Exception ex)
{
Tool.Log.Write(ex.ToString());
}
return default(AuthToken);
}
/// <summary>
/// 向第三方平台發送獲取token請求
/// </summary>
/// <param name="code"></param>
/// <param name="token_url"></param>
/// <param name="cliend_id"></param>
/// <param name="client_secret"></param>
/// <param name="return_url"></param>
/// <returns></returns>
public static string GetTokenStr(string code, string token_url, string cliend_id, string client_secret, string return_url)
{
Dictionary<string, string> dicPara = new Dictionary<string, string>();
dicPara.Add("grant_type", "authorization_code");
dicPara.Add("code", code);
dicPara.Add("redirect_uri", return_url);
dicPara.Add("client_id", cliend_id);
dicPara.Add("client_secret", client_secret);
var token = WebApiHelper.PostResponseStr(token_url, dicPara);
return token;
}
/// <summary>
/// header中發送token
/// </summary>
/// <param name="accessToken"></param>
/// <param name="profile_url"></param>
/// <returns></returns>
public static string GetProFileAuth(string accessToken, string profile_url)
{
Dictionary<string, string> dicAuth = new Dictionary<string, string>();
dicAuth.Add("Authorization", "Bearer " + accessToken);
var profile = WebApiHelper.GetResponseStr(profile_url, null, dicAuth);
return profile;
}
/// <summary>
/// get方式獲取token
/// </summary>
/// <param name="accessToken"></param>
/// <param name="profile_url"></param>
/// <returns></returns>
public static string GetProFileStr(string accessToken, string profile_url)
{
Dictionary<string, string> dicQuery = new Dictionary<string, string>();
dicQuery.Add("access_token", accessToken);
var profile = WebApiHelper.GetResponseStr(profile_url, dicQuery, null);
return profile;
}
}
4.返回業務處理
public ActionResult ReturnLinkedin()
{
string description = string.Empty;
string code = RequestString("code");
string state = RequestString("state");
string error = RequestString("error");
string error_description = RequestString("error_description");
if (code == "" || error != "")
{
if (code == "user_cancelled_authorize" || code == "user_cancelled_login ")
{
description = code;
}
else
description = error != "" ? error_description : "no authentication !";
}
else
{
var res = Tools.Auth.LinkinHelper.GetToken(code, Tools.Auth.LinkinConfig.ReturnUrl);
if (res.access_token != "")
{
var entity = Tools.Auth.LinkinHelper.GetProFileStr(res.access_token, Tools.Auth.LinkinConfig.ProfileResourceUrl);
description = entity;
/***具體業務處理
**/
}
else
{
description = "access token error";
}
}
ViewBag.Description = description;
return View();
}
Github地址:https://github.com/willianchen/Chml.Oauth
第一次發博客 ,有疑問或者有建議的請留言
