search

IdentityServer / IdentityServer3

OpenID Connect Provider and OAuth 2.0 Authorization Server Framework for ASP.NET 4.x/Katana
https://identityserver.github.io/Documentation/
Apache License 2.0
2.01k stars 763 forks source link

Custom user service doesn't work with Facebook as external login provider. #3907

Closed smurfolan closed 6 years ago

smurfolan commented 6 years ago

I have downloaded Microsoft.Owin.Security.Facebook package in order to be able to integrate Facebook as external login provider. I have added it to the app builder as follows:

var fbOptions = new FacebookAuthenticationOptions()
{
    AuthenticationType = "Facebook",
    Caption = "Facebook",
    SignInAsAuthenticationType = signInAsType,
    AppId = "17*****************5",
    AppSecret = "3a*****************************16",
    Provider = new FacebookAuthenticationProvider()
    {
        OnAuthenticated = (context) =>
        {
            return Task.FromResult(0);
        }
    },
};

app.UseFacebookAuthentication(fbOptions);

And, of course, in https://developers.facebook.com I have registered my app in order to obtain App ID and App secret. I have registred the custom user service in the standart way:

public class CustomUserService : UserServiceBase
{
        ....
        // gets called whenever the user uses external identity provider to authenticate
        // now we will try to map external user to a local user
        public override Task AuthenticateExternalAsync(ExternalAuthenticationContext context)
        .... 
}

And then in Startup.cs:

// use custom user service
var customUserService = new CustomUserService();
idServerServiceFactory.UserService = new Registration<IUserService>(resolver => customUserService);

In the login screen I have Facebook as an option. I can select it, I can navigate to it and successfully enter my credentials. The problem happens right after I get back from Facebook to my Identity Server 3 implementation.

The message in the browser is: There was an error logging into the external provider. The error message is: access_denied

Browser url is: https://localhost:44317/identity/callback?error=access_denied#_=_

And the one from the logs:

iisexpress.exe Information: 0 : 2017-12-07 17:44:26.687 +02:00 [Information] User is not authenticated. Redirecting to login.
iisexpress.exe Information: 0 : 2017-12-07 17:44:26.694 +02:00 [Information] End authorize request
iisexpress.exe Information: 0 : 2017-12-07 17:44:26.701 +02:00 [Information] Redirecting to login page
iisexpress.exe Information: 0 : 2017-12-07 17:44:26.796 +02:00 [Information] Login page requested
iisexpress.exe Information: 0 : 2017-12-07 17:44:26.834 +02:00 [Information] rendering login page
iisexpress.exe Information: 0 : 2017-12-07 17:44:28.425 +02:00 [Information] External login requested for provider: "Facebook"
iisexpress.exe Information: 0 : 2017-12-07 17:44:28.427 +02:00 [Information] Triggering challenge for external identity provider
iisexpress.exe Information: 0 : 2017-12-07 17:44:49.508 +02:00 [Information] Callback invoked from external identity provider
iisexpress.exe Error: 0 : 2017-12-07 17:44:49.508 +02:00 [Error] External identity provider returned error: "access_denied"

NOTE: I never hit a breakpoint inside of public override Task AuthenticateExternalAsync(ExternalAuthenticationContext context)

If it is going to help, I am running the instance of Identity Sever 3 on localhost.

brockallen commented 6 years ago

This repository is no longer in active development or maintenance, other than reported security vulnerabilities.

If you have questions and are seeking free support, see here for more details.

If you require commercial support, see here for more details.