search

aspnet-contrib / AspNet.Security.OAuth.Providers

OAuth 2.0 social authentication providers for ASP.NET Core
Apache License 2.0
2.34k stars 533 forks source link

Unable to obtain authorization during callback after logging in using QQ #823

Closed wf-soft closed 4 months ago

wf-soft commented 5 months ago

After logging in with QQ authorization, in the Signin-Callback method 

await _httpContextAccessor.HttpContext.AuthenticateAsync(provider)

Failed in, I cannot find the problem, I only received a Not authenticated prompt,Is there any way to obtain more detailed prompts. And Gitee is working fine, Is this related to cookie configuration or not using HTTPS. This is my configuration.

public static class OAuthSetup
{
    public static void AddOAuth(this IServiceCollection services)
    {
        var authOpt = App.GetConfig<OAuthOptions>("OAuth", true);
        services.AddAuthentication(options =>
            {
                options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
            })
            .AddCookie(options =>
            {
                options.Cookie.SameSite = SameSiteMode.None;
                options.Cookie.SecurePolicy = CookieSecurePolicy.Always;

            })
            .AddWeixin(options =>
            {
                options.ClientId = authOpt.Weixin?.ClientId;
                options.ClientSecret = authOpt.Weixin?.ClientSecret;
            })
            .AddGitee(options =>
            {
                options.ClientId = authOpt.Gitee?.ClientId;
                options.ClientSecret = authOpt.Gitee?.ClientSecret;
                options.SaveTokens = true;
                options.ClaimActions.MapJsonKey(OAuthClaim.GiteeAvatarUrl, "avatar_url");
            }).AddQQ(options => {
                options.ClientId = authOpt.QQ.ClientId;
                options.ClientSecret = authOpt.QQ.ClientSecret;
                options.SaveTokens = true;
            });
    }

    public static void AddOAuth(this IApplicationBuilder app) {
        app.UseCookiePolicy(new CookiePolicyOptions {MinimumSameSitePolicy = SameSiteMode.Lax});
    }
}
martincostello commented 5 months ago

Have you tried turning up logging to debug and seeing if there's something logged about what's happening?

wf-soft commented 5 months ago

@martincostello I cannot find any more detailed information, including logs, only Not authenticated

{\"ClassName\":\"System.Exception\",\"Message\":\"Not authenticated\",\"Data\":null,\"InnerException\":null,\"HelpURL\":null,\"StackTraceString\":null,\"RemoteStackTraceString\":null,\"RemoteStackIndex\":0,\"ExceptionMethod\":null,\"HResult\":-2146233088,\"Source\":null,\"WatsonBuckets\":null}
LeaFrock commented 5 months ago

or not using HTTPS.

HTTPS is required, otherwise the browser will ignore the cookie from server.

Do you miss the scope config?

This lib has been working well for 2 years on our production. The following is a demo for reference.

                builder.AddQQ(opt =>
                {
                    // opt.SignInScheme = <YourCookieAuthenticationScheme>;
                    opt.ClientId = tencentQQLoginSetting.ClientId;
                    opt.ClientSecret = tencentQQLoginSetting.AppKey;
                    opt.Scope.Add(tencentQQLoginSetting.Scope);
                    // opt.ApplyForUnionId = true; // If you or your company has multiple apps on the QQ platform
                });