OAuth 2 in VNext - Githubissues

dotnet / aspnetcore

ASP.NET Core is a cross-platform .NET framework for building modern cloud-based web applications on Windows, Mac, or Linux.

https://asp.net

MIT License

35.43k stars 10.01k forks source link

OAuth 2 in VNext #232

Closed adarshk-schakra closed 9 years ago

adarshk-schakra commented 9 years ago

In VNext , I am trying to implement OAuth 2, I was able to use google authentication to login but not able to access the access token for further transactions. Could some one please help me out?

Basically i need google auhtentication for my web/mobile app nothing more BTW do i need to use Owin for the above? Can i use only "Microsoft.AspNet.Security.OAuth": "1.0.0-beta1", "Microsoft.AspNet.Security.Facebook": "1.0.0-beta1", "Microsoft.AspNet.Security.Google": "1.0.0-beta1",

Or Do i need to use Owin dlls, in VS 2013 i haven implement the same using Owin dlls "Microsoft.Owin.Security": "3.0.0", "Microsoft.Owin.Security.Google": "3.0.0",

Please let me know if you have any sample code where Oauth is implemented in vNext.

Thanks Adarsh

yishaigalatzer commented 9 years ago

@blowdart

blowdart commented 9 years ago

@Tratcher

(You shouldn't be using the Owin DLLs at all AFAIK)

Tratcher commented 9 years ago

Here are the OAuth2 samples: https://github.com/aspnet/Security/blob/dev/samples/SocialSample/Startup.cs

adarshk-schakra commented 9 years ago

Hi Guys ,

I was able to do OAuth 2 for web API but when i am trying to hit web api url from web site it is throwing and error message message.

I am able do CORS without authentication. Bascially i am using angular JS code and i have a website server and webAPI. WebApi takes care of authentication, So when i put authorize tag on top of web api controller in that case i am getting the following error

Error Message XMLHttpRequest cannot load https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=1345…SH7Dv8djSwm83272jQiuyPkzH5EhrIT76ou_NgSDHxskVMyhIAo-SxLPZ9ATd_eBRssOyjA6TQ

    No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is   therefore not allowed access.

If I remove the Authorize tag then CORS is working fine.

Could you please help me out here .

Thanks

PS You can also look at this https://github.com/aspnet/Home/issues/121 @Tratcher @blowdart

Tratcher commented 9 years ago

The OAuth2 middlewares use an interactive flow that is not well suited to WebAPIs. OAuth Bearer tokens would be more appropriate. That support is in the process of being ported from Katana.

Praburaj commented 9 years ago

The closest bug I can find for porting bearer tokens middleware is https://github.com/aspnet/Security/issues/40. JWT and AAD middleware will have a dependency on the bearer token middleware.

Praburaj commented 9 years ago

This bug seems to have no further action. I'm closing this down.