猿问

回到首页 个人中心 反馈问题 注册登录
下载APP
首页 课程 实战 体系课 手记 专栏 慕课教程

ASP.NET Core 2.x google 身份验证获取 id_token

我正在为我的 asp.net mvc 应用程序使用 Google 身份验证。我将 Google 添加到我的 Startup.cs 类中:


services.AddAuthentication(options =>

{

    options.DefaultAuthenticateScheme = GoogleDefaults.AuthenticationScheme;

    options.DefaultChallengeScheme = GoogleDefaults.AuthenticationScheme;

})

.AddGoogle(googleOptions =>

{

    googleOptions.ClientId = _configuration["Authentication:Google:ClientId"];

    googleOptions.ClientSecret = _configuration["Authentication:Google:ClientSecret"];

    googleOptions.SaveTokens = true;

});

我可以使用这个从控制器获取 access_token:


var token = await HttpContext.GetTokenAsync("access_token").ConfigureAwait(false);

我需要 id_token 像这样对我的自定义后端应用程序进行身份验证。我尝试使用此代码,但结果为空。


var token = await HttpContext.GetTokenAsync("id_token").ConfigureAwait(false);

是否有可能以某种方式获得 id_token?


三国纷争
浏览 214回答 2
2回答

冉冉说

默认情况下,Google 身份验证实现使用response_type=code.&nbsp;有了这个流程,你就没有id_token回应了。拥有它,response_type应该是response_type=code id_token(从这里)。您可以BuildChallengeUrl在派生YourGoogleHandler类中覆盖该方法,并将 DI 注册从 更改.AddGoogle()为.AddOAuth<GoogleOptions,&nbsp;YourGoogleHandler> &nbsp;&nbsp;(GoogleDefaults.AuthenticationScheme,&nbsp;GoogleDefaults.DisplayName,&nbsp;googleOptions)(代码取自Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs
0

沧海一幻觉

对我有用的解决方案..&nbsp;services.AddAuthentication()&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;.AddOpenIdConnect(GoogleDefaults.AuthenticationScheme,&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;GoogleDefaults.DisplayName,&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;options =>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;{&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;options.Authority =&nbsp; "https://accounts.google.com";&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;options.ClientId = googleOAuthSettings.ClientId;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;options.ClientSecret = googleOAuthSettings.ClientSecret;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;options.ResponseType = OpenIdConnectResponseType.IdToken;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;options.CallbackPath =&nbsp; "signin-google";&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;options.SaveTokens = true; //this has to be true to get the token value&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;options.Scope.Add("email");&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;});Google OAuth 的 OpenIdConnect 提供程序允许我们自定义 ResponseType。根据链接,OpenIdConnectHandler 似乎实现了 IAuthenticationSignOutHandler。所以这就是为什么无论发现文档中有什么(支持或不支持结束会话端点),如果您使用 AddOpenIdConnect(...),它将始终注册一个看似支持注销的处理程序。如果您正在使用任何 IdentityServer4 快速入门,那么您可以通过检查 AccountService.cs --> BuildLoggedOutViewModelAsync 方法中的条件来消除该错误。var providerSupportsSignOut = await _httpContextAccessor.HttpContext.GetSchemeSupportsSignOutAsync(idp)在这里,我们可以添加额外的检查,如: idp != Google.
0
打开App,查看更多内容
随时随地看视频慕课网APP

相关分类

C#
typedef入门问题 1 回答