Menu
I am in the process of creating a mobile app that allows users to log in via Facebook. Once logged in, the app holds on to a Bearer token used to make further requests. I am attempting to pass this token along to a C# .Net Core API. I'm attempting to write as little auth code as possible as doing it myself is prone to huge security issues.
Currently my code in Startup.cs looks like this:
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) {
app.UseJwtBearerAuthentication(new JwtBearerOptions {
AuthenticationScheme = "Bearer",
});
app.UseFacebookAuthentication(new FacebookOptions {
AppId = "****",
AppSecret = "****",
SignInScheme = "Bearer"
});
app.UseMvc();
}
With this, all requests return 401, even with a valid Bearer token. Now I'm not 100% sure UseJwtBearerAuthentication is even compatible with UseFacebookAuthentication, and if it is I'm sure I'm missing some code here. What steps should I take to get this working?
336
Authentication schemes are specified by registering authentication services in Startup. ConfigureServices : By calling a scheme-specific extension method after a call to AddAuthentication (such as AddJwtBearer or AddCookie, for example). These extension methods use AuthenticationBuilder.
JWT authentication is a standard way for protecting APIs - it's adept at verifying the data that's transmitted over the wire between APIs and the clients that consume the APIs. You can even safely pass claims between the communicating parties as well.
OAuth is generally used by websites or applications like Facebook, Google, Twitter and Microsoft, all of which have a humongous user database.
I've posted some day ago the same question but I didn't received any answer. Anyway, googling, I've found the only (?) possible solution. When your client logged into Facebook, you have to send your Facebook token to a custom endpoint of your server. This endpoint shall:
ExternalLoginSignInAsync method of SignInManager<User> class: var result = await _signInManager.ExternalLoginSignInAsync(provider, userId, isPersistent: false); where userId is the Facebook id userhttps://graph.facebook.com/{userId} endpointawait _userManager.AddLoginAsync(user, userLoginInfo);, where userLoginInfo should contains the provider (Facebook), userId (Facebook user Id) and application(your app name)await _signInManager.SignInAsync(user, false); to sign the userYou can get the user from the database using _userManager.FindByIdAsync(userId);
Now your API can returns a token that will be accepted as Authorization header
105
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
