How to get additional fields using the Facebook provider in ASP.NET Core RC1?

Question

I'm using ASP.NET core RC1 (and can't upgrade to the not yet release RC2 nightly builds because of the lack of VS support in RC2).

I'm trying to get additional fields from Facebook (first_name, last_name, email and significant_other).

I used the code suggested on Github:

app.UseFacebookAuthentication(options =>
{
    options.AppId = Configuration["Authentication:Facebook:AppId"];
    options.AppSecret = Configuration["Authentication:Facebook:AppSecret"];
    options.Scope.Add("email");
    options.Scope.Add("user_relationships");
    options.BackchannelHttpHandler = new HttpClientHandler();
    options.UserInformationEndpoint = 
        "https://graph.facebook.com/v2.5/me?fields=id,email,first_name,last_name,significant_other";

This solution indeed returns the email of the user, but fails with first_name, last_name and significant_other (and any other field I tried besides name, id and email).

Also, is it possible getting the FB access token? We might need it for future querying of other edges, or use it to manually query Facebook because ASP.NET Core has a bug (at least in RC1).

I need a way, even if not the cleanest.

Answer 1

I'm trying to get additional fields from Facebook (first_name, last_name, email and significant_other). This solution indeed returns the email of the user, but fails with first_name, last_name and significant_other (and any other field I tried besides name, id and email).

In RC1, the Facebook middleware automatically stores the email as a claim, but not the first name or last name so you need to manually extract them using the event model if you want to be able to retrieve from application code:

app.UseFacebookAuthentication(options => {
    options.Events = new OAuthEvents {
        OnCreatingTicket = context => {
            var surname = context.User.Value<string>("last_name");
            context.Identity.AddClaim(new Claim(ClaimTypes.Surname, surname));

            return Task.FromResult(0);
        }
    };
});

In RC2, custom code won't be necessary, as the first name/last name are now included by default: https://github.com/aspnet/Security/issues/688.

---

Also, is it possible getting the FB access token? We might need it for future querying of other edges, or use it to manually query Facebook because ASP.NET Core has a bug (at least in RC1).

You can use the SaveTokensAsClaims option to store the access/refresh tokens as claims (enabled by default in RC1). If you need more information about this feature, you can take a look the PR that introduced it: https://github.com/aspnet/Security/pull/257.

app.UseFacebookAuthentication(options => {
    options.SaveTokensAsClaims = true;
});

You can retrieve it like any other claim:

var token = User.FindFirst("access_token")?.Value

Note: in RC2, this feature was revamped and tokens won't be stored in claims but in authentication properties: https://github.com/aspnet/Security/pull/698.

Answer 2

Update to @Pinpoint answer: current version doesn't have SaveTokensAsClaims option anymore. Instead, now there is a SaveTokens option:

Defines whether access and refresh tokens should be stored in the Http.Authentication.AuthenticationProperties after a successful authorization. This property is set to false by default to reduce the size of the final authentication cookie.

Note, that by default it is false and don't store in Claims. AuthenticationTokenExtensions class has been added

To get those tokens then, you may use one of the GetToken extension method defined in AuthenticationTokenExtensions class. For example in controller action method the following code should work:

var token = await HttpContext.Authentication.GetTokenAsync("access_token");

Related links from github:

• What happened to SaveTokensAsClaims property?
• Save tokens in auth properties instead of claims