Sunday, April 3, 2016

WebApi2 Google OAuth2 middleware error response

By Hường Hana 11:00 AM , , Leave a Comment

For user authentication with external providers such as Google, it is using specific Owin middlewares. As for example Microsoft.Owin.Security.Google. WebAPI2 template uses this to support implicit flow authentication (response_type=token). But what about Code flow?

Is it possible to implement Code flow (response_type=code)?

After debugging those OAuth providers I noticed that passing return_type=code to Google, it successfully authenticates and returns json with access and refresh tokens, then user gets signed in by api/Account/ExternalLogin endpoint but at the end of the flow I get redirected to http://localhost:50321/?error=unsupported_response_type#.

I could not really find the flow where and why it is setting this specific error in the assembly.

Startup.Auth.cs looks like this:

public void ConfigureAuth(IAppBuilder app)     {         app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);          PublicClientId = "self";         var tokenTimeSpanInHours = ConfigurationManager.AppSettings["AccessTokenLifeTimeInHours"];          OAuthServerOptions = new OAuthAuthorizationServerOptions         {             Provider = new ApplicationOAuthProvider(PublicClientId),             TokenEndpointPath = new PathString("/api/token"),             AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),             AccessTokenExpireTimeSpan = TimeSpan.FromHours(Convert.ToInt16(tokenTimeSpanInHours)),             AllowInsecureHttp = true         };          app.UseOAuthBearerTokens(OAuthServerOptions);         var googleOAuthOptions = new GoogleOAuth2AuthenticationOptions         {             AccessType = "offline",             Provider = new CustomGoogleAuthProvider(),             ClientId = ConfigurationManager.AppSettings["GoogleAccountClientId"].ToString(),             ClientSecret = ConfigurationManager.AppSettings["GoogleAccountClientSecret"].ToString()                    };         googleOAuthOptions.Scope.Add("profile");         googleOAuthOptions.Scope.Add("email");         googleOAuthOptions.Scope.Add("https://www.googleapis.com/auth/gmail.send");         app.UseGoogleAuthentication(googleOAuthOptions);     }

Where is the problem then? Do I need some explicit configuration to tell that I want code flow? Is it supported?

0 Answers

If You Enjoyed This, Take 5 Seconds To Share It

0 comments:

Post a Comment