I am new to OAuth verification and I have run out of options here because when I try to access the Google's OAuth screen it never provides me with the access code. I can access the login screen and then either if I choose Allow or Deny it gives me a success message. There is no error but sometimes it gives an exception of invalid protocol but I don't know why is that.
I am trying to get help from here and also from here, but nothing is working.
The code that I am using is below:
string state = GenerateRandomBase64Url(32);
string code_verifier = GenerateRandomBase64Url(32);
string code_challenge = GenerateBase64urlencodeNoPadding(sha256(code_verifier));
string clientID = "1037832553054-2ktd0l6dop546i1ti312r2doi63sglfe.apps.googleusercontent.com";
string redirectURI = "uwp.app:/oauth2redirect";
string authorizationEndpoint = "https://accounts.google.com/o/oauth2/v2/auth";
string tokenEndpoint = "https://www.googleapis.com/oauth2/v4/token";
string userInfoEndpoint = "https://www.googleapis.com/oauth2/v3/userinfo";
string youtubeScope = "https://www.googleapis.com/auth/youtube";
string code_challenge_method = "S256";
ApplicationDataContainer localSettings = ApplicationData.Current.LocalSettings;
localSettings.Values["state"] = state;
localSettings.Values["code_verifier"] = code_verifier;
string authorizationRequest = string.Format($#"{authorizationEndpoint}?response_type=code&scope={Uri.EscapeDataString(youtubeScope)}&redirect_uri={Uri.EscapeDataString(redirectURI)}&client_id={clientID}&state={state}&code_challenge={code_challenge}&code_challenge_method={code_challenge_method}&login_hint={EmailBox.Text.Trim()}");
string endURL = "https://accounts.google.com/o/oauth2/approval?";
// I don't know if this is actually valid because google says that this Url is not available
Uri startURI = new Uri(authorizationRequest);
Uri endURI = new Uri(endURL);
string result = string.Empty;
try
{
//var success = Windows.System.Launcher.LaunchUriAsync(new Uri(authorizationRequest));
WebAuthenticationResult webAuthenticationResult = await WebAuthenticationBroker.AuthenticateAsync(WebAuthenticationOptions.None, startURI, endURI);
switch (webAuthenticationResult.ResponseStatus)
{
// Successful authentication.
case WebAuthenticationStatus.Success:
result = webAuthenticationResult.ResponseData.ToString();
break;
// HTTP error.
case WebAuthenticationStatus.ErrorHttp:
result = webAuthenticationResult.ResponseErrorDetail.ToString();
break;
default:
result = webAuthenticationResult.ResponseData.ToString();
break;
}
}
catch (Exception ex)
{
result = ex.Message;
}
response.Text = result;
// the string that I get looks like this
// https://accounts.google.com/o/oauth2/approval?as=410b4db829b95fce&pageId=none&xsrfsign=AMt42IIAAAAAWO9e-l2loPR2RJ4_HzjfNiGJbiESOyoh
I don't know if this is the right way to do it in UWP apps. Furthermore the string that I get from the result is rather just a Url and it doesn't include anything that would be considered as code as described in Google examples.
So can someone point out what I am doing wrong here? This should be simple but I don't know what I am doing wrong. Thanks
I am not sure as to how I managed to solve the problem last time as my comment suggested. WebAuthenticationBroker in UWP does not work that way anymore or at least I think so. It actually asks for a startURL and a callbackURL.
I came across the same problem, as in my question, yesterday and I solved it through putting my app's redirectUri in the place of callbackURL and WebAuthenticationBroker does not throw an exception anymore and it provides a successful result.
So to solve the problem, this is how you would do it:
string redirectURI = "uwp.app:/oauth2redirect";
Uri startURI = new Uri(authorizationRequest); // as in the question
Uri endURI = new Uri(redirectUri); // change to 'redirectUri'
WebAuthenticationResult webAuthenticationResult = await WebAuthenticationBroker.AuthenticateAsync(WebAuthenticationOptions.None, startURI, endURI);
switch(webAuthenticationResult.ResponseStatus)
{
case WebAuthenticationStatus.Success:
break;
}
I hope it helps someone out there. Thanks
Related
I am developing a site where the users will be able to click a "Forgot My Password" button to reset their passwords.
Currently, once the email has been validated, the following code should generate a token to be emailed to the user:
if(validUser != null)
{
var generationTime = DateTime.Now;
var pwToken = await _userManager.GeneratePasswordResetTokenAsync(validUser);
await _userManager.UpdateAsync(validUser);
var url = $"https://{Request.Host}/verify/{HttpUtility.UrlEncode(pwToken)}";
//EmailHelper.SendMagicLinkEmail(validUser, url, Request);
return new RedirectResult("/");
}
All information online regarding this seems to suggest that this is the way to do things. I have set up the Default token providers in the Startup.csfile too:
identityOptions: o => {
o.User.RequireUniqueEmail = true;
o.Tokens.PasswordResetTokenProvider = TokenOptions.DefaultProvider;
o.Tokens.EmailConfirmationTokenProvider = TokenOptions.DefaultProvider;
},
Yet when a token is generated it produces a large token such as this:
CfDJ8CnvAYtZf+1IjXpKUM7+umDYEaImg2SPFglPX3Y8RmYpEfg5zpK8xL54lvlbJUd54CaIzzYlff/GU+xKKS8mmG5UdC1zdk24nOsJNpIlmC3P5V72BchS4P9DGFTR77XiKbMAAYymnMomS2zCdTKh+E4bn9RI6FVinMecG1HR7nSHmOI2McbXHBFTanI/0uwxH5WI/Dj4AFTBP39ni7mfKkeWz2nJ5pTemELJJ6pYP50+
The problem here is obviously the forward slashes, which cause issues with routing so are encoded out here:
var url = $"https://{Request.Host}/verify/{HttpUtility.UrlEncode(pwToken)}";
The problem is that even with that, .Net Core seems to un-encode it and produce the following error when the generated link is accessed:
This error isn't necessarily the issue, and I do understand it's importance. Yet I can't seem to find any explanation as to why this token is behaving this way. All online examples seem to produce a fairly standard GUID style token, not something such as this.
Does anyone know why this might be happening?
Cheers
You may want to try the Url.Action() method:
Example:
var token = userManager.GeneratePasswordResetTokenAsync(user).Result;
var resetLink = Url.Action("ResetPassword","Account", new { token = token }, protocol: HttpContext.Request.Scheme);
var message = "Click here to reset your password";
//Then send your message to the user
Note in the example above the email must be HTML for the link to work
The token looks fairly normal to me.
I think the URL encoding method you'd want to use is Uri.EscapeDataString. What I've personally done is using a UriBuilder and escaped the query string values (in this case for email confirmation):
var uriBuilder = new UriBuilder
{
Scheme = "https",
Host = "my.website.com",
Path = "/confirmEmail",
Query = $"email={Uri.EscapeDataString(email)}&token={Uri.EscapeDataString(token)}"
};
var fullUrl = uriBuilder.Uri.AbsoluteUri;
For you that'd be:
var uriBuilder = new UriBuilder
{
Scheme = "https",
Host = Request.Host,
Path = $"/verify/{Uri.EscapeDataString(pwToken)}"
};
var fullUrl = uriBuilder.Uri.AbsoluteUri;
I am trying to build a C# application that queries my google contacts,and prints them to console.
The email address is :bhmi12#gmail.com
excellent is the name of the google app.
I have two problems:
The First Problem every time i run the app i have to call:
string url = OAuthUtil.CreateOAuth2AuthorizationUrl(parameters);
surf to the URL and get a new AccessCode even that google claims u only have to do it once. and then u get an access token.
The second Problem is that this code doesnt work, when it goes to PrintAllContacts it failes under a wierd exception:
There is some error in your request thats all we know"(the google response
to my request).
Is this the right way to write the scope?
thanks very much.
The code:
{
OAuth2Parameters parameters = new OAuth2Parameters();
parameters.ClientId = #"my id";
parameters.ClientSecret = #"my secret";
parameters.RedirectUri = #"urn:ietf:wg:oauth:2.0:oob";
parameters.ResponseType="code";
parameters.Scope = #"https://www.google.com/m8/feeds/contacts/bhmi12%40gmail.com/full";
//string url = OAuthUtil.CreateOAuth2AuthorizationUrl(parameters);
parameters.AccessCode = #"";
try
{
OAuthUtil.GetAccessToken(parameters);
//OAuthUtil.RefreshAccessToken(parameters);
var contacts = new ContactsRequest(new RequestSettings("excellent", parameters));
PrintAllContacts(contacts);
}
catch (GDataRequestException e)
{
Console.WriteLine("Operation failed ({0}): {1}", e.Message, e.ResponseString);
}
}
No. The scope is the following constant string value that looks like a URL:
"https://www.googleapis.com/auth/contacts.readonly"
If you intend to modify the user's contacts, then use this instead:
"https://www.google.com/m8/feeds"
Reference: https://developers.google.com/google-apps/contacts/v3/#authorizing_requests_with_oauth_20
After the great news about Facebook and Microsoft support Facebook SSO I have tried to implement this in a winrt/xaml/c# app for windows 8.1, however I cannot get it to work.
I have registered the app with facebook and set the app's SID in the app's settings.
This is the login code:
Uri sid = WebAuthenticationBroker.GetCurrentApplicationCallbackUri();
string callbackURL = sid.ToString();
String facebookURL = "https://www.facebook.com/dialog/oauth?client_id=" + Uri.EscapeDataString(AppId) + "&display=touch&response_type=token&scope=publish_stream&redirect_uri=" + Uri.EscapeDataString(callbackURL);
var startUri = new Uri(facebookURL);
WebAuthenticationResult result = await WebAuthenticationBroker.AuthenticateAsync(WebAuthenticationOptions.None, startUri);
This will open the Facebook login dialog, I can log in, and the next dialog says "You have already authorized .
But clicking on the "Okay" or "Skip" buttons gives no response back to my app. AuthenticateAsync() never returns.
If I change the &display parameter to "touch" it works, but this is not what I want since it shows a mobile login web page not designed for this purpose.
What is wrong ?
this issue has been resolved. Can you please give this a try and let us know if you are still seeing the issue?
Yes, now it works :-)
This is the code I use, and it works fine:
Uri sid = WebAuthenticationBroker.GetCurrentApplicationCallbackUri();
string callbackURL = sid.ToString();
string facebookURL = "https://www.facebook.com/dialog/oauth?client_id=" + Uri.EscapeDataString(AppId) + "&display=popup&response_type=token&scope=publish_stream&redirect_uri=" + Uri.EscapeDataString(callbackURL);
var startUri = new Uri(facebookURL);
WebAuthenticationResult result = await WebAuthenticationBroker.AuthenticateAsync(WebAuthenticationOptions.None, startUri, new Uri(callbackURL));
if (result.ResponseStatus == WebAuthenticationStatus.Success && !result.ResponseData.Contains("&error="))
{
string resultString = result.ResponseData.Replace("#", "&");
AccessToken = GetQueryParameter(resultString, "access_token");
wasSuccess = true;
IsLoggedIn = true;
CurrentUser = await FacebookApi.GetCurrentUserId();
}
return wasSuccess;
I am using ACS to authenticate in a Windows 8 application. I am observing exactly what I expect in that the UI displays the authentication dialog and on successfully entering my LiveID credentials I am returned to my code with a Success status but I do not receive a security token, I simply get "https://XXXXX.accesscontrol.windows.net/v2/wsfederation?wa=wsignin1.0" in result.ResponseData
The code is as follows:
string loginUriString = "https://XXXXX.accesscontrol.windows.net:443/v2/wsfederation?wa=wsignin1.0&wtrealm=http%2f%YYYYY.cloudapp.net";
string redirectUriSting = "https://XXXXX.accesscontrol.windows.net:443/v2/wsfederation";
string authToken;
bool IsAuthenticated = false;
private async Task AuthenticateAsync()
{
var requestUri = new Uri(loginUriString, UriKind.RelativeOrAbsolute);
var redirectUri = new Uri(redirectUriSting, UriKind.RelativeOrAbsolute);
//var testUri = WebAuthenticationBroker.GetCurrentApplicationCallbackUri();
var result = await WebAuthenticationBroker.AuthenticateAsync(
WebAuthenticationOptions.None,
requestUri,
redirectUri);
if (result.ResponseStatus != WebAuthenticationStatus.Success)
throw new Exception(string.Format("Login failed : {0}", result.ResponseErrorDetail));
//authToken = ExtractTokenFromResponse(result.ResponseData);
//if (!string.IsNullOrEmpty(authToken))
//{
_client.DefaultRequestHeaders.Authorization =
new System.Net.Http.Headers.AuthenticationHeaderValue("OAuth", result.ResponseData);
IsAuthenticated = true;
//}
}
I have seen one other SO question here with what seems like a similar problem but nothing else. Have I got something wrong?
The WebAuthenticationBroker simply keeps browsing until the next requested page is the one specified by the callbackUri parameter. At that point it returns the final URL to you so if you want to get anything back it needs to be encoded in that URL.
In the ACS control panel for the relying party you need to specify a return url that is somewhere on your site. For example https://YYYYY.cloudapp.net/federationcallback. Then create a controller to handle accept a post to that URL. The post will have a form field wresult which is some xml that will contain the token returned from ACS.
You can then send the token back to the WebAuthenticationBroker by redirecting to https://YYYYY.cloudapp.net/federationcallback/end?token={whatever you want to return}
You would then need to change the usage of the authentication broker to the following:
var webAuthenticationResult = await WebAuthenticationBroker.AuthenticateAsync(
WebAuthenticationOptions.None,
new Uri("https://XXXXX.accesscontrol.windows.net:443/v2/wsfederation?wa=wsignin1.0&wtrealm=http%3a%2f%2fYYYYY.cloudapp.net%2f"),
new Uri("https://YYYYY.cloudapp.net/federationcallback/end")
);
// The data you returned
var token = authenticateResult.ResponseData.Substring(authenticateResult.ResponseData.IndexOf("token=", StringComparison.Ordinal) + 6);
I am having a problem retrieving the user's access token after he/she has authorized my Facebook application to access their information and post for them, etc... Facebook returns a code query string to my website, so I can receive the access token for the user. I use the following code to get the access code.
string AppKey = "[REMOVED]";
string AppSecret = "[REMOVED]";
var oAuth = new Facebook.FacebookOAuthClient();
oAuth.AppId = AppKey;
oAuth.AppSecret = AppSecret;
oAuth.RedirectUri = new Uri("http://www.mywebsite.com");
Label3.Text = Request.QueryString["code"];
try
{
var accessToken = oAuth.ExchangeCodeForAccessToken(Request.QueryString["code"]);
string accessTokenString = accessToken.ToString();
HttpCookie aCookie = new HttpCookie("MyWebsite_FBAccessToken");
aCookie.Value = accessTokenString;
Response.Cookies.Add(aCookie);
Response.Redirect("~/Process/ProcessToken.aspx");
}
catch (Facebook.FacebookOAuthException error)
{
Label2.Text = error.Message;
}
My code gets held up here:
var accessToken = oAuth.ExchangeCodeForAccessToken(Request.QueryString["code"]);
And I receive the following error.
(OAuthException) Error validating verification code.
Does this seem like there is a problem with my code, or does it look like there may be a setting problem with my Facebook application? I know my App ID and Secret are correct.