我正在为Google en Microsoft设置一个开放id登录,并使用IdentityModel.OidcClient。我已经能够让它为Microsoft工作,但谷歌登录不返回任何令牌(它们都是空的(。我遵循了[本教程][1]。为了使Microsoft登录生效,我需要将ProviderInformation.UserInfoEndpoint添加到OidcClientOptions中。教程中没有提到这一点。
我希望同样的伎俩也能为谷歌安排事情,但事实并非如此。所以现在我被谷歌登录卡住了,我看不出缺少了什么。我希望其他人能给我最后一击。
我注意到并发现有一件事很奇怪:如果我将客户端机密添加到OidcClientOptions中,我就不会为Microsoft登录返回令牌。如果我删除它,则返回所有令牌(身份令牌、访问令牌等(。
这是我用来创建OidcClient对象的代码,其中包含所有选项:
private OidcClient CreateOidcClient(string authorityUrl, string clientId, string scope, string redirectUrl, string issuerName, string tokenEndpoint, string authorizeEndpoint, string userInfoEndPoint, string? clientSecret = null)
{
var options = new OidcClientOptions
{
Authority = authorityUrl,
ClientId = clientId,
ClientSecret = clientSecret,
Scope = scope,
RedirectUri = redirectUrl,
Browser = new WebAuthenticatorBrowser(),
ProviderInformation = new ProviderInformation
{
IssuerName = issuerName,
KeySet = new JsonWebKeySet(),
TokenEndpoint = tokenEndpoint,
AuthorizeEndpoint = authorizeEndpoint,
UserInfoEndpoint = userInfoEndPoint,
}
};
var oidcClient = new OidcClient(options);
return oidcClient;
}
这是我在单击";使用谷歌登录";按钮:
private async Task GoogleLogIn()
{
OidcClient oidcClient = CreateOidcClient(
GoogleConfiguration.AuthorizeUrl,
GoogleConfiguration.ClientId,
GoogleConfiguration.Scope,
GoogleConfiguration.RedirectUrl,
GoogleConfiguration.IssuerName,
GoogleConfiguration.TokenEndpoint,
GoogleConfiguration.AuthorizeEndpoint,
GoogleConfiguration.UserInfoEndpoint,
GoogleConfiguration.ClientSecret
);
LoginResult loginResult = await oidcClient.LoginAsync(new LoginRequest());
}
最后是谷歌配置:
public static class GoogleConfiguration
{
public static readonly string AuthorizeUrl = "https://accounts.google.com/o/oauth2/v2/auth";
public static readonly string ClientId = "XXXXXXXXX";
public static readonly string Scope = "openid profile email";
public static readonly string RedirectUrl = "XXXXXXXXX:/oauth2redirect";
public static readonly string IssuerName = "accounts.google.com";
public static readonly string TokenEndpoint = "https://www.googleapis.com/oauth2/v3/certs";
public static readonly string AuthorizeEndpoint = "https://accounts.google.com/o/oauth2/v2/auth";
public static readonly string UserInfoEndpoint = "https://openidconnect.googleapis.com/v1/userinfo";
public static readonly string ClientSecret = "XXXXXXXXX";
}
这是WebAuthenticationCallbackActivity类:
[Activity(NoHistory = true, LaunchMode = LaunchMode.SingleTask)] // or SingleTop?
[IntentFilter(new[] { Intent.ActionView },
Categories = new[] { Intent.CategoryDefault, Intent.CategoryBrowsable },
DataScheme = "data_scheme_microsoft")]
[IntentFilter(new[] { Intent.ActionView },
Categories = new[] { Intent.CategoryDefault, Intent.CategoryBrowsable },
DataScheme = "data_scheme_google")]
public class WebAuthenticationCallbackActivity : Xamarin.Essentials.WebAuthenticatorCallbackActivity
{
}
当返回loginResult时,我收到以下不清楚的错误:
Error redeeming code: Not Found / no description
非常感谢您的帮助!如果你需要更多信息,请告诉我。[1] :https://mallibone.com/post/xamarin-oidc
我不是专家,但最近成功地使相同的示例代码在谷歌上运行
一路上,我得到了:
Error redeeming code: Unauthorized / Unauthorized
但后来我意识到,我正在为客户保密,这是我从谷歌之外的另一家身份提供商那里得到的。当你创建客户端ID时,谷歌不会提供客户端机密,是吗?
我修复了它,现在可以获得代币了。
我终于明白了:在我从事这个项目时,一些凭据被更改了。我没有注意到,因为新旧证书看起来非常非常相似。一个简单的副本&粘贴成功了。