Using OAuth in ServiceStack client

8
votes

i'm getting confused trying to use OAuth (facebook/twitter) on a client and then authenticate with ServiceStack. all the examples i see for authenticating in a client use basic auth like so:

var response = _client.Send<AuthResponse>(new Auth
{
    provider = CredentialsAuthProvider.Name,
    UserName = model.Username,
    Password = model.Password,
    RememberMe = true
});

what would i need to do to authenticate my stand-alone client with facebook? i make a call to FB and get a UID,access token, email, etc. then what's the call to service stack to authenticate?

currently my thinking is to do the authentication with FB on the client, call service to check if the user exists (looking at email address). if they don't register and log them in using a hash of some of their data as a password. if they exist, log them in same way. is this reasonable/best practice?

thanks in advance

1
oauthservicestack

1 Answers

2
votes

what would i need to do to authenticate my stand-alone client with facebook? then what's the call to service stack to authenticate?

You can handle authenticating to ServiceStack and Facebook using the FacebookAuthProvider (https://github.com/ServiceStack/ServiceStack/wiki/Authentication-and-authorization). Posting the request** to '/auth/facebook' (ServiceStack provided endpoint) will authenticate against ServiceStack and Facebook. Within ServiceStack you can access the Facebook 'tokens' using UserSession.GetOAuthTokens("facebook"). I would think you can share those tokens with your client or have your client go through your ServiceStack endpoints (which you create) to access Facebook. Similar to the way the TwitterGateway (https://github.com/ServiceStack/SocialBootstrapApi/blob/master/src/SocialBootstrapApi/Logic/TwitterGateway.cs) works in the SocialBootStrapApi example.

**{"UserName":"yourname", "Password":"yourpassword", "RememberMe":true/false}