DotNetOpenAuth OAuth 2.0 authorization with Google

2
votes

I am trying to use DNOA to connect with Facebook and Google over OAuth 2.0.

The same code is working with Facebook, but isn't working with Google

IAuthorizationState authorization = client.ProcessUserAuthorization(request);
if (authorization == null) {
    // Kick off authorization request
    client.RequestUserAuthorization(openAuthClient.scope, new Uri(redirectUrl));
}

The question is why?

I start logging DNOA request and found following:

2014-03-27 12:20:19,497 (GMT+9) [6] DEBUG DotNetOpenAuth.Messaging.Channel - Preparing to send AccessTokenAuthorizationCodeRequestC (2.0) message.

2014-03-27 12:20:19,500 (GMT+9) [6] INFO  DotNetOpenAuth.Messaging.Channel - Prepared outgoing AccessTokenAuthorizationCodeRequestC (2.0) message for https://accounts.google.com/o/oauth2/token: 

code: 4/sFMRXFQwkQR_I1BsKXIA-XRO0eid.MoM8z1Q_qZEdPvB8fYmgkJxxjiYDigI
redirect_uri: http://test.almazcom.ru/asp/logon.aspx?Mode=OpenAuthLogon&Provider=google&Response=1&authuser=0&num_sessions=1&session_state=f1b3dbc278071954a1b03facd6d7053deac831f7..b3c2&prompt=none
grant_type: authorization_code
client_id: 514202796818.apps.googleusercontent.com
client_secret: ********

2014-03-27 12:20:19,500 (GMT+9) [6] DEBUG DotNetOpenAuth.Messaging.Channel - Sending AccessTokenAuthorizationCodeRequestC request.

2014-03-27 12:20:20,447 (GMT+9) [6] DEBUG DotNetOpenAuth.Http - HTTP POST https://accounts.google.com/o/oauth2/token

2014-03-27 12:20:20,533 (GMT+9) [6] ERROR DotNetOpenAuth.Http - https://accounts.google.com/o/oauth2/token returned 400 BadRequest: Bad Request

2014-03-27 12:20:20,533 (GMT+9) [6] DEBUG DotNetOpenAuth.Http - WebException from https://accounts.google.com/o/oauth2/token: 
{
"error" : "invalid_request"
}

Then I change parameter redirect_uri and send this request manually. Result is OK! In my Google application specified following redirect uri: http://test.almazcom.ru/asp/logon.aspx?Mode=OpenAuthLogon&Provider=google&Response=1

How can I change uri during user authorization (method ProcessUserAuthorization) with different one? This uri must be exactly same as Google application Redirect URI. In other cases I get "invalid_request" from Google

1
dotnetopenauth
Does not anyone faced this problem?Krumberg Andrey

1 Answers

3
votes

You should use the "state" to store information on post authentication redirects

To stop DNOA setting a state automatically and allowing you to set your own one create a implementation of IClientAuthorizationTracker

Public Class TokenManager
 Implements IClientAuthorizationTracker

 Function GetAuthorizationState(callbackUrl As System.Uri, clientState As String) As IAuthorizationState Implements IClientAuthorizationTracker.GetAuthorizationState
  Dim oAS As AuthorizationState = Nothing
            If True Then
                oAS = New AuthorizationState()
                oAS.Callback = callbackUrl
            End If
        Return oAS
    End Function
End Class

and then 

oClient = New WebServerClient(MyAuthDesc)
...
oClient.AuthorizationTracker = New TokenManager

lastly (When ProcessUserAuthorization() returns Null/Nothing)

Dim owr As DotNetOpenAuth.Messaging.OutgoingWebResponse
owr = oClient.PrepareRequestUserAuthorization(scopes:=sScope, returnTo:=Request.Url) 
oOAuthParams.Redirect = owr.Headers.Item("Location") & "&state=" & sReturnHere

When ProcessUserAuthorization succeeds and you verify your access token then you can read the state in the URL and do something with it (I do not use it to return I actually use it to discourage fraud)

I needed to do the above anyway to get DNOA working as I did not want to use the session object

Hope this helps.