I am trying to use OWIN for external login into Google/Facebook.
The issue faced is the owin challenge keeps changing the response type from token to code.
The challenge generates the following URL: https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=client_dim&redirect_uri=mywebsite.com&scope=scope&state=state
This returns an error from google. If I change the response_type to token (response_type=token) it works.
Here is the OAuth Options
OAuthOptions = new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Token"),
Provider = new ApplicationOAuthProvider(PublicClientId),
AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
// In production mode set AllowInsecureHttp = false
AllowInsecureHttp = true,
};
Google Middleware setup:
app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions()
{
ClientId = "clientid",
ClientSecret = "client secret",
});
Here is the challenge:
var properties = new AuthenticationProperties() { AllowRefresh = true, RedirectUri="mywebsite.co.za" };
Request.GetOwinContext().Authentication.Challenge(properties,LoginProvider);
HttpResponseMessage response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
response.RequestMessage = Request;
return Task.FromResult(response);
The OWIN is a basic setup from the generic MVC API project.
