none
Using the WebAuthenticationBroker.

    Question

  • Hi,

    I'm trying go get OAuth 2.0 to Google Plus working.

    My Code:

    <pre>            var clientId = "XXXXXXXXXX.apps.googleusercontent.com";
                var redirect = "urn:ietf:wg:oauth:2.0:oob";
    
                var endURI = WebAuthenticationBroker.GetCurrentApplicationCallbackUri();
                var googleURL = string.Format("https://accounts.google.com/o/oauth2/auth?client_id={0}&redirect_uri={1}&response_type=token&scope=https://www.googleapis.com/auth/plus.me", clientId,redirect);
    
    var result = await WebAuthenticationBroker.AuthenticateAsync(WebAuthenticationOptions.UseTitle, new Uri(googleURL), endURI);
    

    when I'm passing reponse_type=code it works fine I guess. 

    I'm getting the page that the user can copy paste the code.

    when I'm using response_type=token I'm getting Error=400.

    While it might be a G+ problem, I would like to make sure that I'm using the code correctly.

    do I need to specify anything on the manifest packge to allow callback uri ?

    Thanks

    Ariel


    Ariel Ben Horesh | twitter: @arielbh blog: http://blogs.microsoft.co.il/blogs/arielbh/
    Friday, September 30, 2011 4:44 PM

Answers

  • Hey Guys,

    I've since then written a framework that abstracts all the nasty little details, concerning Authentications.

    Check it out: 

    https://github.com/arielbh/SuiteValue.UI.Metro

    Adding a new Authentication provider to your app (such as Twitter, Google, etc) is just adding a nuget package.

    It's kinda of cool if I can say so myself. :)

    Let me know if you need any more help.

    Arie


    Ariel Ben Horesh | twitter: @arielbh blog: http://blogs.microsoft.co.il/blogs/arielbh/

    • Marked as answer by ArielBH Wednesday, September 05, 2012 8:25 AM
    Wednesday, September 05, 2012 8:25 AM

All replies

  • @Ariel - I am seeing the same thing.  Change to "code" and use this endURI:

    https://accounts.google.com/o/oauth2/approval?xsrfsign=
    

    And I got a successful response.  I'll forward this post to our team though to see if they have other ideas.


    Tim Heuer | Program Manager, XAML | http://timheuer.com/blog | @timheuer
    Friday, September 30, 2011 7:21 PM
  • Hey Tim,

    Thanks for taking the time to answer.

    I was looking at the WebAutentication sample with that endUri, but I didn't notice any difference.

    The only thing that had any effect is changing token to code.

    Also, when in the JavaScript sample, you can parse the result object while in the c# code when using the await-async pattern you get the result only after the use closed the page where he can copy paste the code, and than you also only get the user the canceled the authentication process.

    When going over the Google OAuth documentation page they say the application can parse the html in the result, retrieve the code and prevent this page to be visible to the user.

    http://code.google.com/apis/accounts/docs/OAuth2.html

    "On many platforms, your application should be able to monitor the window title of a browser window it creates and close the window when it sees a valid response. If your platform doesn't support that, you can instruct users to copy and paste the code to your application.

    Your native app should swap that authorization code for a refresh token and access token pair by POSTing it along with yourclient_idclient_secret and grant_type=authorization_code to our OAuth 2.0 token endpoint:"

     Is this possible in our scenario?

    Also I was curious about the GetCurrentApplicationCallbackUri method, there isn't much documentation so far on where to use it and how.

     

    Thanks!

    Ariel


    Ariel Ben Horesh | twitter: @arielbh blog: http://blogs.microsoft.co.il/blogs/arielbh/
    Friday, September 30, 2011 8:42 PM
  • Hmm, I was able to get the token using my suggestions above.  As to your other question, I'll have to defer to the WebAuth folks (I alerted them to this thread).  My expectation would be that the "token" option would/should have worked and there is likely some issue with Google (as it appears to be with an HTTP400).
    Tim Heuer | Program Manager, XAML | http://timheuer.com/blog | @timheuer
    Friday, September 30, 2011 8:49 PM
  • Yeah it might be google problem

    I've posted a question also on Google forum.

    http://groups.google.com/group/google-plus-developers/browse_thread/thread/f63c6dfe36efe585#

    Too many moving parts :)

    Thanks for the info Tim, I hope you will have patience for me bugging you, I'm going to ask lots of questions here and twitter I guess.

    Ariel


    Ariel Ben Horesh | twitter: @arielbh blog: http://blogs.microsoft.co.il/blogs/arielbh/
    Friday, September 30, 2011 8:58 PM
  • Ariel,

    In case you haven't found the answer by now, it is my experience that the Google APIs only accept the special URI "urn:ietf:wg:oauth:2.0:oob" when you use response_type=code. If you're using response_type=token, you will need to use an actual URI.

    -Daniel

    Wednesday, October 05, 2011 6:54 PM
  • Daniel,

    Thanks!

    But isn't the WebAuthenticator.GetCurrentApplicationCallbackUri is what needed it to work?

    Thanks again,

    Ariel


    Ariel Ben Horesh | twitter: @arielbh blog: http://blogs.microsoft.co.il/blogs/arielbh/
    Wednesday, October 05, 2011 7:13 PM
  • I am also trying to figure this out... Hopefully we're able to get an answer soon!
    Tuesday, October 25, 2011 1:41 PM
  • Hey,

    I managed to make this work.

    I'll write a blog post on it... and update here.

    Catch me on twitter for example for further info: @arielbh

    Ariel


    Ariel Ben Horesh | twitter: @arielbh blog: http://blogs.microsoft.co.il/blogs/arielbh/
    Tuesday, October 25, 2011 1:51 PM
  • Thanks Ariel, I look forward to it.
    Tuesday, October 25, 2011 4:14 PM
  • Yap, same issue with windows phone 7.

    i guess that we can hide the browser .. that was my first way to solve it.

    Tim said the query parmeter after aproval uri worked ? it isn0t the same that appears in the textbox when the page loads.

    Wednesday, November 02, 2011 3:47 AM
  • Any progress on the blog? Are you able to reply with a short summary to point us in the right direction? Thanks!
    Monday, November 28, 2011 3:28 AM
  • Any progress on the blog? Are you able to reply with a short summary to point us in the right direction? Thanks!


    I've worked through the issue. Here's what I needed to do to get it working for anyone else fighting this same problem:

    In Google APIs Console, I registered my application as an Installed Application.  This gives me the ability to specify either urn:ietf:wg:oauth:2.0:oob or http://localhost as my redirect URL.  When I used urn:ietf:wg:oauth:2.0:oob, the redirect_url is similar to what's used in the example, but google has added a query parameter "as=..." which threw it off.  Two solutions:

    1. use urn:ietf:wg:oauth:2.0:oob as the redirect_url and remove the query parameters from the endURI: https://accounts.google.com/o/oauth2/approval
    2. use http://localhost as the redirect_url and endURI
    Tuesday, November 29, 2011 5:15 PM
  • Hey,

    he first open up a window that the user can recieve a code he that need to copy - paste into your app. It might be possible to get this from the response, i've yet to manage this.
     
      private string clientId = "YOUR_API_CODE";
            const string redirect = "urn:ietf:wg:oauth:2.0:oob";
            private async Task GetFeedAsync()
            {
                var endURI = WebAuthenticationBroker.GetCurrentApplicationCallbackUri();
                try
                {
                    var result = await WebAuthenticationBroker.AuthenticateAsync(WebAuthenticationOptions.UseTitle, new Uri(googleURL), endURI); 
                }
                catch (Exception e)
                {
                    
                }
            }
    2. This get a token from G+
    inputText.Text is where the user pasted the code.
      private async void GetToken()
            {          
                HttpMessageHandler handler = new HttpClientHandler();
                string client_secret = "YOUR_CLIENT_SECRET";
                HttpClient httpClient = new HttpClient(handler);
                //httpClient.BaseAddress = new Uri("https://accounts.google.com/o/oauth2/token");
                string postData = string.Format("client_id={0}&client_secret={1}&code={2}&redirect_uri={3}&grant_type=authorization_code", clientId, client_secret, inputText.Text, redirect);
                StringContent c = new StringContent(postData, Encoding.UTF8, "application/x-www-form-urlencoded"); 
                
                httpClient.MaxResponseContentBufferSize = 100000;
                var result = await httpClient.PostAsync("https://accounts.google.com/o/oauth2/token", c);
                if (result.IsSuccessStatusCode)
                {
                    DataContractJsonSerializer deserializer = new DataContractJsonSerializer(typeof(Token));
                    var data = (Token)deserializer.ReadObject(result.Content.ContentReadStream);
                    GetProfile(data.access_token);
                }
            }
        [DataContract]
        public class Token
        {
            [DataMember]
            public string access_token { get; set; }
            [DataMember]
            public string token_type { get; set; }
            [DataMember]
            public int expires_in { get; set; }
            [DataMember]
            public string refresh_token { get; set; }
        }
    3. Now with the token you can implement an API call to get the user profile for example
       public async void GetProfile(string access_token)
            {
                         HttpMessageHandler handler = new HttpClientHandler();
                string client_secret = "YOUR_CLIENT_SECRET";
                HttpClient httpClient = new HttpClient(handler);
                httpClient.DefaultRequestHeaders.Add("Authorization", "Bearer " + access_token);  
                var result = await httpClient.GetAsync("https://www.googleapis.com/plus/v1/people/me?access_token=" + access_token);
            }
    result should give you the data, now you just need to desrialize it as I had demonstrated before with the token call.
    The reason I'm delaying the blog post is because Google is about to change the API.
    I will rather wait for that to happen.
    Goodluck
    Ariel


    Ariel Ben Horesh | twitter: @arielbh blog: http://blogs.microsoft.co.il/blogs/arielbh/
    Tuesday, November 29, 2011 7:41 PM
  • Hello Tim,

    I just tried this and I am getting an "This page cannot be displayed" error after signing in into google. Is there any way to get a more detailed debug log about what is happening when WAB tries to resolve URLs and redirects?

    Thanks,

    Phil

    Tuesday, February 28, 2012 11:15 AM
  • I don't know how much help this will be, but here is a simple working version of OAuth to Twitter in metro:

    http://w8isms.blogspot.com/2012/05/posting-to-twitter-from-metro-in-c.html


    John Michael Hauck

    Wednesday, June 06, 2012 2:05 PM
  • Hi,

        I have the same problem when I used like that, and the error is 400 too.

       And may be the problem is by the client Id.

        first I try Client ID type is "web applications" and Redirect Uris is https://example.com/path/to/callback (default). And the issue was happened.

        And then, I try renew Client Id that type is "installed applications", and Redirect Uris is "urn:ietf:wg:oauth:2.0:oob". And the problem was fixed.

        Hope its will help to you.

    Wednesday, September 05, 2012 8:22 AM
  • Hey Guys,

    I've since then written a framework that abstracts all the nasty little details, concerning Authentications.

    Check it out: 

    https://github.com/arielbh/SuiteValue.UI.Metro

    Adding a new Authentication provider to your app (such as Twitter, Google, etc) is just adding a nuget package.

    It's kinda of cool if I can say so myself. :)

    Let me know if you need any more help.

    Arie


    Ariel Ben Horesh | twitter: @arielbh blog: http://blogs.microsoft.co.il/blogs/arielbh/

    • Marked as answer by ArielBH Wednesday, September 05, 2012 8:25 AM
    Wednesday, September 05, 2012 8:25 AM
  • Thanks!

    The SSL token request part helped me a lot!

    Tuesday, January 29, 2013 2:20 PM