locked
SPA authorization with OAuth2 RRS feed

  • Question

  • User-1286641529 posted

    Hi,

    I have a problem that I can't seem to solve. I'm currently working on a single page application that uses AngularJS for the front-end and ASP.Net Core RC2 for the API. They are in separate projects (client and api).

    On the authorization side of things what I want to do is log in with a third-party OAuth 2 provider (i.e. GitHub). Then I would use the token to fetch the user's profile, validate that the user is registered in my application and then return my own token. The GitHub token would be use just once at log in.

    I got this to kind of work by using the implicit grant, but I don't know if this is the way to go. Here is my current log in process:

    1. Click "LOG IN WITH GITHUB"
    2. Log in with credentials
    3. Allow app to have access
    4. Return the token
    5. Continue login process on the app's API using the GitHub token to validate the user
    6. If GitHub user id is a registered user, create token and grant access to app 

    So yeah this works BUT I remember in older version (before core), you could authorize with OAuth 2  on the API server using a popup window using "ChallengeResult" in the controller's action. I'm wondering how I could achieve this with ASP.Net Core RC2 (is it even possible). I'm new to the whole SPA authorization (SPAs in general) and the implicit grant does not seem like the most secure way of doing this. I'd rather, if possible return the GitHub token directly to the API server and not have to send it to the client and then send it back to the server.

    Here's an example I found made with "old" asp.net: http://bitoftech.net/2014/06/01/token-based-authentication-asp-net-web-api-2-owin-asp-net-identity/ 

    I don't know if my question was clear but thank you in advance 
    -Seb

    Tuesday, June 21, 2016 6:59 PM

Answers

  • User61956409 posted

    Hi SebTittley,

    I remember in older version (before core), you could authorize with OAuth 2  on the API server using a popup window using "ChallengeResult" in the controller's action. I'm wondering how I could achieve this with ASP.Net Core RC2 (is it even possible).

    From this documentation, we could find class ChallengeResult is contained in Microsoft.AspNetCore.Mvc Namespace.

    https://docs.asp.net/projects/api/en/latest/autoapi/Microsoft/AspNetCore/Mvc/

    Best Regards,

    Fei Han

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, June 23, 2016 8:26 AM