Pregunta
I am told that DotNetOpenAuth can pass additional information to a state variable and the passed value will be in the callback string for Google. Anyone know where to get a code sample for this? Do Facebook, twitter, yahoo, and other providers support the state variable also?
Thanks
More specifically, in Microsoft.Web.WebPages.OAuth.OAuthWebSecurity, the method RequestAuthentication does not have a parameter to pass the code parameter. Does that mean there is not default support in DotNetOpenAuth latest version yet? Do I need to use the RegisterClient method in OAuthWebSecurity to create a customize client, instead of using the built in RegisterGoogleClient, RegisterFacebookClient, etc.?
Solución 2
Found out the solution. The query strings after the callback function are placed in the "State" variables. For example, the From string in this function is brought back from Google in callback -
https://stackoverflow.com/questions/18804771
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianpublic ActionResult ExternalLogin(string provider, string returnUrl, string from)
{
return new ExternalLoginResult(provider, Url.Action("ExternalLoginCallback", new { ReturnUrl = returnUrl, From = from}));
}
Otros consejos
The “state” variable is part of the OAuth 2.0 spec and section 4.1.2 requires that the server respond if the client sends it, so anyone who claims to be doing OAuth 2 really ought to support it.
For pedants: https://www.rfc-editor.org/rfc/rfc6749#section-4.1.2
The Google client for OAuthWebSecurity that ships with MVC4 is based on OpenID. You may be interested in the OAuth2 implementation that I wrote.
