仅使用端点是不够的,而且对于当前的 OWIN Facebook 库 3.1.0 来说是不必要的 - 您现在可以在传递的选项中指定字段。
我必须使用自定义身份验证提供程序来解决 OWIN Facebook 库中的问题,Facebook 会在其中返回字段,但 OWIN 库无法为您解析和收集它们。我怀疑这是因为 lib 的设计是为了让您提出索赔,然后检索对该索赔的响应;但是如果你只是命名一个字段,由于某种原因它根本不会解析出来。
在 Startup.Auth 中:
var facebook = new FacebookAuthenticationOptions
{
Provider = Brass9.OwinVisitor.Auth.Facebook.
FirstLastNameFacebookAuthenticationProvider.SplitFirstLastName(),
#if DEBUG
AppId = //
AppSecret = //
#else
AppId = //
AppSecret = //
#endif
};
//id,name,email,first_name,last_name
var fbScope = facebook.Scope;
fbScope.Add("email");
//fbScope.Add("first_name"); // Uncommenting this line will break auth
facebook.Fields.Add("id");
facebook.Fields.Add("email");
facebook.Fields.Add("name");
facebook.Fields.Add("first_name");
facebook.Fields.Add("last_name");
app.UseFacebookAuthentication(facebook);
所以,到目前为止,我已经使用新的 OWIN 字段选项来指定 id、电子邮件、姓名、名字、姓氏 - 而不是传入自定义端点。我还指定了自定义 AuthenticationProvider。这里是:
namespace Brass9.OwinVisitor.Auth.Facebook
{
public static class FirstLastNameFacebookAuthenticationProvider
{
public static FacebookAuthenticationProvider SplitFirstLastName()
{
return new FacebookAuthenticationProvider
{
OnAuthenticated = async context =>
{
context.Identity.AddClaim(new System.Security.Claims.Claim(
"FacebookAccessToken", context.AccessToken));
foreach (var claim in context.User)
{
var claimType = string.Format("urn:facebook:{0}", claim.Key);
string claimValue = claim.Value.ToString();
if (!context.Identity.HasClaim(claimType, claimValue))
context.Identity.AddClaim(new System.Security.Claims.Claim(
claimType, claimValue, "XmlSchemaString", "Facebook"));
}
}
};
}
}
}
这弥补了 OWIN lib 未能解析出这些值,将它们作为声明存放在 loginInfo 用户对象中。
最后,为了方便起见,我使用最后一个类以规范的方式跨提供者获取这些值,因为不同的提供者使用不同的模式提供名字和姓氏:
namespace Brass9.OwinVisitor.Auth
{
public class ReducedClaims
{
protected Dictionary<string, string> claims;
public ReducedClaims(IEnumerable<System.Security.Claims.Claim> claims)
{
var _claims = claims.ToArray();
this.claims = new Dictionary<string, string>(_claims.Length);
foreach(var claim in _claims)
{
this.claims.Add(claim.Type, claim.Value);
}
}
public ReducedClaims(ExternalLoginInfo loginInfo)
: this(loginInfo.ExternalIdentity.Claims)
{}
//http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
//http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
protected string chainValue(params string[] keys)
{
string val = null;
foreach(var key in keys)
{
if (claims.TryGetValue(key, out val))
return val;
}
return val;
}
// TODO: Instead detect which service it is then use the proper string instead of just milling through guesses?
public string FirstName { get { return chainValue(
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname", // Google
"urn:facebook:first_name" // Facebook
); } }
public string LastName { get { return chainValue(
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname", // Google
"urn:facebook:last_name" // Facebook
); } }
}
}
你可以这样称呼:
var reducedClaims = new ReducedClaims(loginInfo.ExternalIdentity.Claims);
var firstName = reducedClaims.FirstName;
var lastName = reducedClaims.LastName;