AddOAuth linkedin dotnet core 2.0

2020-06-16 04:57发布

站内问答 / C#
776 2 6

I'm using dotnet core I want to setup a LinkedIn authentication on the site since there is no default authentication builder for LinkedIn as facebook, google and twitter I decided to use the generic implementation as follows:

services.AddAuthentication().AddOAuth("LinkedIn", 
            c =>
            {
                c.ClientId = Configuration["linkedin-app-id"];
                c.ClientSecret = Configuration["linkedin-app-secret"];
                c.Scope.Add("r_basicprofile");
                c.Scope.Add("r_emailaddress");
                c.CallbackPath = "/signin-linkedin";
                c.AuthorizationEndpoint = "https://www.linkedin.com/oauth/v2/authorization";
                c.TokenEndpoint = "https://www.linkedin.com/oauth/v2/accessToken";
                c.UserInformationEndpoint = "https://api.linkedin.com/v1/people/~:(id,formatted-name,email-address,picture-url)";
})

I'm having an issue because GetExternalLoginInfoAsync() is null, looking the Identity ASP.net core source, is because the providerkey is null.

Taken from asp.net core code:

var providerKey = auth.Principal.FindFirstValue(ClaimTypes.NameIdentifier);
var provider = items["LoginProvider"] as string;
if (providerKey == null || provider == null)
{
   return null;
}

the question is where can I add the ClaimTypes.NameIdentifier to the LinkedIn claim?

2条回答
看我几分像从前
2楼-- · 2020-06-16 05:20

It is simpler to use NuGet package from AspNet.Security.OAuth.Providers and transform claims using options.ClaimActions.MapJsonKey

.AddLinkedIn(options =>
{
    var linkedInOptions = new Dictionary<string, string>();
    Configuration.Bind("LinkedIn", linkedInOptions);

    options.ClientId = linkedInOptions[nameof(options.ClientId)];
    options.ClientSecret = linkedInOptions[nameof(options.ClientSecret)];

    // Use v2 API
    options.AuthorizationEndpoint = "https://www.linkedin.com/oauth/v2/authorization";
    options.TokenEndpoint = "https://www.linkedin.com/oauth/v2/accessToken";

    // This is already mapped by NuGet package
    //options.ClaimActions.MapJsonKey(OpenIdConnectConstants.Claims.Name, "formattedName");

See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers/blob/dev/src/AspNet.Security.OAuth.LinkedIn/LinkedInAuthenticationOptions.cs

查看更多
0人赞 添加讨论(0) 举报
爷、活的狠高调
3楼-- · 2020-06-16 05:22

In this case, you have to pre populate each Claim manually using an OauthEvent like this:

.AddOAuth("LinkedIn", 
            c =>
            {
                c.ClientId = Configuration["linkedin-app-id"];
                c.ClientSecret = Configuration["linkedin-app-secret"];
                c.Scope.Add("r_basicprofile");
                c.Scope.Add("r_emailaddress");
                c.CallbackPath = "/signin-linkedin";
                c.AuthorizationEndpoint = "https://www.linkedin.com/oauth/v2/authorization";
                c.TokenEndpoint = "https://www.linkedin.com/oauth/v2/accessToken";
                c.UserInformationEndpoint = "https://api.linkedin.com/v1/people/~:(id,formatted-name,email-address,picture-url)";
                c.Events = new OAuthEvents
                {
                    OnCreatingTicket = async context =>
                    {
                        var request = new HttpRequestMessage(HttpMethod.Get, context.Options.UserInformationEndpoint);
                        request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", context.AccessToken);
                        request.Headers.Add("x-li-format", "json");

                        var response = await context.Backchannel.SendAsync(request, context.HttpContext.RequestAborted);
                        response.EnsureSuccessStatusCode();
                        var user = JObject.Parse(await response.Content.ReadAsStringAsync());

                        var userId = user.Value<string>("id");
                        if (!string.IsNullOrEmpty(userId))
                        {
                            context.Identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, userId, ClaimValueTypes.String, context.Options.ClaimsIssuer));
                        }

                        var formattedName = user.Value<string>("formattedName");
                        if (!string.IsNullOrEmpty(formattedName))
                        {
                            context.Identity.AddClaim(new Claim(ClaimTypes.Name, formattedName, ClaimValueTypes.String, context.Options.ClaimsIssuer));
                        }

                        var email = user.Value<string>("emailAddress");
                        if (!string.IsNullOrEmpty(email))
                        {
                            context.Identity.AddClaim(new Claim(ClaimTypes.Email, email, ClaimValueTypes.String,
                                context.Options.ClaimsIssuer));
                        }
                        var pictureUrl = user.Value<string>("pictureUrl");
                        if (!string.IsNullOrEmpty(pictureUrl))
                        {
                            context.Identity.AddClaim(new Claim("profile-picture", pictureUrl, ClaimValueTypes.String,
                                context.Options.ClaimsIssuer));
                        }
                    }
                };

            })
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)