{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 祖国的老花朵 的问题《How to renew the access token using the refresh to》','https://www.manongdao.com/q-73915.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am using ASP.NET MVC 5 with OWIN.
I have done a lot of research and haven't found how to renew the access token using the refresh token.
My scenario is: The first time the user accesses my app, he or she grants access to the account I read the refresh token returned from the API. When the users come back to my app, I need to refresh the access token based on the "Refresh Token".
Could anybody provide some code?
Here is what I've achieved till now:
Startup.Auth.cs:
var googleOAuth2AuthenticationOptions = new GoogleOAuth2AuthenticationOptions
{
Caption = "Google+",
ClientId = Parameters.Instance.Authentication.oAuth.GooglePlus.ClientId,
ClientSecret = Parameters.Instance.Authentication.oAuth.GooglePlus.ClientSecret,
CallbackPath = new PathString("/oauth-login-return"),
Provider = new GoogleOAuth2AuthenticationProvider
{
OnAuthenticated = async context =>
{
context.Identity.AddClaim(new Claim(ClaimTypes.Name, context.Identity.FindFirstValue(ClaimTypes.Name)));
context.Identity.AddClaim(new Claim(ClaimTypes.Email, context.Identity.FindFirstValue(ClaimTypes.Email)));
context.Identity.AddClaim(new Claim("picture", context.User.GetValue("picture").ToString()));
context.Identity.AddClaim(new Claim("profile", context.User.GetValue("profile").ToString()));
context.Identity.AddClaim(
new Claim(Parameters.Instance.Authentication.oAuth.GooglePlus.AccessTokenClaimType,
context.AccessToken));
}
}
};
googleOAuth2AuthenticationOptions.Scope.Add("https://www.googleapis.com/auth/plus.login");
googleOAuth2AuthenticationOptions.Scope.Add("https://www.googleapis.com/auth/userinfo.email");
AuthenticationController:
[HttpPost]
[AllowAnonymous]
public ActionResult ExternalLogin(string provider, string returnUrl)
{
RedirectIfAuthenticated();
return new ChallengeResult(provider, Url.Content("~/oauth-login-callback"));
}
[ActionName("oauth-login-back")]
public async Task<ActionResult> ExternalLoginCallback(string returnUrl)
{
}
// Used for XSRF protection when adding external logins
private const string XsrfKey = "XsrfId";
private IAuthenticationManager AuthenticationManager
{
get
{
return HttpContext.GetOwinContext().Authentication;
}
}
private class ChallengeResult : HttpUnauthorizedResult
{
public ChallengeResult(string provider, string redirectUri)
: this(provider, redirectUri, null)
{
}
private ChallengeResult(string provider, string redirectUri, string userId)
{
LoginProvider = provider;
RedirectUri = redirectUri;
UserId = userId;
}
private string LoginProvider { get; set; }
private string RedirectUri { get; set; }
private string UserId { get; set; }
public override void ExecuteResult(ControllerContext context)
{
var properties = new AuthenticationProperties { RedirectUri = RedirectUri };
if (UserId != null)
{
properties.Dictionary[XsrfKey] = UserId;
}
context.HttpContext.GetOwinContext().Authentication.Challenge(properties, LoginProvider);
}
}
Spent the last two days figuring out how to renew the access token myself. The answer is posted in another thread here:
How Google API V 3.0 .Net library and Google OAuth2 Handling refresh token
This question isn't duplicate AT ALL. I hope this help others not spending days like I have spent.
After almost 4 days I have found out how to get a fresh access token in the google api using OWIN.
I'm going to post the solution, but first, I MUST say that what helped me to start getting a clue about my error was setting up the Debug Symbols for the Katana project. See this link: http://www.symbolsource.org/Public/Home/VisualStudio
This image show how to configure Debug Symbols Servers.
And this one shows the Katana Debug Symbols being loaded.
After that, I found out that my problem was that Google API was returning 403: Forbidden
"Access Not Configured. Please use Google Developers Console to activate the API for your project"
Then, found on stack overflow this post: "Access Not Configured. Please use Google Developers Console to activate the API for your project."
more specifically this Answer: https://stackoverflow.com/a/24401189/833846
After that, I went to Google Developers Console and setup up Google+ API
And then, voillá! It worked.
Now, the code to get a fresh access token using the refresh token (I haven't found any way to accomplish that using the OWIN API).
IMPORTANT 1: To get a refresh token you must set the "access_type" to "offline" in the "ExecuteResult" method, this way:
IMPORTANT 2: Once you get your refresh token, you must store it and in some secure source. Google API won't issue you a new refresh token, unless you set "approval_prompt" to "force" before you call the line (in the same method):
I also recommend taking a look at:
Google API Offline Access
Google OAUTH 2.0 Playground
Google API Discovery Check