我正在使用 OpenIdDict 来验证用户身份。我已经按照here给出的示例实现了Google和Facebook登录,但是如果用户已经登录Google或Facebook至少一次,则帐户选择窗口不会打开。
根据Google的文档,我需要在URL中添加prompt=consent参数来强制用户重新接受应用程序。但是,我不知道如何使用 OpenIdDict 来做到这一点。
代码:
节目:
var builder = WebApplication.CreateBuilder(args);
//Some settings
builder.Services.AddOpenIddict()
.AddClient(options =>
{
options.AllowAuthorizationCodeFlow();
options.AddEncryptionCertificate(certificate)
.AddSigningCertificate(certificate);
options.UseAspNetCore()
.EnableRedirectionEndpointPassthrough();
options.UseWebProviders()
.AddGoogle(options =>
{
options.SetClientId(builder.Configuration["Google:ClientId"]!)
.SetClientSecret(builder.Configuration["Google:ClientSecret"]!)
.SetRedirectUri(builder.Configuration["Google:RedirectEndpoint"]!);
});
});
控制器:
[HttpGet("auth")]
public IActionResult ExternalAuth(string provider)
{
string? redirectEndpoint = provider switch
{
Providers.Google => _googleRedirectEndpoint,
Providers.Apple => _appleRedirectEndpoint,
Providers.Facebook => _facebookRedirectEndpoint,
_ => null
};
if (redirectEndpoint == null)
{
return BadRequest($"Provider \"{provider}\" is not configured.");
}
var properties = new AuthenticationProperties(new Dictionary<string, string?>
{
[OpenIddictClientAspNetCoreConstants.Properties.ProviderName] = provider,
});
return Challenge(properties, OpenIddictClientAspNetCoreDefaults.AuthenticationScheme);
}