我创建了一个使用OAuth登录Coinbase的应用程序。我的启动配置如下:
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = COINBASE_AUTH_ID;
})
.AddCookie()
.AddOAuth(COINBASE_AUTH_ID, options =>
{
options.ClientId = Configuration["Coinbase:ClientId"];
options.ClientSecret = Configuration["Coinbase:ClientSecret"];
options.CallbackPath = new PathString("/signin-coinbase");
options.AuthorizationEndpoint = "https://www.coinbase.com/oauth/authorize?meta[send_limit_amount]=1";
options.TokenEndpoint = "https://api.coinbase.com/oauth/token";
options.UserInformationEndpoint = "https://api.coinbase.com/v2/user";
COINBASE_SCOPES.ForEach(scope => options.Scope.Add(scope));
options.SaveTokens = true;
options.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "id");
options.ClaimActions.MapJsonKey(ClaimTypes.Name, "name");
options.ClaimActions.MapJsonKey("urn:coinbase:avatar", "avatar_url");
options.Events = new OAuthEvents
{
OnCreatingTicket = async context =>
{
var request = new HttpRequestMessage(HttpMethod.Get, context.Options.UserInformationEndpoint);
request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", context.AccessToken);
request.Headers.Add("CB-VERSION", DateTime.Now.ToShortDateString());
var response = await context.Backchannel.SendAsync(request, HttpCompletionOption.ResponseHeadersRead, context.HttpContext.RequestAborted);
response.EnsureSuccessStatusCode();
var user = JObject.Parse(await response.Content.ReadAsStringAsync());
context.RunClaimActions(user);
}
};
});
当用户登录时,我返回一个质询结果,并让默认身份验证执行它。
[HttpGet]
public IActionResult Login(string returnUrl = "/")
{
return Challenge(new AuthenticationProperties() { RedirectUri = returnUrl });
}
我正在试图弄清楚如何注销,但当我在基础控制器上调用Signout时,没有任何事情发生。
[HttpGet]
public IActionResult Logout()
{
this.SignOut();
return Redirect(Url.Content("~/"));
}
我怎样才能退出oauth?
现在,这可能是一种更优雅的方式。我发现我可以在HTTPContext上调用SignOut
方法
public async Task<IActionResult> Logout()
{
await HttpContext.SignOutAsync();
return Redirect(Url.Content("~/"));
}