ServiceStack OAuth - registration instead login

Question

In servicestack OAuth implementation I only saw possibility to automatically login with eg. facebook account.

But is there abbility to support registration process with facebook login. What I wanted is to let users login to facebook app, and then load their Name, Surname and email and prefill needed text boxes for real registration on my site (since I also have to have mobile phone verification etc.) I don't want user to be authorized and authenticated when he logs in with facebook. Only credentials login should be valid one for full site access.

Edit: I found a solution.

In FacebookProvider.cs

public override bool IsAuthorized(IAuthSession session, IOAuthTokens tokens, Auth request = null)
{
    if (request != null)
    {
        if (!LoginMatchesSession(session, request.UserName)) return false;
    }
    return tokens != null && session.UserName!=null && !string.IsNullOrEmpty(tokens.AccessTokenSecret);
}

The catch was the && session.UserName!=null part. So we can check if user is logged in using credentials, this will be !=null and user can use all services. If not, this will be ==null and he can only get facebook info from session.

Answer 1

The SocialBootstrap API project shows an example of handling the callback after a successful Authentication by overriding the OnAuthenticated() hook of its custom user session:

I've pulled out, rewrote some and highlighted some of the important bits:

public class CustomUserSession : AuthUserSession
{
    public override void OnAuthenticated(IServiceBase authService, 
                    IAuthSession session, 
                    IOAuthTokens tokens, 
                    Dictionary<string, string> authInfo)
    {
        base.OnAuthenticated(authService, session, tokens, authInfo);

        //Populate matching fields from this session into your own MyUserTable
        var user = session.TranslateTo<MyUserTable>();
        user.Id = int.Parse(session.UserAuthId);
        user.GravatarImageUrl64 = CreateGravatarUrl(session.Email, 64);

        foreach (var authToken in session.ProviderOAuthAccess)
        {
            if (authToken.Provider == FacebookAuthProvider.Name)
            {
                user.FacebookName = authToken.DisplayName;
                user.FacebookFirstName = authToken.FirstName;
                user.FacebookLastName = authToken.LastName;
                user.FacebookEmail = authToken.Email;
            }
            else if (authToken.Provider == TwitterAuthProvider.Name)
            {
                user.TwitterName = authToken.DisplayName;
            }
        }

        //Resolve the DbFactory from the IOC and persist the user info
        using (var db = authService.TryResolve<IDbConnectionFactory>().Open())
        {
            //Update (if exists) or insert populated data into 'MyUserTable'
            db.Save(user);
        }

    }

    //Change `IsAuthorized` to only verify users authenticated with Credentials
    public override bool IsAuthorized(string provider)
    {
        if (provider != AuthService.CredentialsProvider) return false;
        return base.IsAuthorized(provider);
    }
}

Basically this user-defined custom logic (which gets fired after every successful authentication) extracts data from the UserSession and stores it in a custom 'MyUserTable'.

We've also overridden the meaning of IsAuthorized to only accept users that have authenticated with CredentialsAuth.

You can use this data to complete the rest of the registration.

Other possible customizations

ServiceStack's built-in Auth persists the AuthData and populates the Session automatically for you. If you want to add extra validation assertions you can simply use your own custom [Authentication] attribute instead containing additional custom logic. Look at the implementation of the built-in AuthenticateAttribute as a guide.