OAUTH2(OPENID Connect) + MVC 5. refresh token issue

Question

I'm looking for any useful suggestion with regards to obtaining refresh_token using OWIN libs.

I follow article http://www.asp.net/mvc/tutorials/mvc-5/create-an-aspnet-mvc-5-app-with-facebook-and-google-oauth2-and-openid-sign-on

all stuff works sweet. but no way, at least I don't know the way, to retrieve refresh_token

I've tried to add "access_offline" to initial request, nothing useful. I definitely do something wrong.

Why do I need it? - I'm trying to chain functionality of Google Glass + MVC5 + OWIN.

p.s. I will appreciate any link to working sample built using Google.Api.Auth.

Thanks.

I know it might be too late, but take alook at this post: http://stackoverflow.com/questions/24894789/how-to-renew-the-access-token-using-the-refresh-token/24972426#24972426 — Marco Alves, Jul 29 '14 at 03:43

score 2 · Accepted Answer · answered Mar 24 '14 at 20:04

2

Take a look in the following blogpost: http://peleyal.blogspot.com/2014/01/aspnet-mvc-with-google-openid-and-oauth.html
And, you can find a working sample code in https://github.com/peleyal/peleyal/tree/master/Google.Apis.Sample.MVC.

answered Mar 24 '14 at 20:04

peleyal

3,472
1
14
25

thanks, good post. One question: I cannot understand the design idea about making DataStore as FileStore. Do you know any EF implementation for instance, as you mentioned slightly in your blog? – Eugene P. Mar 25 '14 at 11:47
One of my next tasks is to have a EF implementation. Remember that it's a open source project, so if you come to a good solution, let me know, I'll be happy to take a look in that and add it to the repository. For now I decided to implement only the very basic for .net 4.0, WP and WinRT. I opened a new issue for that one - https://code.google.com/p/google-api-dotnet-client/issues/detail?id=453 – peleyal Mar 25 '14 at 13:44
I got the point, thanks. I've tried your sample, and still stuck on getting `access/refresh tokens`. As I can see for example FileDataStore, same something like url `http://localhost:49244/Home/DriveAsync86747631`. Can't figure out what is this. I definitely can't pass it to google MirrorApi for .net. any ideas? – Eugene P. Mar 25 '14 at 14:25
I'm saving in the state parameter (see https://developers.google.com/accounts/docs/OAuth2InstalledApp), the URL to go back after all the OAuth 2.0 flow is done. I'm adding some random numbers to the end of the URL (see https://code.google.com/p/google-api-dotnet-client/source/browse/Src/GoogleApis.Auth/OAuth2/Web/AuthorizationCodeWebApp.cs#115), because I want to be sure that I was the one that started the OAuth 2.0 flow and no one else. – peleyal Mar 25 '14 at 17:13
I figured it out. just added. `properties.Dictionary.Add(new KeyValuePair("access_type","offline"));` into `ExecuteResult` method of `ChallengeResult` class. – Eugene P. Mar 27 '14 at 12:29
Another question. I'm looking to your implementaiton of DriveSync. and trying to figure out the goal of AuthorizationCodeMvcApp. Do I need to do a call into each action? is it just code for refreshing token each time? What is the best place to hold this code? maybe attribute or overriding method like BeginExecute,etc.? thanks – Eugene P. Mar 27 '14 at 12:36
Take a look at - https://code.google.com/p/google-api-dotnet-client/source/browse/Src/GoogleApis.Auth.Mvc4/OAuth2/Mvc/AuthorizationCodeMvcApp.cs. As you can see it just simplify the code for you, and set the state parameter, so the after the OAuth 2.0 flow is done, Google will return back to your page. – peleyal Mar 27 '14 at 14:18
Thanks. I was able to play with fresh `Mirror Api`, maybe half a day I was receiving correct complex `AuthResult.Credential` object with Access/Refresh keys calling `AuthorizationCodeMvcApp.AuthorizeAcync` method. I was using it as input parameter for `MirrorService.HttpClientInitializer`. But now it does not work.For some reason I get only only Url. do you have any suggestion? Is there any chance to athorize on Google Glass using easier flow? – Eugene P. Mar 28 '14 at 16:10

score 1 · Answer 2 · answered Mar 24 '14 at 21:51

1

Yea, there's an open issue related to this in the Katana project:

https://katanaproject.codeplex.com/workitem/227

In short, it needs to be easier.

answered Mar 24 '14 at 21:51

Brock Allen

7,385
19
24

Thanks, useful link. Unfortunately, I have tried as suggested in comments.nothing changed, also tried 3.0-alpha - no luck. Feeling like a bit disappointed about looking to such big framework as katana owin, without obvious things like retrieving keys in easy and flexible way. – Eugene P. Mar 25 '14 at 11:44

score 0 · Answer 3 · answered Jun 26 '15 at 06:03

You can use a code like this

app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions()
{
    ClientId = "YOUR_CLIENT_ID",
    ClientSecret = "YOUR_CLIENT_SECRET",
    AccessType = "offline",
    Provider = new GoogleOAuth2AuthenticationProvider()
    {
        OnAuthenticated = (context) =>
        {
            TimeSpan expiryDuration = context.ExpiresIn ?? new TimeSpan();
            context.Identity.AddClaim(new Claim("urn:tokens:google:email", context.Email));
            context.Identity.AddClaim(new Claim("urn:tokens:google:url", context.GivenName));
            if (!String.IsNullOrEmpty(context.RefreshToken))
            {
                context.Identity.AddClaim(new Claim("urn:tokens:google:refreshtoken", context.RefreshToken));
            }
            context.Identity.AddClaim(new Claim("urn:tokens:google:accesstoken", context.AccessToken));
            context.Identity.AddClaim(new Claim("urn:tokens:google:accesstokenexpiry", DateTime.Now.Add(expiryDuration).ToString()));

            return Task.FromResult(0);
        }
    }
});

OAUTH2(OPENID Connect) + MVC 5. refresh token issue

3 Answers3