1

I've created an application with asp.net mvc api with users, following this tutorial. And everything works great like that. local users and facebook login works fine.

But now I'm trying to use the FacebookClient and get the user info and friends. But it asks me for the token, but is not the same token that is stored on my session or cookie.

In api controller Account, in GetExternalLogin action I have this code:

if (hasRegistered)
            {
                Authentication.SignOut(DefaultAuthenticationTypes.ExternalCookie);

                ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(UserManager,
                   OAuthDefaults.AuthenticationType);
                ClaimsIdentity cookieIdentity = await user.GenerateUserIdentityAsync(UserManager,
                    CookieAuthenticationDefaults.AuthenticationType);

                AuthenticationProperties properties = ApplicationOAuthProvider.CreateProperties(user.UserName);
                Authentication.SignIn(properties, oAuthIdentity, cookieIdentity);
            }
            else
            {
                IEnumerable<Claim> claims = externalLogin.GetClaims();
                ClaimsIdentity identity = new ClaimsIdentity(claims, OAuthDefaults.AuthenticationType);
                Authentication.SignIn(identity);
            }

Here I can find the claims. But not how to use this

My question is how can I store the facebook token on my api after the login?

BrunoRamalho
  • 1,726
  • 3
  • 17
  • 31
  • Since its long time you posted this questions, Did you found how to save the User/ Login/ Claims in DB. Also how to handle if user already registered. – Himalaya Garg May 23 '17 at 15:51

1 Answers1

2
var options = new FacebookAuthenticationOptions
{
    AppId = "Your App ID",
    AppSecret = "Your App Secret",
    Provider = new FacebookAuthenticationProvider
    {
        OnAuthenticated = async context =>
        {
            // Retrieve the OAuth access token to store for subsequent API calls
            string accessToken = context.AccessToken;

            // Retrieve the username
            string facebookUserName = context.UserName;

            // You can even retrieve the full JSON-serialized user
            var serializedUser = context.User;
        }
    }
};

app.UseFacebookAuthentication(options);

For more info on how to do this stuff see here: http://www.oauthforaspnet.com/providers/facebook/ f the OnAuthenticated you could also add:

context.Identity.AddClaim(new Claim("FacebookToken", accessToken));

As I am pretty sure that at this point we have created the user and created their claims so you

Michael Crook
  • 1,520
  • 2
  • 14
  • 37
  • yes, it helps, but the claim is not saved. when I put a break point in context.Identity.AddClaim(new Claim("FacebookToken", accessToken)); and copy the accessToken and use it manually I can use it. How can I get this claim? – BrunoRamalho Sep 14 '15 at 21:11
  • if you want to save the access token, you would use (I think) the Id to search for a client you have saved in your storage mechanism. If no users exist, you would create one with this association to facebook and store the code in the assosication table. What I mean is, you save the user as one record, and the facebook id + link to the user in another record so you can have multiple logins for one user. – Michael Crook Sep 14 '15 at 21:40
  • If your using ASP.NET identity, you could modify the AspNetUserLogins table to also include ApiAccessCode then upon auth, I'm pretty sure ASP.NET identity should have already made an entry into AspNetUserLogins table, so you just look the entry up and add the code – Michael Crook Sep 14 '15 at 21:40
  • shouldnt be something like ClaimsIdentity ext = await Authentication.GetExternalIdentityAsync(DefaultAuthenticationTypes.ExternalCookie);? – BrunoRamalho Sep 14 '15 at 22:15
  • To get your claims look into this answer: http://stackoverflow.com/questions/21404935/mvc-5-access-claims-identity-user-data from that you would just use .first where ClaimType == the type you want to find (FacebookToken) – Michael Crook Sep 14 '15 at 22:38
  • Be sure that you add your Valid OAuth Redirect URIs in your app settings. It should look like "https://localhost:#####/signin-facebook" – AtLeastTheresToast Oct 26 '19 at 11:34