diff --git a/Yavsc/Views/Shared/SignIn.cshtml b/Yavsc/Views/Shared/SignIn.cshtml
index 6c98ad5b..c1b1723d 100644
--- a/Yavsc/Views/Shared/SignIn.cshtml
+++ b/Yavsc/Views/Shared/SignIn.cshtml
@@ -69,10 +69,10 @@
@foreach (var description in Model.ExternalProviders) {
}
}
-
\ No newline at end of file
+
diff --git a/Yavsc/src/Controllers/OAuthController.cs b/Yavsc/src/Controllers/OAuthController.cs
index ffb294df..deb760b3 100644
--- a/Yavsc/src/Controllers/OAuthController.cs
+++ b/Yavsc/src/Controllers/OAuthController.cs
@@ -108,10 +108,10 @@ namespace Yavsc.Controllers
_logger.LogWarning("ReturnUrl not specified");
return HttpBadRequest();
}
-
- return new ChallengeResult(Provider, new AuthenticationProperties {
- RedirectUri = Url.Action("ExternalLoginCallback","Account", new {returnUrl= ReturnUrl})
- });
+ var redirectUrl = Url.Action("ExternalLoginCallback", "Account", new { ReturnUrl = ReturnUrl });
+ var properties = _signInManager.ConfigureExternalAuthenticationProperties(Provider, redirectUrl);
+ // var properties = new AuthenticationProperties{RedirectUri=ReturnUrl};
+ return new ChallengeResult(Provider,properties);
}
@@ -181,10 +181,10 @@ namespace Yavsc.Controllers
if (!User.Identities.Any(identity => identity.IsAuthenticated))
{
- return new ChallengeResult(new AuthenticationProperties
- {
- RedirectUri = Url.Action("ExternalLoginCallback","Account",new {returnUrl=request.BuildRedirectUrl()})
- });
+ return new ChallengeResult(new AuthenticationProperties {
+ RedirectUri = Url.Action(nameof(Authorize), new {
+ unique_id = request.GetUniqueIdentifier()
+ })});
}
// Note: ASOS automatically ensures that an application corresponds to the client_id specified
// in the authorization request by calling IOpenIdConnectServerProvider.ValidateAuthorizationRequest.
diff --git a/Yavsc/src/Startup.cs b/Yavsc/src/Startup.cs
index b9cd5b6f..1232ac4e 100755
--- a/Yavsc/src/Startup.cs
+++ b/Yavsc/src/Startup.cs
@@ -210,6 +210,7 @@ namespace Yavsc
option.Cookies.ApplicationCookie.DataProtectionProvider =
new MonoDataProtectionProvider(Configuration["Site:Title"]);
option.Cookies.ApplicationCookie.CookieName = "Bearer";
+
}
).AddEntityFrameworkStores()
.AddTokenProvider>(Constants.EMailFactor)
@@ -247,7 +248,7 @@ namespace Yavsc
options.AddPolicy("FrontOffice", policy => policy.RequireRole(Constants.FrontOfficeGroupName));
options.AddPolicy("Bearer",new AuthorizationPolicyBuilder()
- .AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme)
+ .AddAuthenticationSchemes("ServerCookie")
.RequireAuthenticatedUser().Build());
// options.AddPolicy("EmployeeId", policy => policy.RequireClaim("EmployeeId", "123", "456"));
// options.AddPolicy("BuildingEntry", policy => policy.Requirements.Add(new OfficeEntryRequirement()));
@@ -358,18 +359,13 @@ namespace Yavsc
}
}
- app.UseIISPlatformHandler(
- options => options.AuthenticationDescriptions.Clear()
- );
-
var googleOptions = new YavscGoogleOptions
{
ClientId = Configuration["Authentication:Google:ClientId"],
ClientSecret = Configuration["Authentication:Google:ClientSecret"],
- /* AccessType = "offline",
+ AccessType = "offline",
SaveTokensAsClaims = true,
- UserInformationEndpoint = "https://www.googleapis.com/plus/v1/people/me",*/
- AutomaticAuthenticate=true,
+ UserInformationEndpoint = "https://www.googleapis.com/plus/v1/people/me",
AutomaticChallenge=true
};
var gvents = new OAuthEvents();
@@ -392,6 +388,12 @@ namespace Yavsc
googleOptions.Scope.Add("https://www.googleapis.com/auth/calendar");
+ app.UseIISPlatformHandler(options =>
+ {
+ options.AuthenticationDescriptions.Clear();
+ options.AutomaticAuthentication = true;
+ });
+
app.UseFileServer(new FileServerOptions()
{
FileProvider = new PhysicalFileProvider(
@@ -406,7 +408,30 @@ namespace Yavsc
EnableDirectoryBrowsing = false
});
app.UseStaticFiles().UseWebSockets();
+
app.UseIdentity();
+
+ app.UseCookieAuthentication(options =>
+ {
+ options.AutomaticAuthenticate = true;
+ options.AutomaticChallenge = true;
+ options.AuthenticationScheme = "ServerCookie";
+ options.ExpireTimeSpan = TimeSpan.FromMinutes(5);
+ options.LoginPath = new PathString("/signin");
+ options.LogoutPath = new PathString("/signout");
+ // options.CookieName = "Bearer";
+ });
+
+ app.UseMiddleware(googleOptions);
+
+ // Facebook
+ app.UseFacebookAuthentication(options =>
+ {
+ options.AppId = Configuration["Authentication:Facebook:AppId"];
+ options.AppSecret = Configuration["Authentication:Facebook:AppSecret"];
+ options.Scope.Add("email");
+ options.UserInformationEndpoint = "https://graph.facebook.com/v2.5/me?fields=id,name,email,first_name,last_name";
+ });
app.UseOpenIdConnectServer(options =>
{
options.Provider = new AuthorizationProvider(loggerFactory,
@@ -424,6 +449,8 @@ namespace Yavsc
options.ApplicationCanDisplayErrors = true;
options.AllowInsecureHttp = true;
options.AutomaticChallenge = true;
+ // options.AutomaticAuthenticate=true;
+
options.AuthorizationEndpointPath = new PathString("/connect/authorize");
options.TokenEndpointPath = new PathString("/connect/authorize/accept");
@@ -434,30 +461,6 @@ namespace Yavsc
// options.ValidationEndpointPath = new PathString("/connect/introspect");
}); /**/
-
-
-
- app.UseCookieAuthentication(options =>
- {
- options.AutomaticAuthenticate = true;
- options.AutomaticChallenge = true;
- options.AuthenticationScheme = "ServerCookie";
- options.ExpireTimeSpan = TimeSpan.FromMinutes(5);
- options.LoginPath = new PathString("/signin");
- options.LogoutPath = new PathString("/signout");
- });
-
- app.UseMiddleware(googleOptions);
-
- // Facebook
- app.UseFacebookAuthentication(options =>
- {
- options.AppId = Configuration["Authentication:Facebook:AppId"];
- options.AppSecret = Configuration["Authentication:Facebook:AppSecret"];
- options.Scope.Add("email");
- options.UserInformationEndpoint = "https://graph.facebook.com/v2.5/me?fields=id,name,email,first_name,last_name";
- });
-
app.UseRequestLocalization(localizationOptions.Value, (RequestCulture)new RequestCulture((string)"fr"));
/* Generic OAuth (here GitHub): options.Notifications = new OAuthAuthenticationNotifications