c# - Linking credential-based authentication information with OAuth -


i implementing proof-of-concept site can optionally linked external provider. external provider used additional user data. provider conveniently exposes authentication oauth 1.0a.

to data, user authenticates on provider site , grant permission. easy.

the site uses servicestack. users register , login using credentialsauthprovider. have looked @ docs on servicestack, explored socialboostrapapi demo, , modeled services accordingly;

first, added user class, serialized db, hold additional data.

then, created customusersession, override onauthenticated method.

plugins.add(new authfeature(() => new customusersession(), new iauthprovider[] {             new credentialsauthprovider()         }));

my onauthenticated method similar 1 in socialboostrapapi demo; walks through session.provideroauthaccess , gets necessary info out of them (looking oauthtokens of "externalprovider" provider).

of course, means when user gives authorization app on external provider, in oauth callback accesstoken, secret, everything, , put inside session.provideroauthaccess.

this, of course, works fine current session, if user logs off , on again, has authorize again (get new access token).

i need way save data put in session db; tried around found nothing (see my question here).

so, added code save them directly db:

var useroauthprovider = oauthtokens.translateto<useroauthprovider>(); useroauthprovider.userauthid = user.id; this.tryresolve<idbconnectionfactory>().run(db => db.save(useroauthprovider));

now, when user authenticates, seems servicestack gets tokens userauthid , put them inside session. good!

first question

am doing in correct way?

second question

can rid of user/customusersession classes, , store additional info need in "items" dictionary in useroauthprovider/oauthtokens? make code simpler..

third question

at end of onauthenticate, socialbootstrapapi saves custom user table again:

authservice.tryresolve<idbconnectionfactory>().run(db => db.save(user));

why necessary? suppose copy info useroauthprovider table on user table (at next login after new authorization, example), why? session seems initialized correct data.


Comments

Post a Comment

Popular posts from this blog

How to logout from a login page in asp.net -

whenever click on logout button redirect me login page when im clicking on button redirect me last visited page. not using membership or windows authentication. session.abandon(); response.cache.setcacheability(httpcacheability.private); response.cache.setcacheability(httpcacheability.nocache); response.redirect("loginform.aspx"); if using session destroy session value on logout button click , can put check in app webpages if(session["sessionvaribale"].equals(null)) { response.redirect("logoutpage url"); }
Read more

Stack level too deep error after upgrade to rails 3.2 and ruby 1.9.3 -

i'm upgrading rails 3.0.9 app 3.2.13 , ruby 1.8.7 1.9.3. time try access controller action, following error started "/myapp/login" 127.0.0.1 @ 2013-07-25 07:10:06 -0600 systemstackerror (stack level deep): actionpack (3.2.13) lib/action_dispatch/middleware/reloader.rb:70 rendered /actionpack-3.2.13/lib/action_dispatch/middleware/templates/rescues/_trace.erb (1.5ms) rendered /actionpack-3.2.13/lib/action_dispatch/middleware/templates/rescues/_request_and_response.erb (5.2ms) rendered /actionpack-3.2.13/lib/action_dispatch/middleware/templates/rescues/diagnostics.erb within rescues/layout (22.6ms) the way i've been able page load without error clear out database sessions (rake db:sessions:clear) , restart rails server. allows 1 single request succeed , subsequent requests fail. i've tried comparing core config files working 3.2 app , have tried upgrade of gems. here's current gemfile: source 'http://rubygems.org' gem 'rails...
Read more