Reputation: 649
open authentication cross domain redirection issue
i am trying open authentication first time in mvc-web-api4 . i have hosted my services in services.domain.com , and front end (UI) is in test.domain.com .
in front end i will call the service to login from facebook. after successful login i will get the access token in services.domain.com . but my code is in test.domain.com.
after redirection from facebook . i am getting access token in service.bubblesbuy.com , but i need that access token in test.domain.com.
here are the steps i followed
$.ajax({
url: "services.domain.com/api/Account/ExternalLogins?returnUrl=%2F&generateState=true",
success: function (data) {
//after successful
}
after successful , i will get providers , here is the output
[
{
"Name": "Facebook",
"Url": "/api/Account/ExternalLogin?provider=Facebook&response_type=token&client_id=self&redirect_uri=services.domain.com&state=bzDUygFiUw-jOYHCYaDPT8iawAjq1ejd0hmkVPZTwjk1",
"State": "bzDUygFiUw-jOYHCYaDPT8iawAjq1ejd0hmkVPZTwjk1"
}
]
i will pass Url to my service
services.domain.com//api/Account/ExternalLogin?provider=Facebook&response_type=token&client_id=self&redirect_uri=services.domain.com&state=bzDUygFiUw-jOYHCYaDPT8iawAjq1ejd0hmkVPZTwjk1",
"State": "bzDUygFiUw-jOYHCYaDPT8iawAjq1ejd0hmkVPZTwjk1
i am getting the access token in
services.domain.com/#access_token= Hu2B5WmmZLy8TfJ3RqRsVnQDfDcHSiVCMliWrS554PpU-i_LQzdMggJgXClsf-ZtYXRDxxct7m3frZxYR0MKLxNWHwH1gXxi7Y-HUbWjyB9QvBJMwifFCVMnt7BOOlKjJPEAhdOY7ZgRB-vURBH-hHT6wFSXJvvpYpZ0fziX0DgKrLIqUj8&token_type=bearer&expires_in=1209600&state=24HUa-Upzo-_Xh2j0CkAx5TVPdoirvNrGktpg5H5Ifg1
but i need to access that token in test.domain.com (front end where my all html page is there )
please help me how to get that access token in test.domain.com (in front end )
Upvotes: 1
Views: 266
Answers (1)
Reputation: 1450
You need an authorization server that issues an access token to your client (front-end). Microsoft provides an OWIN middleware for ASP.NET MVC. Take a look at this sample: OWIN OAuth 2.0 Authorization Server
Since Microsoft will no longer support this middleware in the future, you can also use the open source IdentityServer3. This project is part of the .NET Foundation and offers good support and a lot of samples.
Upvotes: 1
Related Questions
- Cross-domain ajax request basic authentication
- Redirect for non authorized users not working in ajax request
- AccessToken generated in MVC application is not valid in Crossdomain API
- Same domain AJAX calls being redirected by 3rd party authentication
- AJAX not handling 302 redirect
- owin external login not redirecting to client application
- Cross domain authentication of Web API
- localhost to different domain not passing credentials
- Openid redirect not working
- MVC and OpenID Redirection Problems