Skip to content

Instantly share code, notes, and snippets.

@vgheri
Created March 1, 2014 14:02
Show Gist options
  • Save vgheri/9290143 to your computer and use it in GitHub Desktop.
Save vgheri/9290143 to your computer and use it in GitHub Desktop.
FacebookLogin API endpoint
[HttpPost]
[AllowAnonymous]
[Route("FacebookLogin")]
public async Task<IHttpActionResult> FacebookLogin([FromBody] string token)
{
if (string.IsNullOrEmpty(token))
{
return BadRequest("Invalid OAuth access token");
}
var tokenExpirationTimeSpan = TimeSpan.FromDays(14);
ApplicationUser user = null;
// Get the fb access token and make a graph call to the /me endpoint
var fbUser = await VerifyFacebookAccessToken(token);
if (fbUser == null)
{
return BadRequest("Invalid OAuth access token");
}
// Check if the user is already registered
user = await UserManager.FindByNameAsync(fbUser.Username);
// If not, register it
if (user == null)
{
var randomPassword = System.Web.Security.Membership.GeneratePassword(10, 5);
user = await RegisterUserAsync(fbUser.Username, randomPassword, fbUser.ID);
var customer = await RegisterCustomerAsync(fbUser.FirstName, fbUser.LastName, fbUser.Email, user);
}
// Sign-in the user using the OWIN flow
var identity = new ClaimsIdentity(Startup.OAuthBearerOptions.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.Name, user.UserName, null, "Facebook"));
// This is very important as it will be used to populate the current user id
// that is retrieved with the User.Identity.GetUserId() method inside an API Controller
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, user.Id, null, "LOCAL_AUTHORITY"));
AuthenticationTicket ticket = new AuthenticationTicket(identity, new AuthenticationProperties());
var currentUtc = new Microsoft.Owin.Infrastructure.SystemClock().UtcNow;
ticket.Properties.IssuedUtc = currentUtc;
ticket.Properties.ExpiresUtc = currentUtc.Add(tokenExpirationTimeSpan);
var accesstoken = Startup.OAuthBearerOptions.AccessTokenFormat.Protect(ticket);
Request.Headers.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", accesstoken);
Authentication.SignIn(identity);
// Create the response building a JSON object that mimics exactly the one issued by the default /Token endpoint
JObject blob = new JObject(
new JProperty("userName", user.UserName),
new JProperty("access_token", accesstoken),
new JProperty("token_type", "bearer"),
new JProperty("expires_in", tokenExpirationTimeSpan.TotalSeconds.ToString()),
new JProperty(".issued", ticket.Properties.IssuedUtc.ToString()),
new JProperty(".expires", ticket.Properties.ExpiresUtc.ToString())
);
// Return OK
return Ok(blob);
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment