Plugging custom OAuth/OpenID providers

pranav rastogi

In the previous post, I wrote about how you can use the existing providers for Google, Facebook etc. and retrieve extra metadata about the authenticated users. Let’s assume you wanted to change the way the providers request for information. Some examples of this could be

  • You want to request more data about the user
  • You want to apply different scope levels when requesting the data

This post covers how you can write your own provider and plug it into your ASP.NET web application

Write your own provider

Each Provider implements from OpenIdClient. Following example shows a custom implementation of Google Provider which requests information about the user such as firstname/lastname etc

Please Note:  This addresses a bug with the existing google provider which does not return the extra data about the user such as Country/FirstName/LastName. The version of google provider is DotNetOpenAuth.AspNet" version="4.0.3.12153". We have logged a bug for this and will fix it in next update of this package.

 

namespace MyApplication
{
    using System.Collections.Generic;
    using DotNetOpenAuth.OpenId.Extensions.AttributeExchange;
    using DotNetOpenAuth.OpenId.RelyingParty;
 
    /// <summary>
    /// Represents Google OpenID client.
    /// </summary>
    public class GoogleCustomClient : OpenIdClient
    {
        #region Constructors and Destructors
 
        public GoogleCustomClient()
            : base("google", WellKnownProviders.Google) { }
 
        #endregion
 
        #region Methods
 
        /// <summary>
        /// Gets the extra data obtained from the response message when authentication is successful.
        /// </summary>
        /// <param name="response">
        /// The response message. 
        /// </param>
        /// <returns>A dictionary of profile data; or null if no data is available.</returns>
        protected override Dictionary<string, string> GetExtraData(IAuthenticationResponse response)
        {
            FetchResponse fetchResponse = response.GetExtension<FetchResponse>();
            if (fetchResponse != null)
            {
                var extraData = new Dictionary<string, string>();
                extraData.Add("email", fetchResponse.GetAttributeValue(WellKnownAttributes.Contact.Email));
                extraData.Add("country", fetchResponse.GetAttributeValue(WellKnownAttributes.Contact.HomeAddress.Country));
                extraData.Add("firstName", fetchResponse.GetAttributeValue(WellKnownAttributes.Name.First));
                extraData.Add("lastName", fetchResponse.GetAttributeValue(WellKnownAttributes.Name.Last));
 
                return extraData;
            }
 
            return null;
        }
 
        /// <summary>
        /// Called just before the authentication request is sent to service provider.
        /// </summary>
        /// <param name="request">
        /// The request. 
        /// </param>
        protected override void OnBeforeSendingAuthenticationRequest(IAuthenticationRequest request)
        {
            // Attribute Exchange extensions
            var fetchRequest = new FetchRequest();
            fetchRequest.Attributes.AddRequired(WellKnownAttributes.Contact.Email);
            fetchRequest.Attributes.AddRequired(WellKnownAttributes.Contact.HomeAddress.Country);
            fetchRequest.Attributes.AddRequired(WellKnownAttributes.Name.First);
            fetchRequest.Attributes.AddRequired(WellKnownAttributes.Name.Last);
 
            request.AddExtension(fetchRequest);
        }
 
        #endregion
    }
}

 

Source Code for existing providers

The source code for existing providers is public and can be accessed at https://github.com/AArnott/dotnetopenid/tree/master/src/DotNetOpenAuth.AspNet/Clients

Register your provider with your application

WebForms

  • In App_Start/AuthConfig.cs register the custom provider as follows
OpenAuth.AuthenticationClients.Add("Custom Google", () => new MyApplication.GoogleCustomClient());
//OpenAuth.AuthenticationClients.AddGoogle();
   

MVC

  • In App_Start/AuthConfig.cs register the custom provider as follows

 OAuthWebSecurity.RegisterClient(new MyApplication.GoogleCustomClient(),"Google",null);
           // OAuthWebSecurity.RegisterGoogleClient();

WebPages

  • In _AppStart.cshtml register the custom provider as follows

 

 OAuthWebSecurity.RegisterClient(new MyApplication.GoogleCustomClient(),"Google",null);
           // OAuthWebSecurity.RegisterGoogleClient();

This post has been cross posted to http://blogs.msdn.com/b/pranav_rastogi/archive/2012/08/23/plugging-custom-oauth-openid-providers.aspx

Please do reach me via twitter (@rustd) for any questions

0 comments

Discussion is closed.

Feedback usabilla icon