The blog has moved!
If you are interested in reading new posts, the new URL to bookmark is http://blog.valeriogheri.com/
I’m working on a project where I have a RESTful HTTP API implemented using the WebAPI framework that is consumed by a native Android application.
This application allows the user to login using their Facebook account and this feature is implemented using the Facebook SDK for Android.
Now the Facebook SDK always gives you an access token if the OAuth process completes correctly and that’s exactly where I found some hurdles integrating with the WebAPI Asp.Net Identity flow: in the facebook authentication flow for asp.net identity, the facebook oath dialog appends a code rather than access token to the redirect_url, so that the server can exchange this code for an access token via http://localhost:49164/signin-facebook?code=…&state=…
Obviously this is not good for our scenario as we already have the facebook access token!
The goal is not to reinvent the wheel, but to find a solution that integrates with the existing OWIN authentication and authorization pipeline.
What we want is to find a way to use existing Asp.Net Identity methods to register the claim identity, so that the system knows about the user, and to generate an API Bearer token that will be given back to the client and that will need to be supplied for each subsequent call to the API endpoints.
The proposed solution acts on two different files:
I posted this solution on StackOverflow to answer the following question: http://stackoverflow.com/questions/21092723/webapi-asp-net-identity-facebook-login
I hope this helps,