Support forum for ASP.NET Zero (https://aspnetzero.com/).
By Ribbo
#18392 Hi,
Using Angular 2 what do you recommend is the best way to implement an OAuth 2 external login?
The site is Strava, https://strava.github.io/api/v3/oauth/

My problem is your implementation of Facebook and Google login uses their JS library to do get the accessToken, however this site doesn't provide any kind of pre-built JS SDK like that.

I did have this working previously on aspnetboiler plate with AngularJS by using OWIN (there is a pre-build OWIN middleware for the above Strava site), but this used MVC based Account login. But I don't know how I would add the same methods with the new Angular 2 architecture or if that is the best way to try go.

Thanks,
Matt
By ismcagdas
#18435 Hi,

When developing angular2 version, we think angular2 side as a totaly seperatead pure client side app and that is why we used this approach. I don't know if there is another way for pure angular2 apps.

Have you asked this to strava ? I think they can suggest you the best way for using strava with angular2.

Thanks.
By Ribbo
#18537 Hi,
I have found a Strava OAuth provider via
https://github.com/aspnet-contrib/AspNe ... .Providers

This is working perfectly when add to the aspnet zero MVC Core project. I have tried to migrate over the AccountController to the Angular 2 project, this way I can use MVC just to provide the 3rd party login\registration.

Everything seems to work correctly, I can see AspNet.Security.OAuth.Strava getting all the user details in the CreateTicketAsync function. The function ExternalLoginCallback gets called but the problem is within this function the externalLoginInfo is always null.

var externalLoginInfo = await _signInManager.GetExternalLoginInfoAsync();
always returns null.

I think this might be an issue with Cookie External Authentication, is there something I am missing to get this to work in the Core/Angular project?

Thanks,
Matt
By Ribbo
#18616 Hi,
This won't work as it requires all the OAuth logic to be implemented via the Angular UI?
There is no Javascript SDK for Strava OAuth like there is for Facebook\Google.

The reason I have decided to implement the MVC controller\authentication from the aspnet zero MVC project is because there is one written for .NET MVC based AspNet.Security.OAuth which is AspNet.Security.OAuth.Strava.
This works PERFECTLY under your MVC project. So its easier to just add the MVC controller to the Angular project just for the sign in (similar to how you had the original Angular JS working).

I also tried to add the Google authentication via MVC to ensure it isn't my Strava OAuth.
I did this with AuthConfigurer.cs by adding.
app.UseGoogleAuthentication(new GoogleOptions
{ ClientId = "{myClientId}",
ClientSecret = "{mySecret}"
});
This had the exact same result, everything worked except the external login info returns null.
var externalLoginInfo = await _signInManager.GetExternalLoginInfoAsync();
always returns null.

So what I need to know, what do I need to add to the Core\Angular project to get the MVC External Login to work? From what I can tell all the StartUp.cs is nearly the same between Angular and MVC projects.

Thanks,
Matt
By Ribbo
#18619 To clear 1 thing up... when I talk about your MVC Project, I mean the "ASP.NET CORE MVC & Jquery". I have essentially copied over the AccountController to manage the external OAuth login.
User avatar
By hikalkan
#18694 Hi Ribbo,

I'm just joining to discussion to help you.

The main difference between MVC UI (AspNet Core + jQuery) from Angular UI (AspNet Core + Angular4) is that MVC application uses cookie authentication, but Angular uses token based authentication, which makes flow completely different. The reason Angular UI uses tokens (not cookies) is that cookies does not work properly for cross domain requests.

We also had problems while implementing Facebook & Google authentications and have written many custom (but actually standard-compatible) code and spend a lot of time to accomplish it. For instance, we could not do Microsoft auth since it does not provide a proper js client. Auth is not an easy thing :)

So, what you should first do to contact to strava support to ask how you can authenticate a plain HTML Angular application and obtain an access token. In the end, strava is a 3rd party provider. After they lead you, we will glad to help you further if you have a problem specific to AspNet Zero codebase.
By Ribbo
#18709 That makes sense as all my research pointed to Cookie Authentication not being setup correctly in StartUp used to get the External Login detail.
While I understand the reason in terms of having login via Angular needing Token Authentication. Is there a way to enable Cookie Authentication for the MVC side so this flow works and also have Token Authentication at the same time in the same solution? There isn't any JS library I can find provided by Strava which means implementing my self (which I would prefer not to do same reason as you have for Microsoft).

The flow I was thinking (confirm if this will or won't work), if I can turn on Cookie Authentication for MVC in the same project along side :
1. User hits Angular Client where there is a "Sign in to Strava" button eg. www.mysite.com
2. Button takes them to login.mysite.com/login/strava. This will be a separate subdomain where the API\MVC is.
3. MVC takes over OAuth login and returns them to login.mysite.com/login/ExternalLoginCallback
4. ExternalLoginCallback gets details via Cookie Authentication with signInManager.GetExternalLoginInfoAsync(); and registers the user if it doesn't exist
5. If user exists login via Token authentication and return them back to www.mysite.com Angular site logged in with the Token

The flows seems to be almost the same as the old .NET\Angular JS (before Angular 2 project) where MVC was used for authentication and Angular for the rest.
Currently I have everything above working up to step (4) where it fails to get the LoginInfo due to the cookie authentication. If you can tell me how to turn on Cookie Authentication I think everything will work for me.

Thanks,
Matt
User avatar
By hikalkan
#18990 As long as they are in the different domain, Cookie authentication will not work.

Cookie auth is already enabled for the .Host project, if you are asking for it? But angular can not use it (because of cross domain).

If you can login use with the MVC side and register the new user, then you may try to pass a temporary token to the angular side. Angular then requests to server with the token, authenticates and gets an actual token. We will make a similar thing in this release to seperate Public Web Site and make single sign on with angular application.

One another option can be merging angular to the MVC/Host solution and change angular side to use cookie based auth.

I would want to help you clearer, but this goes to a custom development work.
If I would work on that I would would have many different problems and solve one by one and spend significiant time to make a working solution. So, it's not easy to write a step by step TODO for you unless we work on that deeply.