josem8f josem8f - 1 year ago 109
Android Question

Hybrid Authentication with asp.net Identity and Android Authorization

I'm doing a website in asp that uses Identity (v2.0) and also an Android app connected to the web site through Web API.

I've configured Identity to use Google OAuth signins and works quite well. Right now I'm trying to make a Web API for the app and I also need to authenticate mobile users.

I've reached to the point to configure Identity to manage bearer tokens for the api. But to perform a signin, the only way I've found is through user and password as documentation says:

grant_type=password&username=user&password=pass


Or perform OAuth challenge by web.

As Android also manages Google OAuth. Is there a way to configure Identity to perform signins using Google Oauth?

I have neither found a way to manage external bearer tokens or to use Google Authentication tokens to do a signing with Web Api with Identity.

Maybe I'm misunderstanding something.

Thanks in advance.

Answer Source

Ok, somehow I've found how to do it.

  1. In Android, get an ID token using scope audience:server: as in Google "Accounts Authentication and Authorization" docs.

  2. Send Web API token endpoin as user the email and as password the token.

    grant_type=password&username={email}&password={GoogleToken}

  3. In my extendend class from OAuthAuthorizationServerProvider in the server, I added token verification as from github repo googleplus/gplus-verifytoken-csharp to the method GrantResourceOwnerCredentials

  4. If token is valid, I can populate a UserLoginInfo and find the user with UserManager.

Then normal authentication goes on and user is authenticated in identity as normal.

Anyway, I think there has to be a more elegant way to do it.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download