diff --git a/src/Owin.Security.Providers.Google/GoogleAuthenticationHandler.cs b/src/Owin.Security.Providers.Google/GoogleAuthenticationHandler.cs index 70e95c0..76f555b 100644 --- a/src/Owin.Security.Providers.Google/GoogleAuthenticationHandler.cs +++ b/src/Owin.Security.Providers.Google/GoogleAuthenticationHandler.cs @@ -17,8 +17,9 @@ namespace Owin.Security.Providers.Google { private const string XmlSchemaString = "http://www.w3.org/2001/XMLSchema#string"; private const string TokenEndpoint = "https://accounts.google.com/o/oauth2/token"; + // TODO: This url should come from here: https://accounts.google.com/.well-known/openid-configuration + // TODO: as described by https://developers.google.com/identity/protocols/OpenIDConnect#discovery private const string UserInfoEndpoint = "https://www.googleapis.com/oauth2/v3/userinfo"; - private const string GooglePlusUserEndpoint = "https://www.googleapis.com/plus/v1/people/me"; private readonly ILogger _logger; private readonly HttpClient _httpClient; @@ -94,16 +95,9 @@ namespace Owin.Security.Providers.Google UserInfoEndpoint + "?access_token=" + Uri.EscapeDataString(accessToken), Request.CallCancelled); graphResponse.EnsureSuccessStatusCode(); text = await graphResponse.Content.ReadAsStringAsync(); - var user = JObject.Parse(text); + var userInfo = JObject.Parse(text); - // Get the Google+ Person Info - graphResponse = await _httpClient.GetAsync( - GooglePlusUserEndpoint + "?access_token=" + Uri.EscapeDataString(accessToken), Request.CallCancelled); - graphResponse.EnsureSuccessStatusCode(); - text = await graphResponse.Content.ReadAsStringAsync(); - var person = JObject.Parse(text); - - var context = new GoogleAuthenticatedContext(Context, user, person, accessToken, expires, refreshToken) + var context = new GoogleAuthenticatedContext(Context, userInfo, accessToken, expires, refreshToken) { Identity = new ClaimsIdentity( Options.AuthenticationType, @@ -124,11 +118,11 @@ namespace Owin.Security.Providers.Google } if (!string.IsNullOrEmpty(context.Name)) { - context.Identity.AddClaim(new Claim("urn:googleplus:name", context.Name, XmlSchemaString, Options.AuthenticationType)); + context.Identity.AddClaim(new Claim("urn:google:name", context.Name, XmlSchemaString, Options.AuthenticationType)); } if (!string.IsNullOrEmpty(context.Link)) { - context.Identity.AddClaim(new Claim("urn:googleplus:url", context.Link, XmlSchemaString, Options.AuthenticationType)); + context.Identity.AddClaim(new Claim("urn:google:url", context.Link, XmlSchemaString, Options.AuthenticationType)); } context.Properties = properties; diff --git a/src/Owin.Security.Providers.Google/GoogleAuthenticationOptions.cs b/src/Owin.Security.Providers.Google/GoogleAuthenticationOptions.cs index f4bd555..a307ccc 100644 --- a/src/Owin.Security.Providers.Google/GoogleAuthenticationOptions.cs +++ b/src/Owin.Security.Providers.Google/GoogleAuthenticationOptions.cs @@ -100,6 +100,7 @@ namespace Owin.Security.Providers.Google AuthenticationMode = AuthenticationMode.Passive; Scope = new List { + "openid", "profile", "email" }; diff --git a/src/Owin.Security.Providers.Google/Provider/GoogleAuthenticatedContext.cs b/src/Owin.Security.Providers.Google/Provider/GoogleAuthenticatedContext.cs index d5194ce..075920d 100644 --- a/src/Owin.Security.Providers.Google/Provider/GoogleAuthenticatedContext.cs +++ b/src/Owin.Security.Providers.Google/Provider/GoogleAuthenticatedContext.cs @@ -2,7 +2,6 @@ using System; using System.Globalization; -using System.Linq; using System.Security.Claims; using Microsoft.Owin; using Microsoft.Owin.Security; @@ -20,16 +19,14 @@ namespace Owin.Security.Providers.Google.Provider /// Initializes a /// /// The OWIN environment - /// The JSON-serialized user - /// - /// Google+ Access token + /// The JSON-serialized user_info. Format described here: https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims + /// Google Access token /// Seconds until expiration /// - public GoogleAuthenticatedContext(IOwinContext context, JObject user, JObject person, string accessToken, string expires, string refreshToken) + public GoogleAuthenticatedContext(IOwinContext context, JObject userInfo, string accessToken, string expires, string refreshToken) : base(context) { - User = user; - Person = person; + UserInfo = userInfo; AccessToken = accessToken; RefreshToken = refreshToken; @@ -39,16 +36,15 @@ namespace Owin.Security.Providers.Google.Provider ExpiresIn = TimeSpan.FromSeconds(expiresValue); } - Id = TryGetValue(person, "id"); - Name = TryGetValue(person, "displayName"); - Link = TryGetValue(person, "url"); - UserName = TryGetValue(person, "displayName").Replace(" ", ""); + // See https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims for a list of properties + Id = TryGetValue(userInfo, "sub"); + Name = TryGetValue(userInfo, "name"); + Link = TryGetValue(userInfo, "profile"); + UserName = TryGetValue(userInfo, "name").Replace(" ", ""); - var email = (from e in person["emails"] - where e["type"].ToString() == "account" - select e).FirstOrDefault(); + var email = TryGetValue(userInfo, "email"); if (email != null) - Email = email["value"].ToString(); + Email = email; } /// @@ -57,16 +53,7 @@ namespace Owin.Security.Providers.Google.Provider /// /// Contains the Google user obtained from the endpoint https://www.googleapis.com/oauth2/v3/userinfo /// - public JObject User { get; private set; } - - /// - /// Gets the JSON-serialized person - /// - /// - /// Contains the Google+ person obtained from the endpoint https://www.googleapis.com/plus/v1/people/me. For more information - /// see https://developers.google.com/+/api/latest/people - /// - public JObject Person { get; private set; } + public JObject UserInfo { get; private set; } /// /// Gets the Google OAuth access token @@ -79,12 +66,12 @@ namespace Owin.Security.Providers.Google.Provider public string RefreshToken { get; private set; } /// - /// Gets the Google+ access token expiration time + /// Gets the Google access token expiration time /// public TimeSpan? ExpiresIn { get; set; } /// - /// Gets the Google+ user ID + /// Gets the Google user ID /// public string Id { get; private set; } @@ -96,12 +83,12 @@ namespace Owin.Security.Providers.Google.Provider public string Link { get; private set; } /// - /// Gets the Google+ username + /// Gets the Google username /// public string UserName { get; private set; } /// - /// Gets the Google+ email address for the account + /// Gets the Google email address for the account /// public string Email { get; private set; }