0

I have an ASP .NET MVC application (default template).

I have added a Nuget package for OAuth support for an external provider.

I have successfully logged in with the external provider, however I now need to use the token that they provide to make REST calls with another API I am using.

How do I get the token the external provider has given?

Ted
  • 13
  • 1

1 Answers1

0

You should refer to the external provider's docs to see how you can get the token. For the ASP.NET's own identity you call %appurl%/token and then store it somewhere like in your session and then send it in your authorization header as described here. http://www.asp.net/web-api/overview/security/individual-accounts-in-web-api

For most providers it should work because ASP.NET itself works with the token of let's say facebook and generates a token for you itself so you always use yourapplication/token to get the token.

See this question MVC 5 Web API with Facebook access token to RegisterExternal without need of Cookie

Community
  • 1
  • 1
asm
  • 508
  • 5
  • 7
  • So you have to make another call - it's not already stored from the initial authorise? Their docs don't explicitly say but they do reference: `https://externalsite.com/1/OAuthGetAccessToken` - so I have to make another call to that? – Ted Nov 22 '15 at 16:30
  • Yes in order to get the token, no matter if you use individual database accounts or an account from an auth provider like FB/MS/Google you should call /token to get the token. You should not put this in a cookie to be sent automatically as well because it will create security wholes. Web API's security part at www.asp.net/web-api has good descriptions for all of this. Read the stuff there and you'll have a solid foundation. – asm Nov 23 '15 at 16:56