I have downloaded Microsoft.Owin.Security.Facebook package in order to be able to integrate Facebook as external login provider. I have added it to the app builder as follows:
var fbOptions = new FacebookAuthenticationOptions()
{
AuthenticationType = "Facebook",
Caption = "Facebook",
SignInAsAuthenticationType = signInAsType,
AppId = "17*****************5",
AppSecret = "3a*****************************16",
Provider = new FacebookAuthenticationProvider()
{
OnAuthenticated = (context) =>
{
return Task.FromResult(0);
}
},
};
app.UseFacebookAuthentication(fbOptions);
And, of course, in https://developers.facebook.com I have registered my app in order to obtain App ID and App secret. I have registred the custom user service in the standart way:
public class CustomUserService : UserServiceBase
{
....
// gets called whenever the user uses external identity provider to authenticate
// now we will try to map external user to a local user
public override Task AuthenticateExternalAsync(ExternalAuthenticationContext context)
....
}
And then in Startup.cs:
// use custom user service
var customUserService = new CustomUserService();
idServerServiceFactory.UserService = new Registration<IUserService>(resolver => customUserService);
In the login screen I have Facebook as an option. I can select it, I can navigate to it and successfully enter my credentials. The problem happens right after I get back from Facebook to my Identity Server 3 implementation.
The message in the browser is:
There was an error logging into the external provider. The error message is: access_denied
Browser url is:
https://localhost:44317/identity/callback?error=access_denied#_=_
And the one from the logs:
iisexpress.exe Information: 0 : 2017-12-07 17:44:26.687 +02:00 [Information] User is not authenticated. Redirecting to login.
iisexpress.exe Information: 0 : 2017-12-07 17:44:26.694 +02:00 [Information] End authorize request
iisexpress.exe Information: 0 : 2017-12-07 17:44:26.701 +02:00 [Information] Redirecting to login page
iisexpress.exe Information: 0 : 2017-12-07 17:44:26.796 +02:00 [Information] Login page requested
iisexpress.exe Information: 0 : 2017-12-07 17:44:26.834 +02:00 [Information] rendering login page
iisexpress.exe Information: 0 : 2017-12-07 17:44:28.425 +02:00 [Information] External login requested for provider: "Facebook"
iisexpress.exe Information: 0 : 2017-12-07 17:44:28.427 +02:00 [Information] Triggering challenge for external identity provider
iisexpress.exe Information: 0 : 2017-12-07 17:44:49.508 +02:00 [Information] Callback invoked from external identity provider
iisexpress.exe Error: 0 : 2017-12-07 17:44:49.508 +02:00 [Error] External identity provider returned error: "access_denied"
NOTE: I never hit a breakpoint inside of
public override Task AuthenticateExternalAsync(ExternalAuthenticationContext context)
If it is going to help, I am running the instance of Identity Sever 3 on localhost.
Except for that, when using Fiddler I an see that a call was made to Host: graph.facebook.com and it was successful.
{"access_token":"EAAYxR1NxxxMBAHLOW17nfS2xTDqXgIU3FY5ZBpw8EJFfzpoQpS5H6eVjsda2ZAN6ABLGu2а21fGleam8LbhPJTZCh8vBdbnQaijEZAwAQqGDyIZCXhR3twL3Fnq1gZBT8zUsPshZBjTFJ9tU0mWb6s8Up4sX9dUdQDCFefqEf4XKZBEZBHmshm","token_type":"bearer","expires_in":5181406}
But right after that, a failure happens on localhost.
The solution in my case was to update the following nuget packages:
Microsoft.Owin
Microsoft.Owin.Security
Microsoft.Owin.Security.Facebook
Microsoft.Owin.Security.Google
From my current version (3.0.1) to version 3.1.0.
In this way I started hitting the endpoints on my Identity Server instances and it looks good so far.