Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Cross-client identity - confirmation screen
See original GitHub issueHi,
I’m currently building a windows service that talks to the new Google Search Console query API to pull data. The service communicates via OAuth2, so has a dedicated client id/secret (of type ‘other’)
Because I don’t want the OAuth consent screen popping up on the server desktop, I’ve built an admin ASP.NET MVC app which a user can access to hopefully perform the OAuth authentication on behalf of the server, amongst other adminy tasks.
I’m trying to utilise a concept of Cross-client identity, whereby the web app (which also has a dedicated OAuth client id/secret - of type ‘web application’), and the windows service are technically two separate components of the same app - their client ids were created for the same Project on the Google Developer Console.
They both utilise a custom IDataStore where I persist token information into a database, with the username suffixed with a key representing which part the token belongs to.
Now, I am trying to use the guide detailed Cross-client Identity to do this, and here is my windows service auth code:
/// <summary>
/// Authorises the importer with the Google API.
/// </summary>
/// <param name="source">The import source.</param>
/// <param name="cancellationToken">The cancellation token.</param>
/// <returns>The user credential.</returns>
private async Task<UserCredential> AuthoriseAsync(Source source, ILog log, CancellationToken cancellationToken)
{
string scope = WebmastersService.Scope.WebmastersReadonly;
log.InfoFormat("Authorising API call for {0} - {1} in scope {2}", source.Username, source.Uri, scope);
return await GoogleWebAuthorizationBroker.AuthorizeAsync(
new ClientSecrets() { ClientId = source.ServerOAuthClientId, ClientSecret = source.ServerOAuthClientSecret },
new[] { $"oauth2:server:client_id:{source.OAuthClientId}:api_scope:{WebmastersService.Scope.WebmastersReadonly}" },
source.Username,
cancellationToken,
new TokenDataStore(_connectionFactory, "server"));
}
But what I am finding is it gets rejected by the OAuth server saying its an invalid scope.
Is cross-client identity supported by the .NET client currently?
Issue Analytics
- State:
- Created 8 years ago
- Comments:9
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@Antaris Glad to hear you got it sorted out; and thanks for the description of how you did it 😃
I changed my approach. My ASP.NET MVC web app handles the initial oauth consent, and then I store the access and refresh token in a custom database table. When the token is about to expire, my service communicates with my web app to perform a token refresh. The newer token is stored, so both service and web app utilise the same token for operations.