使用 Asp.Net Owin Oauth 进行增量 Google OAuth

我正在寻找一种解决方案，使用 Asp.Net 的 Owin OAuth 库对 Google 的 api 进行增量授权。

我知道如何设置特定 api 的范围，但我想逐步进行，并且只能看到如何在全局范围内设置它。

关于 Google Oauth 增量身份验证的文档...https://developers.google.com/accounts/docs/OAuth2WebServer#incrementalAuth https://developers.google.com/accounts/docs/OAuth2WebServer#incrementalAuth

当前 VB 代码...

Public Sub ConfigureAuth(app As IAppBuilder)

    Dim googleCreds = New GoogleOAuth2AuthenticationOptions() With {
                .ClientId = "xxxx",
                .ClientSecret = "xxx"
    }

    googleCreds.Scope.Add("https://www.googleapis.com/auth/analytics.readonly")
    app.UseGoogleAuthentication(googleCreds)

    ' Would like to add another way to specify GoogleDrive, YouTube, Google+ scopes
    ' Example code that doesn't work that would add a 2nd Google Oauth Listener
    googleCreds.Scope.Clear()
    googleCreds.Scope.Add("https://www.googleapis.com/auth/drive.file")
    googleCreds.AuthenticationType = "GoogleDrive"
    app.UseGoogleAuthentication(googleCreds)

End Class

这是我想出的解决方案。它涉及在 url 中传递“scope”参数，然后在身份验证选项的“OnApplyRedirect”函数中解析该参数，然后手动将正确的范围 url 注入到重定向 url 中。

    Dim googleCreds = New GoogleOAuth2AuthenticationOptions() With {
        .ClientId = "xxx",
        .ClientSecret = "xxx",
        .Provider = New Microsoft.Owin.Security.Google.GoogleOAuth2AuthenticationProvider() With { _
            .OnApplyRedirect = Function(context)
                                   Dim queryString = HttpContext.Current.Request.QueryString.ToString()
                                   Dim queryParms = HttpUtility.ParseQueryString(queryString)

                                   ' Change the value of "redirect" here
                                   ' e.g. append access_type=offline
                                   Dim redirect As String = context.RedirectUri
                                   redirect += "&access_type=offline"
                                   redirect += "&approval_prompt=force"
                                   redirect += "&include_granted_scopes=true"

                                   Dim uri = New Uri(redirect)

                                   If (Not String.IsNullOrEmpty(queryParms.Get("scope"))) Then
                                       Dim scope = queryParms.Get("scope")
                                       Dim redirectQueryString = HttpUtility.ParseQueryString(uri.Query)
                                       Select Case scope
                                           Case "Analytics"
                                               redirectQueryString.Set("scope", "https://www.googleapis.com/auth/analytics.readonly")
                                           Case "YoutTube"
                                               redirectQueryString.Set("scope", "https://gdata.youtube.com")
                                           Case "Drive"
                                               redirectQueryString.Set("scope", "https://www.googleapis.com/auth/drive.file")
                                           Case Else
                                               LoggingUtility.LogErrorMessage("Invalid scope passed in: scope: " + scope)
                                       End Select
                                       redirect = uri.GetLeftPart(UriPartial.Path) + "?" + redirectQueryString.ToString()
                                   End If

                                   context.Response.Redirect(redirect)

                               End Function, _
        }
    }

    'Google Analytics
    app.UseGoogleAuthentication(googleCreds)