This is a slightly improved implementation over the default Facebook client that ships with DNOA. It keeps the provider and sid off of the redirect uri, and puts them in the state parameter where they belong.
It also lets you customize the scopes, in case you want access to other Facebook data. And it doesn't manipulate the response fields - so you get back exactly what facebook provided.
Facebook Reference: http://developers.facebook.com/docs/howtos/login/server-side-login/
-
Setup your Facebook App using the Facebook developer apps site. Detailed instructions here
-
Install this library from NuGet, or compile from source and reference.
-
Register the client instead of the existing Facebook OpenId client.
var client = new FacebookOAuth2Client("yourAppId", "yourAppSecret"); var extraData = new Dictionary<string, object>(); OAuthWebSecurity.RegisterClient(client, "Facebook", extraData);
Just like any other OAuthWebSecurity client, except you need one extra hook:
// add this line
FacebookOAuth2Client.RewriteRequest();
// it belongs right before your existing call to
OAuthWebSecurity.VerifyAuthentication(....)
This is needed because Facebook requires that any extra querystring parameters for the
redirect be packed into a single parameter called state. Since OAuthWebSecurity needs
two parameters, __provider__ and __sid__ - we have to rewrite the url.
Note: The RewriteRequest method will unpack the state parameter and place its contents back into the regular querystring.
So if you are looking for a state value such as ReturnUrl, you will find it has been moved to Request.QueryString["ReturnUrl"].
I don't work for Facebook, Microsoft, or DNOA. This is released under the MIT licence. Do what you want with it.