-2

I use authorization via oauth.vk.com Docs here

When I call on web-browser

https://oauth.vk.com/authorize?client_id=1&display=page&redirect_uri=http://example.com/callback&scope=friends&response_type=token&v=5.80

After I sign in to vk.com and accept permissions to my server vk.com send Get request like this:

http://example.com/callback#access_token=c9186f0de67865740b9bd920a67320142434422007d16cf79031734fd450657cd4ba221106ce7232e74b7&expires_in=86400&user_id=1&email=example@mail.com

I don't know how to take #access_token in my Get method

Parameters with ? like expires_in, user_id and email I can take like this

[Route("vkauth")]
public class VKAuthController : Controller {
  [HttpGet]
  public string Get_VkAuth([FromQuery] string access_token, string expires_in, string user_id, string email) {
}

But how to take parameter #access_token?

Igor Cova
  • 3,126
  • 4
  • 31
  • 57
  • 3
    Please don’t consider implementing OAuth manually but just use ASP.NET Core’s authentication stack for it. There is even a [VKontakte](https://www.nuget.org/packages/AspNet.Security.OAuth.Vkontakte) plugin to enable authentication without much effort. – poke Jul 08 '18 at 14:20
  • 1
    Nothing after the `#` reaches the server. You are attempting to use a a client-side implementation in server-side code. That's the first signal you are not doing it correctly – Camilo Terevinto Jul 08 '18 at 14:26
  • @CamiloTerevinto but how to be in client side - with this token I need to make another HTTP-request - how it possible? – Igor Cova Nov 05 '18 at 17:50

2 Answers2

0

Just use the HttpRequestMessage in the function and extract the token via the header (if the token is send using headers: Authorization)

For eg: 

public string Get_VkAuth(HttpRequestMessage request,[FromQuery] string access_token, string expires_in, string user_id, string email) {

 String access_token= request.Headers.Authorization.ToString();

}
Tony
  • 16,527
  • 15
  • 80
  • 134
Avy
  • 187
  • 1
  • 10
  • I've got Object reference not set to an instance of an object. – Igor Cova Jul 08 '18 at 14:46
  • You cannot inject `HttpRequestMessage` in ASP.NET Core. But you can just access the controller’s `Request` property to retrieve header values. – poke Jul 08 '18 at 15:46
  • @poke I've trying like `Request.Headers["Authorization"]` and like this `Request.Headers["access_token"]` but there is no header – Igor Cova Jul 08 '18 at 16:05
  • @IgorCova Yeah, as Avy mentioned in the answer, you can only retrieve the token if it is sent as part of the Authorization header. – poke Jul 08 '18 at 18:48
  • @put I can't rule this - vk send me Get request like this http://example.com/callback#access_token=token – Igor Cova Jul 08 '18 at 19:05
0

correct Answer in comment by camilo-terevinto

Nothing after the # reaches the server. You are attempting to use a a client-side implementation in server-side code. That's the first signal you are not doing it correctly

Igor Cova
  • 3,126
  • 4
  • 31
  • 57