9

I want users to be able to log in with facebook/google via a mobile app(android and ios) and/or a website(built with asp.net MVC)...

What should my database be storing to make authentication work across mobile app and website? userId , google/facebook token?

Im unsure how to go about saving user information. Should I combine this with OWIN? I dont know much about asp.net identity but have seen that it fairly straight forward with 3rd party providers....the question is if i login from the mobile app for the first time should i programatically add the new user to the database?

So far I think this seems like the best link: http://bitoftech.net/2014/07/16/enable-oauth-refresh-tokens-angularjs-app-using-asp-net-web-api-2-owin/

but I'm hoping theres a simpler way.

Im getting google/fb tokens and sending them to the server to get the ids of the users...

What do i need to do here, so that if the google/fb user logs in through the web, they will be recognised as the same user.

It seems like MS have made it so easy to use ASP.Net Identity to set up social login for the web, but have ignored how that can be used with mobile to use a sql server db to store user/membership details...

Just trying to work out the best way of managing users for mobile and web as one

raklos
  • 28,027
  • 60
  • 183
  • 301

2 Answers2

2

This link describes everything you are looking for http://www.asp.net/mvc/overview/security/create-an-aspnet-mvc-5-app-with-facebook-and-google-oauth2-and-openid-sign-on

What you have to store in the database in order to check if user already exist in your database or not can be get from the response you will get from Facebook or Google after a users credential verified, Facebook & Google must be giving the details of the users back in response. like Email Id, Date of birth etc., you can save these details in your database and at every login check it user already exist or not and register accordingly.

Details that comes in response is mentioned in another post WebApi ASP.NET Identity Facebook login

  public class FacebookLoginModel
{
    public string token { get; set; }
    public string username { get; set; }
    public string userid { get; set; }
}

public class FacebookUserViewModel
{
    public string id { get; set; }
    public string first_name { get; set; }
    public string last_name { get; set; }
    public string username { get; set; }
    public string email { get; set; }
}
Community
  • 1
  • 1
Anil Panwar
  • 2,592
  • 1
  • 11
  • 24
1

It's relatively straightforward for Google Sign in. The easiest way is for you to store the unique ID in your local database that Google returns for each account that you authenticate with it.

You can call the getSignInAccount method after the sign-in intent succeeds.

Auth.GoogleSignInApi.getSignInResultFromIntent(data);
GoogleSignInAccount acct = result.getSignInAccount();
String personName = acct.getDisplayName();
String personEmail = acct.getEmail();
**String personId = acct.getId();**
Uri personPhoto = acct.getPhotoUrl();

And whether the person signs in from the phone or the mobile, you know it is the same person. More details at https://developers.google.com/identity/sign-in/android/people

In any case, you will have to programmatically store the user in your database every time someone new logs in. So you will have to store their personID as an additional field to authenticate them overtime.

Abhishek
  • 1,261
  • 1
  • 13
  • 30