ASP.NET WebAPI 2.2 SPA with social login and no MVC dependencies


Staff member
I have been designing an application which is just a statically served client page designed to use bearer tokens to authenticate with the backing API, however recently I have been trying to add social login options to the back-end but have found it very difficult to find any examples not using MVC dependencies which I would like to avoid if possible.

This question was a great help to get started: <a href="">ASP.NET Web API social authentication for Web and Mobile</a>

However I have been struggling to get my project to work in the same manor, basically in the question I referenced he has configured a
like this:

OAuthOptions = new OAuthAuthorizationServerOptions
                TokenEndpointPath = new PathString("/token"),
                Provider = new ApplicationOAuthProvider(PublicClientId),
                AuthorizeEndpointPath = new PathString("/api/account/externallogin"),
                AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
                //AllowInsecureHttp = false

Also in his backing api account controller he has the following action:

        [Route("ExternalLogin", Name = "ExternalLogin")]
        public async Task&lt;IHttpActionResult&gt; GetExternalLogin(string provider, string error = null)

In this example I have not been able to figure out what the first parameter of the
(template) is actually referencing in the project, if anything, could someone maybe explain what it is doing in this context?

Now when running the sample project provided in the question sending a GET request to 'api/Account/ExternalLogin' the request will be handled on the action in his API account controller and I assume it has something to do with
but am getting a little out of my depth here and struggling to find strong examples of other usages of this attribute.

However I am fairly certain I have configured my WebAPI project correctly in the way he has described, however when sending a GET request to my
it is not handled on my API account controller but instead by my implementation of
which returns a 'invalid_request' error.

Can anyone think of something that I might be overlooking which is causing my API account controller action to be ignored?

I also had a read through this article but it seems to have been written in an older version of WebAPI:
<a href="" rel="nofollow noreferrer"></a>

Thanks for any help,