Question 87822 in ASP.NET Question posted in
The official documentation can be found here.

ASP.NET Core Web API Google Authentication

I am using ASP.NET Core WebAPI (.NET 6.0)

I would like to implement Google Authentication using the guideline shared by Google on https://developers.google.com/identity/gsi/web

My understanding of the process s that – I request a JWT from Google from my Web Client (VueJS) – send the JWT to the WebAPI to verify.

For verification, it seems I need to write some code as per the guidelines shared on https://developers.google.com/identity/sign-in/web/backend-auth.

Then I create a new JWT for the user using the details, role information, and claims stored in my DB and send it back to the client.

The client saves the new JWT to local storage and keeps sending it for every new API request.

The entire process feels a little like reinventing the wheel, is there a more standard method of handling the WebAPI part?

Tags:

2

Answers


  1. 0

    I think your understanding of Google Authentication is correct. The best practice regarding webapi using Google Authentication should also be the same.

    1. Register your in Google, get client_id and client_secret.

    2. Add the services Identity, Authentication and Google in .Net core as follows. And add the attribute [Authorize()] to the APIs you want to secure.

    AspNetCore WebAPI – Google Authentication

    3. Get access_token from google.

    4. append access_token in your every httprequest when access your webapi.

    Login or Signup to reply.
  2. 0

    There is not a more standard way. You have described the standard way.

    https://learn.microsoft.com/en-us/aspnet/web-api/overview/security/external-authentication-services

    In short:

    -Web client requests authentication from YOUR web api.
    -YOUR web api replies to the web client to redirect to the identity provider to authenticate (google).
    -Web client authenticates with identity provider, auth token is returned.
    -Web client sends auth token to YOUR web api.
    -YOUR web api uses that token to either continue authentication for requests, or generate a YOUR web api specific token that is returned to the client and used for subsequent requests

    In an OAuth2 Authorization setup a 1 time use token is returned to the web client, which then sends it to YOUR web api. YOUR web api uses that one time use token to request additional user identity information from the identity provider (google).

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search