skip to Main Content

I’m adding external logins to my MVC app. I’ve successfully added “Login with Facebook” but I have an issue with Google because my callback endpoint receives

access denied

Here is what I’ve done:

  1. In console.developers.google.com I’ve added my URLs to Authorised JavaScript origins and Authorised redirect URIs and I’ve enabled Google+API
  2. I’ve added my GoogleClientId and GoogleClientSecret to my Startup file
  3. I’ve updated Microsoft.Owin.Security.Google to the lastest version 4.0.1

What I’m missing here?

2

Answers


  1. Chosen as BEST ANSWER

    I've managed to fix the problem by implementing my own provider.

    First, I've been on github to get the files of Microsoft.Owin.Security.Google

    I've added those files to my project, changed the userInfoEndPoint:

    //private const string UserInfoEndpoint = "https://www.googleapis.com/plus/v1/people/me";
    private const string UserInfoEndpoint = "https://www.googleapis.com/userinfo/v2/me";
    

    It is actually helpful as you can add/remove any scope/fields that you want and decide which type the claim will have. In my case, I've edited each handler (facebook, google, linkedin and microsoft) to populate the claims the same way. So if I want the firstName of the user I know that the claim type will be ClaimTypes.GivenName no matter what the provider is. Hopefully it makes sense :D


  2. Just to compare with what I have on a project:

    • startup – init with client Id and Secret (see below)
    • On google console:
      • JS origins is blank
      • Authorized redirect URIs: [my website url]/signin-google (don’t forget to add http and https versions here if you’re not strictly on one of those.
      • Oauth Consent Screen – Authorized domains – add in the used domain names (no http/s needed here)
      • APIs – Google+ API

    This works for me. The only other thing I’d check is that your startup has values for the client id and secret…for example if it can’t find them via whichever config setup you’re using.

    My Startup:

    public void ConfigureServices(IServiceCollection services)
    {
        ...
        services.AddAuthentication().AddGoogle(googleOptions =>
        {
            googleOptions.ClientId = Configuration["YOUR-CLIENT-ID"];
            googleOptions.ClientSecret = Configuration["YOUR-SECRET"];
            googleOptions.Scope.Add("...I have some additional scopes here...");
            googleOptions.SaveTokens = true; //additional to my setup
            googleOptions.AccessType = "offline"; //additional to my setup
            googleOptions.AuthorizationEndpoint += "?prompt=consent"; //additional to my setup
        });
        ...
    }
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search