I am attempting to get an access token to use with google's gmail apis. I was hoping to use the built in asp.net core authentication for this.
I want to use the authorization code flow.
In my first application I was getting the google authorization code from redirecting to the google token endpoint in my javascript code when the user clicked on a button:
function getCode(){
let uri = "https://accounts.google.com/o/oauth2/auth";
uri += "?";
uri += "";
uri += "&redirect_uri=http://localhost:8080/auth";
uri += "&scope=https://mail.google.com/ https://www.googleapis.com/auth/userinfo.profile";
uri += "&response_type=code";
uri += "&response_mode=form_post";
uri += "&state=qu7kti2m4ar";
window.location.href = uri;
}
Then the user would be presented with the consent screen to authorize my app to their gmail.
At which point I instructed google to redirect them to my "/auth" endpoint. Which I have a controller method waiting for google to respond here:
[Route("/auth")]
public async Task<IActionResult> AuthAsync()
{
string token = _adapter.GetSaveTokenAsync(Request).Result;
await _adapter.LoginUser(token);
return View("_Auth");
}
The GetSaveTokenAsync reads the token from the Request body.
The LoginUser method makes a call to the google token endpoint with my secret and the code, to get an access token, which I can use on the google apis to get the users infromation.
I am attempting to implement this with the Asp.Net authentication so that it handles things like settings cookies, antiforgery, saving the user to local db, etc.
I followed along with this document: https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/google-logins?view=aspnetcore-7.0
This is where I set up the service in my Program.cs:
builder.Services.AddAuthentication()
.AddGoogle(options =>
{
options.ClientId = configuration["googleClientId"];
options.ClientSecret = configuration["googleClientSecret"];
options.CallbackPath = "/auth";
options.Scope.Add("https://mail.google.com/");
});
It is effectively logging in the user when I click the login button. But my endpoint is not getting hit on the redirect - the /auth
Here is my controller:
[Route("/auth")]
public IActionResult Auth()
{
Console.WriteLine("made it to auth");
return View();
}
When I make a request to this endpoint directly in my browser (localhost:5001/auth) I get: Exception: The oauth state was missing or invalid.
Mapping the controllers here:
app.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
app.MapRazorPages();
I notice when I click the login, my consent screen doesn't open up asking to allow my app to read, edit, etc. my gmail files. Which is what my app is set up to do.
I am a little confused on what the Google Authentication in Asp.Net core is doing. Why is it just logging in and routing to my index method. It looks like this is just for signing in, but it doesn't look like it is using OpenId. Doesn't seem like the authorization code flow is being used and that this is almost like a client credential flow. Is the authorization code flow possible with asp.net core identity/ authorization?
There is a post here that seems related refereing to using the Identity Server Nuget Package but when I click the links I get 404s. I went to the Nuget Package here: https://www.nuget.org/packages/IdentityServer4, went to the github, and the documentation links there are also giving me 404s.