Asp.net Core Identity 2.0 Google Logout

Question

I have started looking into Google signin and have added the normal provider as such.

ddGoogle(go =>
            {
                go.ClientId = "xxxxx";
                go.ClientSecret = "-xxxxx";
                go.SignInScheme = IdentityConstants.ExternalScheme;
            });

My test method just to get it started looks like this

public ActionResult TestGoogle()
{
    var redirectUrl = Url.Action(nameof(ExternalCallback), "Account", new { ReturnUrl = "" });
    var properties = _signInManager.ConfigureExternalAuthenticationProperties("Google", redirectUrl);
    return Challenge(properties, "Google");
}

All well and good I go to google Log in and get redirected with all required claims as expected.

The issue is when I call _signInManager.SignOutAsync() which does not seem to do anything. No errors, yet when I go back to my TestGoogle action I am redirected with all credentials to the callback.

Anything I am missing?

Answer 1

In your Logout Action add this code

return Redirect("https://www.google.com/accounts/Logout?continue=https://appengine.google.com/_ah/logout?continue=[[your_return_url_here]]");

Answer 2

This is how I configured my code:

Configure 2 Cookies, one (MainCookie) for local login and second (ExternalCookie) for google.

services.AddAuthentication("MainCookie").AddCookie("MainCookie", options =>
        {

        });

services.AddAuthentication("ExternalCookie").AddCookie("ExternalCookie", o =>
        {

        });

Configure google authentication as shown below:

  services.AddAuthentication(
            v =>
            {
                v.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                v.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            }).

            AddGoogle("Google", googleOptions =>
         {
             googleOptions.ClientId = "xxx...";
             googleOptions.ClientSecret = "zzz...";
             googleOptions.SignInScheme = "ExternalCookie";
             googleOptions.Events = new OAuthEvents
             {
                 OnRedirectToAuthorizationEndpoint = context =>
                 {
                     context.Response.Redirect(context.RedirectUri + "&hd=" + System.Net.WebUtility.UrlEncode("gmail.com"));

                     return Task.CompletedTask;
                 }
             };
 });

TestGoogle() Method will redirect you to google login page.

You can then get the claims from google back like so:

 public async Task<IActionResult> ExternalLoginCallback(string returnUrl = null, string remoteError = null)
    {
       var info = await HttpContext.AuthenticateAsync("ExternalCookie");

        //Sign in to local cookie and logout of external cookie
        await HttpContext.SignInAsync("MainCookie", info.Principal);
        await HttpContext.SignOutAsync("ExternalCookie");
        //ExternalCookie will be deleted at this point. 
        return RedirectToLocal(returnUrl);
    }

If you want to now want to authenticate any method, you can do so as shown below:

     [Authorize(AuthenticationSchemes = "MainCookie")]
     public async Task<IActionResult> Contact()
    {
       //Only authenticated users are allowed.
    }