in Software Development

Google+ OAuth Sign In for ASP.NET Identity

A few months ago I wrote a blog post on how to add a Google+ sign in for ASP.NET MVC 4.  With the release ASP.NET MVC 5 the whole authentication system has been overhauled and the ASP.NET team has introduced ASP.NET Identity, which has built-in support for external authentication providers.  The list of external authentication providers which are included out of the box includes Google, but this is based on OpenID and not OAuth, which is fine if all you want to use it for is authentication.  Sadly however this is problematic if you want to use the user’s authentication token to make calls to the Google+ API – for that you will need a Google+ OAuth provider.   Since no one else seems to have taken up the call to develop a Google+ OAuth provider for ASP.NET Identity, I decided to see what I can do.

[av_notification title='Please note' color='green' border='' custom_bg='#444444' custom_font='#ffffff' size='large' icon_select='yes' icon='ue81f' font='entypo-fontello']

I like the path of least resistance, and do not suffer too badly from the “not invented here” syndrome. The code for the Google+ OAuth provider I wrote is almost an exact copy of the code developed by the OWIN team for the standard Facebook OAuth provider.  I do not claim any level of cleverness or credit for this code, other than shamelessly copying it and adapting it to work with Google+

The original work from Microsoft is located at http://katanaproject.codeplex.com/.  As it is open source I will see what I can do to integrate my work into theirs.  For now I just wanted to get something out which people can use.
[/av_notification]

A quick rundown of what I have done

This blog post is actually a combination of a bunch of stuff I did in previous blog posts.  As noted above there was absolutely no genius involved on my side as far as the development of the actual OWIN OAuth provider goes.  I copied the work which Microsoft had done on the Facebook provider and adapted it for Google+.  Having done a LOT of OAuth work over the past year I understand more or less how the whole OAuth process works (I think).  I have walked through the Google+ OAuth sign in process in a previous blog post so if you have a need to understand that please go and read that blog post.  Also have a look at Google’s own documentation on how the OAuth 2.0 flow works.

To give the button the Google+ look and feel, you can refer to my blog post on Pretty social login buttons for ASP.NET MVC 5.

Last month I wrote a blog post on how to access the Twitter OAuth token, and I used the same technique in the demo project to store and retrieve the Google+ OAuth token.  I then use this token on the home page to extract the Google+ user information and do a raw dump of the JSON output.  It is not pretty but it should give you a good enough idea of how to store and extract the OAuth token and then use that to call the Google+ API.

How to use it

Well, to use it is pretty straight forward.   Here are the steps:

1. First of all you will need a Client ID and Client Secret and for that you need to register an app in the Google Cloud Console.  I am not going to run through this process step by step, so please refer to the Google documentation for that.  You can also refer to that previous blog post of mine for a more step-by-step walk through.  That blog post described how to do it in Google API Console, which is now replaced with the Google Cloud Console, but it should be similar enough to follow.

Please note that you will need to register your Redirect URI in Google Cloud Console to point to the URL signin-googleplus, as displayed in the screenshot below:

Capture

2. Next you need to install the NuGet package I published into your project:

Capture

3.  Lastly alter your Startup.Auth.cs file to enable the Google+ authentication provider.

Source code and how to contribute

This was a quick job and works in my testing.  You can refer to the source code located at https://github.com/beabigrockstar/GooglePlusAuthProvider to look at the demo project.  If you have any issues with the provider please feel free to fork the project and submit a pull request.

Enjoy :)

  • http://sampathloku.blogspot.com/ Sampath Lokuge

    Nice.Thanks for share with us :)

    • http://www.beabigrockstar.com/ Jerrie Pelser

      My pleasure :)

  • linart

    Great! Thanks!

    • http://www.beabigrockstar.com/ Jerrie Pelser

      Pleasure :)

  • Nick Young

    Hey Jerrie, thanks for the code. It works great on communicating with Google. I can’t seem to get it to store any claims in the Identity tables. I’ve stepped through the code, and I can see that I am getting the right info from Google, and in the code it hits the AddClaim blocks, but when I look in the database, there is nothing in the table. Any ideas?

    Thanks,
    Nick

  • Reynier Jardines Casas

    Google Error:invalid_client, i have checked the id and secret so many times that my eyes are bleeding :)

    • Reynier Jardines Casas

      Fixed. The error ocurr when you have not setted an email in the Consent Screen in Google Console

  • Petr Tichý

    Didn’t find this anywhere else – you need to have Google+ API enabled in Google Cloud Console. This one is not enabled during app creation and has to be enabled manually. Otherwise you end up getting null while calling AuthenticationManager.GetExternalLoginInfoAsync() (internally receiving HTTP 403 on getting Google+ Person Info) like me and spending hours trying to find out why.

    Also, Google documentation states, that scope “https://www.googleapis.com/auth/userinfo.email” is deprecated and should be replaced by “email” scope. And also it is recommended include scope “profile”.

    Anyway – good job on this one, hope it will be part of standard OWIN distribution.

    • http://www.beabigrockstar.com/ Jerrie Pelser

      Hi, thanks pointing out the enablement of Google+ API. This code has since been taken over by the OWIN team and will indeed form part of the standard OWIN distribution. They also changed it to be a general Google OAUTH2 provider and not specific to Google+